Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
D
dev.biuro
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Biuro
dev.biuro
Commits
7b95dcb4
Commit
7b95dcb4
authored
Apr 07, 2020
by
Simon
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
pre letsencrypt run
parent
ed73a0dc
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
149 additions
and
104 deletions
+149
-104
fullchain.pem
certs/fullchain.pem
+23
-24
private.key
certs/private.key
+26
-26
docker-compose.yml
docker-compose.yml
+18
-54
init-letsencrypt.sh
init-letsencrypt.sh
+82
-0
No files found.
certs/fullchain.pem
View file @
7b95dcb4
-----BEGIN CERTIFICATE-----
MIIF
bTCCBFWgAwIBAgISA527K1tZEm232FsnoR+w5Swx
MA0GCSqGSIb3DQEBCwUA
MIIF
azCCBFOgAwIBAgISBPJOzkDJPv63XGU54Fp34WwO
MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0
xOTEyMTAxMTUyMjZ
aFw0y
MDA
zMDkxMTUyMjZ
aMBcxFTATBgNVBAMTDGRldi5iaXVyby5sdDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBA
J0bKNn8dCEf2NjvPUqJt99+fOO0HrKKQKkI
fB1JySiI3+ZopU39dEK0S48256VNRF2Vm1qOmO1GcMIeClnYg0VI1eHiKxJTkU8a
3GuycIpVjC6e51MfU0vO/y0c1VEDadi1bYmr2hXMoT8/lnbhUcpD9ETgqhQg1hb4
dxkCeLtmTmQbkuOhhBXl0CmzglQyxLxL7BPaDT4TzyZ3l+rFhr0NFileSTZJFVOs
if8Je8TTz3fcuz4DCg6BRSYiby28rIIVAyDm6lydKD3HSMP7UkQ5jCKGcWZIurW/
5aqEID4udIFgFjNwzTP81kbq0tFN3IeNRbFFrZecalY6uR+cCqUCAwEAAaOCAn4
w
ggJ
6
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
PLRiJiPTskTE6ZC0Z1YGY9uwtJg
w
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0
yMDA0MDcwNTQwMDF
aFw0y
MDA
3MDYwNTQwMDF
aMBcxFTATBgNVBAMTDGRldi5iaXVyby5sdDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBA
KvGrsBnw9+jn84XsbPRi2cQkysnAQ0C/3yi
9X+GF5SyE8IKsZGZlWTVGEx2cwOojjoGPLiG64m5RpWFDEBs2mgDdpr6mAWgSmfr
gudt88qLm1zIWKisRzZX57FbjrMRjYfvR419/5P8jkYlpm8INDH1dzn0Hk7ufdXE
pCYl0wsChNmaSwkyFKxeUJwX/bScgIcrSLOeqosjdW543o+awZYBJ48bYRELgD8w
kOO75H3cQ5vqS0zZgw1Xc10Iy5Bx/eNGqb+G5VZQJZ+Iady5wwFSRWFhJNysa4Mk
ouyiVu3KJw7Vqzv0RiDy3fwYajtNmuLIrJlv/GUuLWfCj8uoWRECAwEAAaOCAnw
w
ggJ
4
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
V9H2DKgTOdzwtIXKI/TEvGnwVuY
w
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBh
MC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
