Browse Source

new: [letsencrypt] stop any project docker that blocks port 80 when using ``http`` challenge type.

Without this, letsencrypt standalone server can't be accessed from outside,
and the challenge will fail.
framadate
Valentin Lab 6 years ago
parent
commit
701f249903
  1. 2
      apache/lib/common
  2. 2
      apache/test/vhost_cert_provider
  3. 20
      letsencrypt/hooks/dc-pre-run

2
apache/lib/common

@ -216,7 +216,7 @@ ssl_plugin_cert-provider_prepare() {
options=$(yaml_key_val_str "options" "$cfg") || return 1 options=$(yaml_key_val_str "options" "$cfg") || return 1
service_config=$(yaml_key_val_str "$service" "$options") service_config=$(yaml_key_val_str "$service" "$options")
compose --debug --add-compose-content "$service_config" run "$service" \
compose --debug --add-compose-content "$service_config" run --service-ports "$service" \
crt create "$DOMAIN" $(echo "$SERVER_ALIAS" | shyaml -y get-values 2>/dev/null) || return 1 crt create "$DOMAIN" $(echo "$SERVER_ALIAS" | shyaml -y get-values 2>/dev/null) || return 1
config-add "\ config-add "\

2
apache/test/vhost_cert_provider

@ -137,7 +137,7 @@ ssl:
RELATIONS=(cert-provider foo a True) RELATIONS=(cert-provider foo a True)
apache_vhost_create" "known cert key" apache_vhost_create" "known cert key"
noerror noerror
is out reg 'Calling: compose .*foo: options: <merge_yaml_str\(.a., .12., )>.*run foo.*'
is out reg 'Calling: compose .*foo: options: <merge_yaml_str\(.a., .12., )>.*run --service-ports foo.*'
is out part 'config-add is out part 'config-add
| services: | services:
| $MASTER_TARGET_SERVICE_NAME: | $MASTER_TARGET_SERVICE_NAME:

20
letsencrypt/hooks/dc-pre-run

@ -14,6 +14,7 @@
set -e set -e
service_def=$(get_compose_service_def "$SERVICE_NAME") service_def=$(get_compose_service_def "$SERVICE_NAME")
USER_EMAIL=$(echo "$service_def" | shyaml get-value options.email 2>/dev/null) || { USER_EMAIL=$(echo "$service_def" | shyaml get-value options.email 2>/dev/null) || {
@ -47,12 +48,31 @@ if environment_def="$(printf "%s" "$service_def" | shyaml -y get-value options.e
config+=$(echo -en "\n LEXICON_PROVIDER: $provider") config+=$(echo -en "\n LEXICON_PROVIDER: $provider")
fi fi
if ! challenge_type=$(printf "%s" "$service_def" | shyaml get-value "options.challenge-type" 2>/dev/null); then if ! challenge_type=$(printf "%s" "$service_def" | shyaml get-value "options.challenge-type" 2>/dev/null); then
warn "No ${WHITE}challenge-type${NORMAL} provided, defaulting to 'http'." warn "No ${WHITE}challenge-type${NORMAL} provided, defaulting to 'http'."
challenge_type=http challenge_type=http
fi fi
config+=$(echo -en "\n CHALLENGE_TYPE: $challenge_type") config+=$(echo -en "\n CHALLENGE_TYPE: $challenge_type")
aimport remainder_args
if [ "$challenge_type" == "http" ] &&
[ "${remainder_args[0]}" == "crt" ] &&
[ "${remainder_args[1]}" == "create" ] &&
! [ -d "$SERVICE_DATASTORE/etc/letsencrypt/live/${remainder_args[2]}" ]; then
while read container_id; do
docker stop -t 5 "$container_id"
done < <(docker ps \
--filter label="compose.project=$PROJECT_NAME" \
--filter publish=80 \
--format "{{.ID}}"
)
config+=$(echo -en "\n ports:
- \"0.0.0.0:80:80\"")
fi
init-config-add "$config" init-config-add "$config"
mkdir -p "$SERVICE_DATASTORE/etc/letsencrypt" mkdir -p "$SERVICE_DATASTORE/etc/letsencrypt"
Loading…
Cancel
Save