nginx-proxy-letsencrypt/letsencrypt_service at master · dmp1ce/nginx-proxy-letsencrypt · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#!/bin/bash

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

seconds_to_wait=3600
acme_ca_uri="${ACME_CA_URI:-https://acme-v01.api.letsencrypt.org/directory}"

update_certs() {
    [[ ! -f "$DIR"/letsencrypt_service_data ]] && return

    # Load relevant container settings
    source "$DIR"/letsencrypt_service_data

    reload_nginx='false'
    for cid in "${LETSENCRYPT_CONTAINERS[@]}"; do
        # Derive host and email variable names
        host_varname="LETSENCRYPT_${cid}_HOST"
        # Array variable indirection hack: http://stackoverflow.com/a/25880676/350221
        hosts_array=$host_varname[@]
        email_varname="LETSENCRYPT_${cid}_EMAIL"

        params_d_str=""
        hosts_array_expanded=("${!hosts_array}")
        # First domain will be our base domain
        base_domain="${hosts_array_expanded[0]}"

        # Create directorty for the first domain
        mkdir -p /etc/nginx/certs/$base_domain
        cd /etc/nginx/certs/$base_domain

        for domain in "${!hosts_array}"; do
            # Add all the domains to certificate
            params_d_str+=" -d $domain"
        done
        echo "Creating/renewal $base_domain certificates... (${hosts_array_expanded[*]})"
        /usr/local/bin/simp_le \
             -f account_key.json -f key.pem -f fullchain.pem \
             $params_d_str \
             --email "${!email_varname}" \
             --server=$acme_ca_uri \
             --default_root /usr/share/nginx/html/

        simp_le_return=$?

        if [[ $simp_le_return -eq 0 ]]; then
            for domain in "${!hosts_array}"; do
                # Symlink all alternative names to base domain certificate
                ln -sf ./$base_domain/fullchain.pem /etc/nginx/certs/$domain".crt"
                ln -sf ./$base_domain/key.pem       /etc/nginx/certs/$domain".key"
            done
            reload_nginx='true'
        fi
    done
    unset LETSENCRYPT_CONTAINERS
    if [[ "$reload_nginx" == 'true' ]]; then
        /usr/local/bin/docker-gen -only-exposed /app/nginx.tmpl /etc/nginx/conf.d/default.conf
        nginx -s reload
    fi
}

pid=
trap '[[ $pid ]] && kill $pid; exec $0' EXIT
trap 'trap - EXIT' INT TERM

echo 'Waiting 10s before updating certs...'
sleep 10s

update_certs

# Wait some amount of time
echo "Sleep for ${seconds_to_wait}s"
sleep $seconds_to_wait & pid=$!
wait
pid=