MC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzAzBgNVHREELDAqggxkZXYuYml1cm8uZWWCDGRldi5iaXVyby5sdIIMZGV2LmJp
dXJvLmx2MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYI
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHW
eQIEAgSB9gSB8wDxAHYAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMA
AAFu794vjQAABAMARzBFAiEA06FDD7w6kPZNDQaSSuo5hGwbyVCHGz0f6y+ws11C
LeUCIFUSccc7x9Uq7ssicmFhII4p26a8pArIgpkLWyHI76JQAHcAB7dcG+V9aP/x
sMYdIxXHuuZXfFeUt2ruvGE6GmnTohwAAAFu794vtQAABAMASDBGAiEA8Tip7Tgn
NY4gDaAyulKOMcpHH0IjLoFLlteDpqYMS3cCIQCW/xDQcItaBdcfcnWqmDgn37e5
ZZ8vYhcgv5S9ECu9LzANBgkqhkiG9w0BAQsFAAOCAQEAg4oXLWfiNNkOdA7L+ieO
3Ff9DVmBfxXuqacUpBMjMTj4V5oiIm6uiYNQExfTXCgBFKmSiPf2z72sNdRXzY7O
5ozfG5QWTcsTw1u+6+w6o0vP5Gg9bTLGmiY3Q0v00goUW53JXzdqBDy3F8KUIHzZ
NX1YLD4ywCGh4vN0LLishundH3BVwpTyItwcOCidCftTNtTtr83Hrn2EVXkAQ+n2
T5vO+f6VNKAr4rNi66ry2sRT707m7VAuPFezKCEAIawDRS3cQc9Ca12tcV1nkBJF
Z0bFjwBP3OPP2KhB9kyrcjv5eqN3EkiyDvdOcuj+gvXc5o24EloDSnhanbea3DTn
ew==
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBAwYKKwYBBAHW
eQIEAgSB9ASB8QDvAHUA5xLysDd+GmL7jskMYYTx6ns3y1YdESZb8+DzS/JBVG4A
AAFxU13/HwAABAMARjBEAiASxpnYr7xmoOQToY6f6R5OU30QsTt8iG4WuHDRTFnF
aQIgY6exXhfSBrWtIlDl3KxtbXy4rAcNOAVxklZe5+26SX8AdgCyHgXMi6LNiiBO
h2b5K7mKJSBna9r6cOeySVMt74uQXgAAAXFTXgEJAAAEAwBHMEUCIQDrjTlI1I3F
FYELb51Djwrx+f4ZGkHyK+nxcWIJWtxAkgIgeOPYFpzl0krMhfhpNRf9f3RsFnko
5ydnJWOZMSaLYNowDQYJKoZIhvcNAQELBQADggEBAB300CwiUzJFT9I+EFH32CVn
qAXKzJwkqxTZtu88bfIcv5Chmioq2j78sS+1IY4APA4mU9YxHZMxatW2yMKeFCxU
JS7JGkWcXkypMqhfGSG90S2MAbCguuYrk9zEaCSg9mIfVBJQvAdOCCqZZUsaWJx5
rcEgAwLvTD0BW54wmg3JptCGWzQhCsUVuA6xLVuv8Zb8QcFQfZg9sxWrtF5OA8vy
kYuNVwrZAB2exZb0DVclWkS05uNrxT3Ba3yKvrRSCfJb/uM/lo3Rqr05UvE9P64H
lN9bHJVJZr78fGX2l1ZaeO9JoWgQX2Jrto9zl7wnashBbcfsSUKt2qIcZPOsRps=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
...
...
certs/private.key
View file @
7b95dcb4
-----BEGIN PRIVATE KEY-----
MIIEv
gIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCdGyjZ/HQhH9jY
7z1KibfffnzjtB6yikCpCHwdSckoiN/maKVN/XRCtEuPNuelTURdlZtajpjtRnDC
HgpZ2INFSNXh4isSU5FPGtxrsnCKVYwunudTH1NLzv8tHNVRA2nYtW2Jq9oVzKE/
