Skip to content

D
dev.biuro
Commit 7b95dcb4 authored by Simon's avatar Simon
Browse files
Options

pre letsencrypt run

parent ed73a0dc
Show whitespace changes
Inline Side-by-side
Showing with 149 additions and 104 deletions
certs/fullchain.pem
View file @ 7b95dcb4
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISA527K1tZEm232FsnoR+w5SwxMA0GCSqGSIb3DQEBCwUA MIIFazCCBFOgAwIBAgISBPJOzkDJPv63XGU54Fp34WwOMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTEyMTAxMTUyMjZaFw0y ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA0MDcwNTQwMDFaFw0y
MDAzMDkxMTUyMjZaMBcxFTATBgNVBAMTDGRldi5iaXVyby5sdDCCASIwDQYJKoZI MDA3MDYwNTQwMDFaMBcxFTATBgNVBAMTDGRldi5iaXVyby5sdDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBAJ0bKNn8dCEf2NjvPUqJt99+fOO0HrKKQKkI hvcNAQEBBQADggEPADCCAQoCggEBAKvGrsBnw9+jn84XsbPRi2cQkysnAQ0C/3yi
fB1JySiI3+ZopU39dEK0S48256VNRF2Vm1qOmO1GcMIeClnYg0VI1eHiKxJTkU8a 9X+GF5SyE8IKsZGZlWTVGEx2cwOojjoGPLiG64m5RpWFDEBs2mgDdpr6mAWgSmfr
3GuycIpVjC6e51MfU0vO/y0c1VEDadi1bYmr2hXMoT8/lnbhUcpD9ETgqhQg1hb4 gudt88qLm1zIWKisRzZX57FbjrMRjYfvR419/5P8jkYlpm8INDH1dzn0Hk7ufdXE
dxkCeLtmTmQbkuOhhBXl0CmzglQyxLxL7BPaDT4TzyZ3l+rFhr0NFileSTZJFVOs pCYl0wsChNmaSwkyFKxeUJwX/bScgIcrSLOeqosjdW543o+awZYBJ48bYRELgD8w
if8Je8TTz3fcuz4DCg6BRSYiby28rIIVAyDm6lydKD3HSMP7UkQ5jCKGcWZIurW/ kOO75H3cQ5vqS0zZgw1Xc10Iy5Bx/eNGqb+G5VZQJZ+Iady5wwFSRWFhJNysa4Mk
5aqEID4udIFgFjNwzTP81kbq0tFN3IeNRbFFrZecalY6uR+cCqUCAwEAAaOCAn4w ouyiVu3KJw7Vqzv0RiDy3fwYajtNmuLIrJlv/GUuLWfCj8uoWRECAwEAAaOCAnww
ggJ6MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH ggJ4MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUPLRiJiPTskTE6ZC0Z1YGY9uwtJgw AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUV9H2DKgTOdzwtIXKI/TEvGnwVuYw
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBh HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBh
MC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn MC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
MC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3Jn MC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzAzBgNVHREELDAqggxkZXYuYml1cm8uZWWCDGRldi5iaXVyby5sdIIMZGV2LmJp LzAzBgNVHREELDAqggxkZXYuYml1cm8uZWWCDGRldi5iaXVyby5sdIIMZGV2LmJp
dXJvLmx2MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYI dXJvLmx2MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgwJgYI
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBBQYKKwYBBAHW KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBAwYKKwYBBAHW
eQIEAgSB9gSB8wDxAHYAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMA eQIEAgSB9ASB8QDvAHUA5xLysDd+GmL7jskMYYTx6ns3y1YdESZb8+DzS/JBVG4A
