diff --git a/dockerfiles/services/services/deploy_networks.sh b/dockerfiles/services/services/deploy_networks.sh index 97787da..b921251 100755 --- a/dockerfiles/services/services/deploy_networks.sh +++ b/dockerfiles/services/services/deploy_networks.sh @@ -1,18 +1,16 @@ #!/bin/bash -ex -export DOCKER_HOST=dkmanager:2376 +export DOCKER_HOST=${DOCKER_HOST:-dkmanager:2376} -NETWORK=prod -docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK +createIfNeeded() { + NETWORK=$1 + FLAGS=$2 + docker network inspect "$NETWORK" > /dev/null || docker network create $FLAGS --attachable -d overlay "$NETWORK" +} -NETWORK=prod_ui -docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK - -NETWORK=prod_db -docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK - -NETWORK=prod_app -docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK - -NETWORK=prod_cache -docker network inspect $NETWORK > /dev/null || docker network create -d overlay $NETWORK +createIfNeeded prod_tasks +createIfNeeded prod +createIfNeeded prod_ui +createIfNeeded prod_db +createIfNeeded prod_app +createIfNeeded prod_cache diff --git a/dockerfiles/services/sslproxy/cli/certbot/renew b/dockerfiles/services/sslproxy/cli/certbot/renew index 7df6fd0..5fe9fbe 100755 --- a/dockerfiles/services/sslproxy/cli/certbot/renew +++ b/dockerfiles/services/sslproxy/cli/certbot/renew @@ -1,3 +1,4 @@ +#!/usr/bin/env bash set -e LETSENCRYPT_IMAGE=dkregistry.xai-corp.net:5000/xaicorp/acme-certbot @@ -13,7 +14,11 @@ run() { LETSENCRYPT_MOUNT=/opt/shared/letsencrypt-2 fi - update + if $FIX; then + fix + else + update + fi } update() { @@ -31,6 +36,17 @@ update() { renew ${OPTIONS} } +fix() { + export DOCKER_HOST=${DOCKER_HOST:-'home:2376'} + export LETSENCRYPT_MOUNT + export LETSENCRYPT_IMAGE + export CERT_NAME + + echo "Fixing ${ENVIRONMENT}" + + docker run --rm -p80:80 -v $LETSENCRYPT_MOUNT:/etc/letsencrypt $LETSENCRYPT_IMAGE certonly --standalone -n --cert-name $CERT_NAME +} + test_new_certs() { echo | openssl s_client -showcerts -servername gnupg.org -connect git.xai-corp.net:443 2>/dev/null \ | openssl x509 -inform pem -noout -text \ @@ -76,7 +92,8 @@ print_usage() { ENVIRONMENT=dev OPTIONS="--cert-name ${CERT_NAME}" TEST_CERT=true -while getopts tnpde: name +FIX=false +while getopts ftnpde: name do case $name in d) @@ -86,6 +103,9 @@ do TEST_CERT=false ENVIRONMENT=prod ;; + f) + FIX=true + ;; t) test_new_certs exit 0 diff --git a/dockerfiles/services/sslproxy/docker-compose.prod.yml b/dockerfiles/services/sslproxy/docker-compose.prod.yml index 8a9c4b8..2cc03ee 100644 --- a/dockerfiles/services/sslproxy/docker-compose.prod.yml +++ b/dockerfiles/services/sslproxy/docker-compose.prod.yml @@ -35,7 +35,7 @@ services: deploy: mode: replicated - replicas: 2 + replicas: 1 restart_policy: condition: any delay: 10s diff --git a/dockerfiles/services/sslproxy/docker-compose.tools.yml b/dockerfiles/services/sslproxy/docker-compose.tools.yml index 0c7c93e..1893f73 100644 --- a/dockerfiles/services/sslproxy/docker-compose.tools.yml +++ b/dockerfiles/services/sslproxy/docker-compose.tools.yml @@ -9,14 +9,14 @@ services: volumes: - ${LETSENCRYPT_MOUNT}:/etc/letsencrypt ports: - - 80:80 + - "80:80" entrypoint: - certbot - certonly - --standalone - -n - networks: - - prod_tasks +# networks: +# - ingress certificates: image: ${LETSENCRYPT_IMAGE} @@ -38,9 +38,5 @@ services: - 80:80 networks: - prod_ui: - external: - name: prod_ui - prod_tasks: - external: - name: prod_tasks + ingress: + external: true