P5Z24VHKQ/RE4KoUINYW+HcZAni7Zk5kG5LjoYQV5dAps4JUMsS8S+wT2g0+E88m
d5fqxYa9DRYpXkk2SRVTrIn/CXvE08933Ls+AwoOgUUmIm8tvKyCFQMg5upcnSg9
x0jD+1JEOYwihnFmSLq1v+WqhCA+LnSBYBYzcM0z/NZG6tLRTdyHjUWxRa2XnGpW
OrkfnAqlAgMBAAECggEAPnFNC1cL0R6XUaHE+ptCOdJMUTSF/vB0Qrrcmcd57GJ6
m1l8WkMismB2p7Vq3IiZY5jS5mtG3QfiSUUnWA52HlOUrvL1q5MLbiV+9k8168WU
sfL2flM1CCx9v7B2GH0C1N9HajCjvYZXkIv1gcqMd5gKvlWNQ/LJJNgcfhQ9aD3h
4NSy76NTSifAFYH6Uj6vujKCffGOGTveMW61Om/pwTw4T9QOiTk7G8CX/70mI5Nd
Vq+HNXJXBKZoPj+OCfn9ipGhmsqUDKoCvdMaRposXUZut8OzT1Cp+nXUDENhB9MT
otvwrn2Z320nSH1ueJVg012Q8ns0ijsJrengOoWtAQKBgQDQaouAbH4/7OIK+xxx
dmJYBZDDwlotOqtbz6IXOU3t7UQfezcU2688n/M4TCxRb0XS9lriPkB/40lSozSD
n94I3MtpUbU39RV+vwZkSXBOFNPBn6xPlyydBCNg2eAIhTOKBg9aaz4+DUUZjba6
B8qhDuMR2rLoQrj690l0NnEkwwKBgQDA+afHkpg66Eb4yU1RdDZNVYec1bSXkrhq
t5JzFHuk6JJN/enk0CVwtkg4iSR/jjpSQ71O4uPA+s+46bFqhFsbHASbQn6aRjZe
4ettWLDiTbgSO+jN91OIg2HhQaEhrSVq5SXFHUke57/ZIUFk/k9nurmSB4PrpY+V
VkJFLpz8dwKBgQCPOTjGt0gHTBWGsEw6mL06ehCixnPL8y6BOG3Ogd3Q7KVM8RL
I
LbP9+HlfLdGi4NHeCNgp89fFSv8/X9KdxYYDFyBeLv1XCACOil2tG16m+d8Ph1gV
lfDdslNRokg38rmZV1LDs0EhyWK8DcwNiX8xMRbQVTdvLzMJnFiJGUSlmwKBgQCL
SOdf9iBojFUFpw5ml3HGWdCbU+iYaq8vX7aV15fzDGblYjsbC12qv/baz6oHY1oX
HIucT8nB9YZO2mZTEptLsupkQhdtNPZzf69U6mopvZz5lEJRv42Mf//6/UrXKslS
I
XkkkCHB69YeW5F+2svne/ALRd9jC8naKTuGAcIPuwKBgCWU+cWjp5wj/pmx1mtK
egNUzCCDIHYfnPN5R+Jmw1EJyZWkdUWxgFjuJemTJnyUp2k52E/YKILi5cEs+HHN
dPrI60EGN4ZQSwFXrSLNbFHzhrcWaknUsEBIOVJWGs/UTO712088eiTCsMAjZUGF
klUVZugxtNPSqXfvkE2zKXVF
MIIEv
wIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCrxq7AZ8Pfo5/O
F7Gz0YtnEJMrJwENAv98ovV/hheUshPCCrGRmZVk1RhMdnMDqI46Bjy4huuJuUaV
hQxAbNpoA3aa+pgFoEpn64LnbfPKi5tcyFiorEc2V+exW46zEY2H70eNff+T/I5G
JaZvCDQx9Xc59B5O7n3VxKQmJdMLAoTZmksJMhSsXlCcF/20nICHK0iznqqLI3Vu
eN6PmsGWASePG2ERC4A/MJDju+R93EOb6ktM2YMNV3NdCMuQcf3jRqm/huVWUCWf
iGncucMBUkVhYSTcrGuDJKLsolbtyicO1as79EYg8t38GGo7TZriyKyZb/xlLi1n
wo/LqFkRAgMBAAECggEAKYbVLU+Ik1KnqfehbqLMTCS+J1L9Fouwfw2YQvWEUt7A
FwtlxRi3fJJlluqVwH8prw5d9JAtdfSUA0aQYSzPmhCoRiwpv0ZyZnARi+hRZRhd
/U6z3EcVyiXzLbXAKDsol4G5rxOUS07liEDG3RXDJIa+hYSmJRfT1O9+bXh8bi8O
wPVgAmhhnfD6RBWvgs3e1tEmQIolB1PSaoNrkiGtHRm+ulZPRr1QVgf9S2FjdDo8