AAFu794vjQAABAMARzBFAiEA06FDD7w6kPZNDQaSSuo5hGwbyVCHGz0f6y+ws11C AAFxU13/HwAABAMARjBEAiASxpnYr7xmoOQToY6f6R5OU30QsTt8iG4WuHDRTFnF
LeUCIFUSccc7x9Uq7ssicmFhII4p26a8pArIgpkLWyHI76JQAHcAB7dcG+V9aP/x aQIgY6exXhfSBrWtIlDl3KxtbXy4rAcNOAVxklZe5+26SX8AdgCyHgXMi6LNiiBO
sMYdIxXHuuZXfFeUt2ruvGE6GmnTohwAAAFu794vtQAABAMASDBGAiEA8Tip7Tgn h2b5K7mKJSBna9r6cOeySVMt74uQXgAAAXFTXgEJAAAEAwBHMEUCIQDrjTlI1I3F
NY4gDaAyulKOMcpHH0IjLoFLlteDpqYMS3cCIQCW/xDQcItaBdcfcnWqmDgn37e5 FYELb51Djwrx+f4ZGkHyK+nxcWIJWtxAkgIgeOPYFpzl0krMhfhpNRf9f3RsFnko
ZZ8vYhcgv5S9ECu9LzANBgkqhkiG9w0BAQsFAAOCAQEAg4oXLWfiNNkOdA7L+ieO 5ydnJWOZMSaLYNowDQYJKoZIhvcNAQELBQADggEBAB300CwiUzJFT9I+EFH32CVn
3Ff9DVmBfxXuqacUpBMjMTj4V5oiIm6uiYNQExfTXCgBFKmSiPf2z72sNdRXzY7O qAXKzJwkqxTZtu88bfIcv5Chmioq2j78sS+1IY4APA4mU9YxHZMxatW2yMKeFCxU
5ozfG5QWTcsTw1u+6+w6o0vP5Gg9bTLGmiY3Q0v00goUW53JXzdqBDy3F8KUIHzZ JS7JGkWcXkypMqhfGSG90S2MAbCguuYrk9zEaCSg9mIfVBJQvAdOCCqZZUsaWJx5
NX1YLD4ywCGh4vN0LLishundH3BVwpTyItwcOCidCftTNtTtr83Hrn2EVXkAQ+n2 rcEgAwLvTD0BW54wmg3JptCGWzQhCsUVuA6xLVuv8Zb8QcFQfZg9sxWrtF5OA8vy
T5vO+f6VNKAr4rNi66ry2sRT707m7VAuPFezKCEAIawDRS3cQc9Ca12tcV1nkBJF kYuNVwrZAB2exZb0DVclWkS05uNrxT3Ba3yKvrRSCfJb/uM/lo3Rqr05UvE9P64H
Z0bFjwBP3OPP2KhB9kyrcjv5eqN3EkiyDvdOcuj+gvXc5o24EloDSnhanbea3DTn lN9bHJVJZr78fGX2l1ZaeO9JoWgQX2Jrto9zl7wnashBbcfsSUKt2qIcZPOsRps=
ew==
-----END CERTIFICATE----- -----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
......
certs/private.key
View file @ 7b95dcb4
-----BEGIN PRIVATE KEY----- -----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCdGyjZ/HQhH9jY MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCrxq7AZ8Pfo5/O
7z1KibfffnzjtB6yikCpCHwdSckoiN/maKVN/XRCtEuPNuelTURdlZtajpjtRnDC F7Gz0YtnEJMrJwENAv98ovV/hheUshPCCrGRmZVk1RhMdnMDqI46Bjy4huuJuUaV
HgpZ2INFSNXh4isSU5FPGtxrsnCKVYwunudTH1NLzv8tHNVRA2nYtW2Jq9oVzKE/ hQxAbNpoA3aa+pgFoEpn64LnbfPKi5tcyFiorEc2V+exW46zEY2H70eNff+T/I5G
P5Z24VHKQ/RE4KoUINYW+HcZAni7Zk5kG5LjoYQV5dAps4JUMsS8S+wT2g0+E88m JaZvCDQx9Xc59B5O7n3VxKQmJdMLAoTZmksJMhSsXlCcF/20nICHK0iznqqLI3Vu
d5fqxYa9DRYpXkk2SRVTrIn/CXvE08933Ls+AwoOgUUmIm8tvKyCFQMg5upcnSg9 eN6PmsGWASePG2ERC4A/MJDju+R93EOb6ktM2YMNV3NdCMuQcf3jRqm/huVWUCWf
x0jD+1JEOYwihnFmSLq1v+WqhCA+LnSBYBYzcM0z/NZG6tLRTdyHjUWxRa2XnGpW iGncucMBUkVhYSTcrGuDJKLsolbtyicO1as79EYg8t38GGo7TZriyKyZb/xlLi1n
OrkfnAqlAgMBAAECggEAPnFNC1cL0R6XUaHE+ptCOdJMUTSF/vB0Qrrcmcd57GJ6 wo/LqFkRAgMBAAECggEAKYbVLU+Ik1KnqfehbqLMTCS+J1L9Fouwfw2YQvWEUt7A
m1l8WkMismB2p7Vq3IiZY5jS5mtG3QfiSUUnWA52HlOUrvL1q5MLbiV+9k8168WU FwtlxRi3fJJlluqVwH8prw5d9JAtdfSUA0aQYSzPmhCoRiwpv0ZyZnARi+hRZRhd
