From 701f249903b3a32f346314bd68fadeb61b3597a8 Mon Sep 17 00:00:00 2001 From: Valentin Lab Date: Thu, 15 Nov 2018 13:42:21 +0100 Subject: [PATCH] new: [letsencrypt] stop any project docker that blocks port 80 when using ``http`` challenge type. Without this, letsencrypt standalone server can't be accessed from outside, and the challenge will fail. --- apache/lib/common | 2 +- apache/test/vhost_cert_provider | 2 +- letsencrypt/hooks/dc-pre-run | 20 ++++++++++++++++++++ 3 files changed, 22 insertions(+), 2 deletions(-) diff --git a/apache/lib/common b/apache/lib/common index cb21f8b..8cdef50 100644 --- a/apache/lib/common +++ b/apache/lib/common @@ -216,7 +216,7 @@ ssl_plugin_cert-provider_prepare() { options=$(yaml_key_val_str "options" "$cfg") || return 1 service_config=$(yaml_key_val_str "$service" "$options") - compose --debug --add-compose-content "$service_config" run "$service" \ + compose --debug --add-compose-content "$service_config" run --service-ports "$service" \ crt create "$DOMAIN" $(echo "$SERVER_ALIAS" | shyaml -y get-values 2>/dev/null) || return 1 config-add "\ diff --git a/apache/test/vhost_cert_provider b/apache/test/vhost_cert_provider index 4351bef..33cc3fa 100644 --- a/apache/test/vhost_cert_provider +++ b/apache/test/vhost_cert_provider @@ -137,7 +137,7 @@ ssl: RELATIONS=(cert-provider foo a True) apache_vhost_create" "known cert key" noerror -is out reg 'Calling: compose .*foo: options: .*run foo.*' +is out reg 'Calling: compose .*foo: options: .*run --service-ports foo.*' is out part 'config-add | services: | $MASTER_TARGET_SERVICE_NAME: diff --git a/letsencrypt/hooks/dc-pre-run b/letsencrypt/hooks/dc-pre-run index b1370c2..036c2c2 100755 --- a/letsencrypt/hooks/dc-pre-run +++ b/letsencrypt/hooks/dc-pre-run @@ -14,6 +14,7 @@ set -e + service_def=$(get_compose_service_def "$SERVICE_NAME") USER_EMAIL=$(echo "$service_def" | shyaml get-value options.email 2>/dev/null) || { @@ -47,12 +48,31 @@ if environment_def="$(printf "%s" "$service_def" | shyaml -y get-value options.e config+=$(echo -en "\n LEXICON_PROVIDER: $provider") fi + + if ! challenge_type=$(printf "%s" "$service_def" | shyaml get-value "options.challenge-type" 2>/dev/null); then warn "No ${WHITE}challenge-type${NORMAL} provided, defaulting to 'http'." challenge_type=http fi config+=$(echo -en "\n CHALLENGE_TYPE: $challenge_type") + +aimport remainder_args +if [ "$challenge_type" == "http" ] && + [ "${remainder_args[0]}" == "crt" ] && + [ "${remainder_args[1]}" == "create" ] && + ! [ -d "$SERVICE_DATASTORE/etc/letsencrypt/live/${remainder_args[2]}" ]; then + while read container_id; do + docker stop -t 5 "$container_id" + done < <(docker ps \ + --filter label="compose.project=$PROJECT_NAME" \ + --filter publish=80 \ + --format "{{.ID}}" + ) + config+=$(echo -en "\n ports: + - \"0.0.0.0:80:80\"") +fi + init-config-add "$config" mkdir -p "$SERVICE_DATASTORE/etc/letsencrypt"