2hJkWim2WOPVCEe2+EMczgV4LVb1viEEpleeU+ms7lZGEx1nS5O+JVjKl2C8QKjE
QbmxgzdbKJsxVbvwbjkd4Z4LZdp5ShL+dt5xenVuCQKBgQDZVsnxqtN9QGqRF1cF
eFHN4x9lEKVjR3W8Lvmb8C+NWqm0i5boRUDr3hpgK8iELA814LQsJ7OKQAbyPol/
zb05E2L98cnocbEPQSztw8u4i8/PBz9a5dMn4d10npiDYTvU+paVGqCRa0JsCUQJ
VMvXgzmyy0bNh0/dj7ukmy2hZQKBgQDKVQtLTnrV2eXltxY+AZE5sd6tiVMTW2rN
F8A/HZfL2Kqsjy3ObMGeZlUxfwoCHcLKwE4qguumNWChoJb6xt2RGJibDxZVG0Fy
bmoEI7kurVUVeGFU9tLnArhcZJb5DbcIPKiUF3kCPqWxYM4O3QeIsQlhfj7IuQol
5lg0SCkUPQKBgQCXkumf+20nqycnLUnpbLJQjpe0mlld1daMeY5nbKkdQh+c5MV
I
FBRk6y8l5yMe2sN45c+CA+Y5AtJVW7v1P/05swWU6W3RCIldhCzbXXPUrt0tG3bZ
4/LRm7ogvQLMjaF2tZUTQ9C72jwmsIecomDPWpuA0Df+2uGeOcG52OeH6QKBgQCG
gE5Hu13wty8aq8D/ay9NOS6cEcPGBGlU+Ur1Kgj0m42ptGxw4t87Gy/a/WZ7zajl
+zx7Chj4nlckWorDHlu/zqfzu+3OmZXCKiATrGO34cXDxgh94K6GnspLsRqjaTiZ
I
ym1eH0avuaKqZ2RR+FwPq/LvY6jBE74rs1HxAh6yQKBgQCtSUrq9IViNaFF6aWF
Ehv5nZuDQVBi7X3mIMnlgjgQHm7DQz+co0KdbtdUrf+2mwk5jKUza8KpzxtsgKU7
mwEoNefLh4B/qhA9ggWi+Z4vkR9O/FpCnH/Xp8SiDrmpxs0NTZxZf6nftJE2FqbA
AoiMXlh4+KXaT187SioNDnnTMw==
-----END PRIVATE KEY-----
docker-compose.yml
View file @
7b95dcb4
...
...
@@ -80,8 +80,11 @@ services:
-
./nginx/cache:/var/cache/nginx
-
./logs/nginx:/var/log/nginx
-
./certs:/etc/letsencrypt
-
./certs-data:/data/letsencrypt
# - ./data/certbot/conf:/etc/letsencrypt
# - ./data/certbot/www:/var/www/certbot
-
./wp-content/plugins:/var/www/html/wp-content/plugins
...
...
@@ -93,14 +96,26 @@ services:
links
:
-
wordpress
restart
:
always
command
:
"
/bin/sh
-c
'while
:;
do
sleep
6h
&
wait
$${!};
nginx
-s
reload;
done
&
nginx
-g
\"
daemon
off;
\"
'"
certbot
:
image
:
certbot/certbot
restart
:
unless-stopped
volumes
:
-
./certs:/etc/letsencrypt
-
./certs-data:/data/letsencrypt
command
:
-
./docker/cron-jobs/init-letsencrypt.sh
entrypoint
:
"
/bin/sh
-c
'trap
exit
TERM;
while
:;
do
certbot
renew;
sleep
24h
&
wait
$${!};
done;'"
# # - ./data/certbot/conf:/etc/letsencrypt
# # - ./data/certbot/www:/var/www/certbot
wordpress-cli
:
image
:
${IMAGE_WORDPRESS_CLI}
user
:
"
${UID}:${GID}"
container_name
:
"
${PROJECT}-wordpress-cli"
# environment:
# - APACHE_RUN_USER="www-data"
# - APACHE_RUN_GROUP="www-data"
links
:
-
wordpress
-
mysql
...
...