sfL2flM1CCx9v7B2GH0C1N9HajCjvYZXkIv1gcqMd5gKvlWNQ/LJJNgcfhQ9aD3h /U6z3EcVyiXzLbXAKDsol4G5rxOUS07liEDG3RXDJIa+hYSmJRfT1O9+bXh8bi8O
4NSy76NTSifAFYH6Uj6vujKCffGOGTveMW61Om/pwTw4T9QOiTk7G8CX/70mI5Nd wPVgAmhhnfD6RBWvgs3e1tEmQIolB1PSaoNrkiGtHRm+ulZPRr1QVgf9S2FjdDo8
Vq+HNXJXBKZoPj+OCfn9ipGhmsqUDKoCvdMaRposXUZut8OzT1Cp+nXUDENhB9MT 2hJkWim2WOPVCEe2+EMczgV4LVb1viEEpleeU+ms7lZGEx1nS5O+JVjKl2C8QKjE
otvwrn2Z320nSH1ueJVg012Q8ns0ijsJrengOoWtAQKBgQDQaouAbH4/7OIK+xxx QbmxgzdbKJsxVbvwbjkd4Z4LZdp5ShL+dt5xenVuCQKBgQDZVsnxqtN9QGqRF1cF
dmJYBZDDwlotOqtbz6IXOU3t7UQfezcU2688n/M4TCxRb0XS9lriPkB/40lSozSD eFHN4x9lEKVjR3W8Lvmb8C+NWqm0i5boRUDr3hpgK8iELA814LQsJ7OKQAbyPol/
n94I3MtpUbU39RV+vwZkSXBOFNPBn6xPlyydBCNg2eAIhTOKBg9aaz4+DUUZjba6 zb05E2L98cnocbEPQSztw8u4i8/PBz9a5dMn4d10npiDYTvU+paVGqCRa0JsCUQJ
B8qhDuMR2rLoQrj690l0NnEkwwKBgQDA+afHkpg66Eb4yU1RdDZNVYec1bSXkrhq VMvXgzmyy0bNh0/dj7ukmy2hZQKBgQDKVQtLTnrV2eXltxY+AZE5sd6tiVMTW2rN
t5JzFHuk6JJN/enk0CVwtkg4iSR/jjpSQ71O4uPA+s+46bFqhFsbHASbQn6aRjZe F8A/HZfL2Kqsjy3ObMGeZlUxfwoCHcLKwE4qguumNWChoJb6xt2RGJibDxZVG0Fy
4ettWLDiTbgSO+jN91OIg2HhQaEhrSVq5SXFHUke57/ZIUFk/k9nurmSB4PrpY+V bmoEI7kurVUVeGFU9tLnArhcZJb5DbcIPKiUF3kCPqWxYM4O3QeIsQlhfj7IuQol
VkJFLpz8dwKBgQCPOTjGt0gHTBWGsEw6mL06ehCixnPL8y6BOG3Ogd3Q7KVM8RLI 5lg0SCkUPQKBgQCXkumf+20nqycnLUnpbLJQjpe0mlld1daMeY5nbKkdQh+c5MVI
LbP9+HlfLdGi4NHeCNgp89fFSv8/X9KdxYYDFyBeLv1XCACOil2tG16m+d8Ph1gV FBRk6y8l5yMe2sN45c+CA+Y5AtJVW7v1P/05swWU6W3RCIldhCzbXXPUrt0tG3bZ
lfDdslNRokg38rmZV1LDs0EhyWK8DcwNiX8xMRbQVTdvLzMJnFiJGUSlmwKBgQCL 4/LRm7ogvQLMjaF2tZUTQ9C72jwmsIecomDPWpuA0Df+2uGeOcG52OeH6QKBgQCG
SOdf9iBojFUFpw5ml3HGWdCbU+iYaq8vX7aV15fzDGblYjsbC12qv/baz6oHY1oX gE5Hu13wty8aq8D/ay9NOS6cEcPGBGlU+Ur1Kgj0m42ptGxw4t87Gy/a/WZ7zajl
HIucT8nB9YZO2mZTEptLsupkQhdtNPZzf69U6mopvZz5lEJRv42Mf//6/UrXKslS +zx7Chj4nlckWorDHlu/zqfzu+3OmZXCKiATrGO34cXDxgh94K6GnspLsRqjaTiZ
IXkkkCHB69YeW5F+2svne/ALRd9jC8naKTuGAcIPuwKBgCWU+cWjp5wj/pmx1mtK Iym1eH0avuaKqZ2RR+FwPq/LvY6jBE74rs1HxAh6yQKBgQCtSUrq9IViNaFF6aWF
egNUzCCDIHYfnPN5R+Jmw1EJyZWkdUWxgFjuJemTJnyUp2k52E/YKILi5cEs+HHN Ehv5nZuDQVBi7X3mIMnlgjgQHm7DQz+co0KdbtdUrf+2mwk5jKUza8KpzxtsgKU7
dPrI60EGN4ZQSwFXrSLNbFHzhrcWaknUsEBIOVJWGs/UTO712088eiTCsMAjZUGF mwEoNefLh4B/qhA9ggWi+Z4vkR9O/FpCnH/Xp8SiDrmpxs0NTZxZf6nftJE2FqbA
klUVZugxtNPSqXfvkE2zKXVF AoiMXlh4+KXaT187SioNDnnTMw==
-----END PRIVATE KEY----- -----END PRIVATE KEY-----
docker-compose.yml
View file @ 7b95dcb4
...@@ -80,8 +80,11 @@ services: ...@@ -80,8 +80,11 @@ services:
- ./nginx/cache:/var/cache/nginx - ./nginx/cache:/var/cache/nginx
- ./logs/nginx:/var/log/nginx - ./logs/nginx:/var/log/nginx
- ./certs:/etc/letsencrypt - ./certs:/etc/letsencrypt
- ./certs-data:/data/letsencrypt - ./certs-data:/data/letsencrypt
# - ./data/certbot/conf:/etc/letsencrypt
# - ./data/certbot/www:/var/www/certbot
- ./wp-content/plugins:/var/www/html/wp-content/plugins - ./wp-content/plugins:/var/www/html/wp-content/plugins
...@@ -93,14 +96,26 @@ services: ...@@ -93,14 +96,26 @@ services:
links: links:
- wordpress - wordpress
restart: always restart: always
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot
restart: unless-stopped
volumes:
- ./certs:/etc/letsencrypt
- ./certs-data:/data/letsencrypt
command:
- ./docker/cron-jobs/init-letsencrypt.sh
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 24h & wait $${!}; done;'"
# # - ./data/certbot/conf:/etc/letsencrypt
# # - ./data/certbot/www:/var/www/certbot
wordpress-cli: wordpress-cli:
image: ${IMAGE_WORDPRESS_CLI} image: ${IMAGE_WORDPRESS_CLI}
user: "${UID}:${GID}" user: "${UID}:${GID}"
container_name: "${PROJECT}-wordpress-cli" container_name: "${PROJECT}-wordpress-cli"
# environment:
# - APACHE_RUN_USER="www-data"
# - APACHE_RUN_GROUP="www-data"
links: links:
- wordpress - wordpress
- mysql - mysql
...@@ -118,57 +133,6 @@ services: ...@@ -118,57 +133,6 @@ services:
- './wp-init.sh:/usr/local/bin/wp-init.sh' - './wp-init.sh:/usr/local/bin/wp-init.sh'
command: command:
- wp-init.sh - wp-init.sh
# command: >
# /bin/sh -c '
# sleep 120;
# echo "WP CLI init";
# wp core update --force;
# wp core update-db --network;
# # wp option update permalink_structure "/%postname%/" --skip-themes --skip-plugins;
# # wp option update timezone_string "Manual Offsets/UTC+2";
# # wp option update date_format "Y-m-d";
# # wp option update time_format "H:i";
# wp plugin install loco-translate --version=2.3.0 --activate-network;
# wp plugin update loco-translate --version=2.3.0;
# wp plugin install pods --version=2.7.15 --activate-network;
# wp plugin update pods --version=2.7.15;
# wp plugin install polylang --version=2.6.4 --activate-network;
# wp plugin update polylang --version=2.6.4;
# wp plugin install wordpress-seo --version=12.2 --activate-network;
# wp plugin update wordpress-seo --version=12.2;
# wp plugin update akismet --version=4.1.2;
# wp plugin uninstall hello;
# # wp plugin activate akismet --network;
# # wp plugin activate biuro-contacts --network;
# # wp plugin activate biuro-feedbacks --network;
# # wp plugin activate biuro-html --network;
# # wp plugin activate biuro-sections --network;
# # wp plugin activate biuro-services --network;
# # wp plugin activate biuro-values --network;
# # wp plugin activate cookies-warning --network;
# # wp plugin activate data-controller --network;
# # wp plugin activate jobs-importer --network;
# # wp theme update --all;
# # wp theme activate biuro;
# wp theme delete twentynineteen
# wp theme delete twentyseventeen
# wp theme delete twentysixteen
# wp language core update;
# wp language theme update --all;
# wp language plugin update --all;
# echo "WP CLI done. Ready to use.";
# '
networks: networks:
front: front:
......
init-letsencrypt.sh 0 → 100644
View file @ 7b95dcb4
#!/bin/bash
if ! [ -x "$(command -v docker-compose)" ]; then
echo 'Error: docker-compose is not installed.' >&2
exit 1
fi
# domains=(example.org www.example.org)
domains=(dev.biuro.lt dev.biuro.lv dev.biuro.ee)
rsa_key_size=4096
# data_path="./data/certbot"
data_path="./certs"
email="simonas.cereska@biuro.eu" # Adding a valid address is strongly recommended
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
if [ -d "$data_path" ]; then
read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
exit
fi
fi
if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
echo "### Downloading recommended TLS parameters ..."
mkdir -p "$data_path/conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
echo
fi
echo "### Creating dummy certificate for $domains ..."
path="/etc/letsencrypt/live/$domains"
mkdir -p "$data_path/conf/live/$domains"
docker-compose run --rm --entrypoint "\
openssl req -x509 -nodes -newkey rsa:1024 -days 1\
-keyout '$path/privkey.pem' \
-out '$path/fullchain.pem' \
-subj '/CN=localhost'" certbot
echo
echo "### Starting nginx ..."
docker-compose up --force-recreate -d nginx
echo
echo "### Deleting dummy certificate for $domains ..."
docker-compose run --rm --entrypoint "\
rm -Rf /etc/letsencrypt/live/$domains && \
rm -Rf /etc/letsencrypt/archive/$domains && \
rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
echo
echo "### Requesting Let's Encrypt certificate for $domains ..."
#Join $domains to -d args
domain_args=""
for domain in "${domains[@]}"; do
domain_args="$domain_args -d $domain"
done
# Select appropriate email arg
case "$email" in
"") email_arg="--register-unsafely-without-email" ;;
*) email_arg="--email $email" ;;
esac
# Enable staging mode if needed
if [ $staging != "0" ]; then staging_arg="--staging"; fi
docker-compose run --rm --entrypoint "\
certbot certonly --webroot -w /var/www/certbot \
$staging_arg \
$email_arg \
$domain_args \
--rsa-key-size $rsa_key_size \
--agree-tos \
--force-renewal" certbot
echo
echo "### Reloading nginx ..."
docker-compose exec nginx nginx -s reload
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment