Skip to content

Commit

Permalink
Support multiple, comma-separated PROXY_ADDRESS values (#50)
Browse files Browse the repository at this point in the history
  • Loading branch information
@arseniybanayev
arseniybanayev authored Jul 27, 2020
1 parent 670e669 commit 814bde3
Showing 1 changed file with 79 additions and 76 deletions.
155 changes: 79 additions & 76 deletions renewAndSendToProxy.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,40 +17,42 @@ TIMEOUT=5
printf "${GREEN}Hello! renewAndSendToProxy runs. Today is $(date)${NC}\n"

# send current certificates to proxy - after that do a certbot renew round (which could take some seconds) and send updated certificates to proxy (faster startup with https when old certificates are still valid)
for d in /etc/letsencrypt/live/*/ ; do
#move to directory
cd $d

#get directory name (which is the name of the regular domain)
folder=${PWD##*/}

#concat certificates
printf "old certificates for $folder will be send to proxy\n"
cat cert.pem chain.pem privkey.pem > $folder.combined.pem

#send to proxy, retry up to 5 times with a timeout of $TIMEOUT seconds

#reset tries to 0
TRIES=0
exitcode=0
until [ $TRIES -ge $MAXRETRIES ]
do
TRIES=$[$TRIES+1]
curl --silent --show-error -i -XPUT \
--data-binary @$folder.combined.pem \
"$PROXY_ADDRESS:8080/v1/docker-flow-proxy/cert?certName=$folder.combined.pem&distribute=true" > /var/log/dockeroutput.log && break
exitcode=$?
if [ $TRIES -eq $MAXRETRIES ]; then
printf "old certificate: ${RED}transmit failed after ${TRIES} attempts.${NC}\n"
else
printf "old certificate: ${RED}transmit failed, we try again in ${TIMEOUT} seconds.${NC}\n"
sleep $TIMEOUT
fi
done

if [ $exitcode -eq 0 ]; then
printf "old certificates: proxy received $folder.combined.pem\n"
fi
echo $PROXY_ADDRESS | tr ',' '\n' | while read proxy_addr; do
for d in /etc/letsencrypt/live/*/ ; do
#move to directory
cd $d

#get directory name (which is the name of the regular domain)
folder=${PWD##*/}

#concat certificates
printf "old certificates for $folder will be send to proxy\n"
cat cert.pem chain.pem privkey.pem > $folder.combined.pem

#send to proxy, retry up to 5 times with a timeout of $TIMEOUT seconds

#reset tries to 0
TRIES=0
exitcode=0
until [ $TRIES -ge $MAXRETRIES ]
do
TRIES=$[$TRIES+1]
curl --silent --show-error -i -XPUT \
--data-binary @$folder.combined.pem \
"$proxy_addr:8080/v1/docker-flow-proxy/cert?certName=$folder.combined.pem&distribute=true" > /var/log/dockeroutput.log && break
exitcode=$?
if [ $TRIES -eq $MAXRETRIES ]; then
printf "old certificate: ${RED}transmit failed after ${TRIES} attempts.${NC}\n"
else
printf "old certificate: ${RED}transmit failed, we try again in ${TIMEOUT} seconds.${NC}\n"
sleep $TIMEOUT
fi
done

if [ $exitcode -eq 0 ]; then
printf "old certificates: proxy received $folder.combined.pem\n"
fi
done
done


Expand All @@ -60,48 +62,49 @@ done
#--no-self-upgrade: revent the certbot-auto script from upgrading itself to newer released versions
/root/certbot-auto renew --no-bootstrap --no-self-upgrade > /var/log/dockeroutput.log

printf "Docker Flow: Proxy DNS-Name: ${GREEN}$PROXY_ADDRESS${NC}\n";

for d in /etc/letsencrypt/live/*/ ; do
#move to directory
cd $d

#get directory name (which is the name of the regular domain)
folder=${PWD##*/}
printf "current folder name is: $folder\n"

#concat certificates
printf "concat certificates for $folder\n"
cat cert.pem chain.pem privkey.pem > $folder.combined.pem
printf "${GREEN}generated $folder.combined.pem${NC}\n"

#send to proxy, retry up to 5 times with a timeout of $TIMEOUT seconds
printf "${GREEN}transmit $folder.combined.pem to $PROXY_ADDRESS${NC}\n"

#reset tries to 0
TRIES=0

exitcode=0
until [ $TRIES -ge $MAXRETRIES ]
do
TRIES=$[$TRIES+1]
curl --silent --show-error -i -XPUT \
--data-binary @$folder.combined.pem \
"$PROXY_ADDRESS:8080/v1/docker-flow-proxy/cert?certName=$folder.combined.pem&distribute=true" > /var/log/dockeroutput.log && break
exitcode=$?

if [ $TRIES -eq $MAXRETRIES ]; then
printf "${RED}transmit failed after ${TRIES} attempts.${NC}\n"
else
printf "${RED}transmit failed, we try again in ${TIMEOUT} seconds.${NC}\n"
sleep $TIMEOUT
fi
done

if [ $exitcode -eq 0 ]; then
printf "proxy received $folder.combined.pem\n"
fi

echo $PROXY_ADDRESS | tr ',' '\n' | while read proxy_addr; do
printf "Docker Flow: Proxy DNS-Name: ${GREEN}$proxy_addr${NC}\n";
for d in /etc/letsencrypt/live/*/ ; do
#move to directory
cd $d

#get directory name (which is the name of the regular domain)
folder=${PWD##*/}
printf "current folder name is: $folder\n"

#concat certificates
printf "concat certificates for $folder\n"
cat cert.pem chain.pem privkey.pem > $folder.combined.pem
printf "${GREEN}generated $folder.combined.pem${NC}\n"

#send to proxy, retry up to 5 times with a timeout of $TIMEOUT seconds
printf "${GREEN}transmit $folder.combined.pem to $proxy_addr${NC}\n"

#reset tries to 0
TRIES=0

exitcode=0
until [ $TRIES -ge $MAXRETRIES ]
do
TRIES=$[$TRIES+1]
curl --silent --show-error -i -XPUT \
--data-binary @$folder.combined.pem \
"$proxy_addr:8080/v1/docker-flow-proxy/cert?certName=$folder.combined.pem&distribute=true" > /var/log/dockeroutput.log && break
exitcode=$?

if [ $TRIES -eq $MAXRETRIES ]; then
printf "${RED}transmit failed after ${TRIES} attempts.${NC}\n"
else
printf "${RED}transmit failed, we try again in ${TIMEOUT} seconds.${NC}\n"
sleep $TIMEOUT
fi
done

if [ $exitcode -eq 0 ]; then
printf "proxy received $folder.combined.pem\n"
fi

done
done

printf "${RED}/etc/letsencrypt will be backed up as backup-date-time.tar.gz. It's important to know that some files are symbolic links (inside this backup) and they need to be untared correctly.${NC}\n"
Expand Down

0 comments on commit 814bde3

Please sign in to comment.