@@ -118,57 +133,6 @@ services:
-
'
./wp-init.sh:/usr/local/bin/wp-init.sh'
command
:
-
wp-init.sh
# command: >
# /bin/sh -c '
# sleep 120;
# echo "WP CLI init";
# wp core update --force;
# wp core update-db --network;
# # wp option update permalink_structure "/%postname%/" --skip-themes --skip-plugins;
# # wp option update timezone_string "Manual Offsets/UTC+2";
# # wp option update date_format "Y-m-d";
# # wp option update time_format "H:i";
# wp plugin install loco-translate --version=2.3.0 --activate-network;
# wp plugin update loco-translate --version=2.3.0;
# wp plugin install pods --version=2.7.15 --activate-network;
# wp plugin update pods --version=2.7.15;
# wp plugin install polylang --version=2.6.4 --activate-network;
# wp plugin update polylang --version=2.6.4;
# wp plugin install wordpress-seo --version=12.2 --activate-network;
# wp plugin update wordpress-seo --version=12.2;
# wp plugin update akismet --version=4.1.2;
# wp plugin uninstall hello;
# # wp plugin activate akismet --network;
# # wp plugin activate biuro-contacts --network;
# # wp plugin activate biuro-feedbacks --network;
# # wp plugin activate biuro-html --network;
# # wp plugin activate biuro-sections --network;
# # wp plugin activate biuro-services --network;
# # wp plugin activate biuro-values --network;
# # wp plugin activate cookies-warning --network;
# # wp plugin activate data-controller --network;
# # wp plugin activate jobs-importer --network;
# # wp theme update --all;
# # wp theme activate biuro;
# wp theme delete twentynineteen
# wp theme delete twentyseventeen
# wp theme delete twentysixteen
# wp language core update;
# wp language theme update --all;
# wp language plugin update --all;
# echo "WP CLI done. Ready to use.";
# '
networks
:
front
:
...
...
init-letsencrypt.sh
0 → 100644
View file @
7b95dcb4
#!/bin/bash
if
!
[
-x
"
$(
command
-v
docker-compose
)
"
]
;
then
echo
'Error: docker-compose is not installed.'
>
&2
exit
1
fi
# domains=(example.org www.example.org)
domains
=(
dev.biuro.lt dev.biuro.lv dev.biuro.ee
)
rsa_key_size
=
4096
# data_path="./data/certbot"
data_path
=
"./certs"
email
=
"simonas.cereska@biuro.eu"
# Adding a valid address is strongly recommended
staging
=
0
# Set to 1 if you're testing your setup to avoid hitting request limits
if
[
-d
"
$data_path
"
]
;
then
read
-p
"Existing data found for
$domains
. Continue and replace existing certificate? (y/N) "
decision
if
[
"
$decision
"
!=
"Y"
]
&&
[
"
$decision
"
!=
"y"
]
;
then
exit
fi
fi
if
[
!
-e
"
$data_path
/conf/options-ssl-nginx.conf"
]
||
[
!
-e
"
$data_path
/conf/ssl-dhparams.pem"
]
;
then
echo
"### Downloading recommended TLS parameters ..."
mkdir
-p
"
$data_path
/conf"
curl
-s
https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
>
"
$data_path
/conf/options-ssl-nginx.conf"
curl
-s
https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem
>
"
$data_path
/conf/ssl-dhparams.pem"
echo
fi
echo
"### Creating dummy certificate for
$domains
..."
path
=
"/etc/letsencrypt/live/
$domains
"
mkdir
-p
"
$data_path
/conf/live/
$domains
"
docker-compose run
--rm
--entrypoint
"
\
openssl req -x509 -nodes -newkey rsa:1024 -days 1
\
-keyout '
$path
/privkey.pem'
\
-out '
$path
/fullchain.pem'
\
-subj '/CN=localhost'"
certbot
echo
echo
"### Starting nginx ..."
docker-compose up
--force-recreate
-d
nginx
echo
echo
"### Deleting dummy certificate for
$domains
..."
docker-compose run
--rm
--entrypoint
"
\
rm -Rf /etc/letsencrypt/live/
$domains
&&
\
rm -Rf /etc/letsencrypt/archive/
$domains
&&
\
rm -Rf /etc/letsencrypt/renewal/
$domains
.conf"
certbot
echo
echo
"### Requesting Let's Encrypt certificate for
$domains
..."
#Join $domains to -d args
domain_args
=
""
for
domain
in
"
${
domains
[@]
}
"
;
do
domain_args
=
"
$domain_args
-d
$domain
"
done
# Select appropriate email arg
case
"
$email
"
in
""
)
email_arg
=
"--register-unsafely-without-email"
;;
*
)
email_arg
=
"--email
$email
"
;;
esac
# Enable staging mode if needed
if
[
$staging
!=
"0"
]
;
then
staging_arg
=
"--staging"
;
fi
docker-compose run
--rm
--entrypoint
"
\
certbot certonly --webroot -w /var/www/certbot
\
$staging_arg
\
$email_arg
\
$domain_args
\
--rsa-key-size
$rsa_key_size
\
--agree-tos
\
--force-renewal"
certbot
echo
echo
"### Reloading nginx ..."
docker-compose
exec
nginx nginx
-s
reload
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment