xai-corp.net/provisioning
1
0
Fork 0
Code Issues 9 Releases Activity

reworked letsencrypt to use docker containers instead of certbot on the host.

Browse Source
This commit is contained in:
richard
2017-10-02 06:32:53 -04:00
parent de1e0d66c3
commit 92950ffd2d
57 changed files with 632 additions and 198 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
dockerfiles/services/letsencrypt/docker-compose-staging-install.yml Normal file
View File

@@ -0,0 +1,48 @@
---
# docker-compose file for letsencrypt cert management
# DOCKER_HOST=dkhost01:2376 docker-compose up install
# DOCKER_HOST=dkhost01:2376 docker-compose up updates
# docker login dkregistry.xai-corp.net:5000
# docker-compose build && docker push dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services_letsencrypt
version: '3'
services:
install:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_install
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
environment:
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --staging
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M

45
dockerfiles/services/letsencrypt/docker-compose-staging-update.yml Normal file
View File

@@ -0,0 +1,45 @@
---
# docker-compose file for letsencrypt cert management
# DOCKER_HOST=dkhost01:2376 docker-compose up updates
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose-staging-update.yml services_letsencrypt
version: '3'
services:
updates:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_updates
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
environment:
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --staging
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M

47
dockerfiles/services/letsencrypt/docker-compose-update.yml Normal file
View File

@@ -0,0 +1,47 @@
---
# docker-compose file for letsencrypt cert management
# DOCKER_HOST=dkhost01:2376 docker-compose up updates
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose-update.yml services_letsencrypt
version: '3'
services:
updates:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_updates
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt:/etc/letsencrypt
environment:
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_TESTCERT: "true"
LETSENCRYPT_DEBUG: "true"
LETSENCRYPT_JOB_TIME: "0 0 1 15 * *"
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M

84
dockerfiles/services/letsencrypt/docker-compose.yml Normal file
View File

@@ -0,0 +1,84 @@
---
# docker-compose file for letsencrypt cert management
# DOCKER_HOST=dkhost01:2376 docker-compose up install
# DOCKER_HOST=dkhost01:2376 docker-compose up updates
# docker login dkregistry.xai-corp.net:5000
# docker-compose build && docker push dkregistry.xai-corp.net:5000/xaicorp/nextcloud:latest
# DOCKER_HOST=dkhost:2376 docker stack deploy -c docker-compose.yml services_letsencrypt
version: '3'
services:
install:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_install
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
environment:
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --staging
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M
updates:
image: "blacklabelops/letsencrypt"
container_name: letsencrypt_staging_updates
ports:
- 80:80
# - 443:443
volumes:
- /opt/shared/letsencrypt-2-staging:/etc/letsencrypt
environment:
LETSENCRYPT_HTTPS_ENABLED: "false"
LETSENCRYPT_EMAIL: r_morgan@sympatico.ca
LETSENCRYPT_DOMAIN1: xai-corp.net
LETSENCRYPT_DOMAIN2: git.xai-corp.net
LETSENCRYPT_DOMAIN3: xaibox.xai-corp.net
LETSENCRYPT_DOMAIN4: dkui.xai-corp.net
LETSENCRYPT_DOMAIN5: dkregistry.xai-corp.net
LETSENCRYPT_DOMAIN6: fs.xai-corp.net
LETSENCRYPT_DOMAIN7: jenkins.xai-corp.net
LETSENCRYPT_DOMAIN8: sql.xai-corp.net
LETSENCRYPT_DOMAIN9: office.xai-corp.net
LETSENCRYPT_DOMAIN9: www.xai-corp.net
command:
- install
- --staging
- --expand
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: none
resources:
limits:
cpus: '0.1'
memory: 256M

48
dockerfiles/services/letsencrypt/readme.md Normal file
View File

@@ -0,0 +1,48 @@
#Letsencrypt container
run this as a regular container via cron job
note that this container only takes 2 parameters, so we can use --staging and --merge. maybe we should build our own.
todo: set this up as a cron
#install new certs
```
DOCKER_HOST=dkhost:2376 docker run -d \
-p 80:80 \
--name letsencrypt \
-e "LETSENCRYPT_HTTPS_ENABLED=false" \
-v /opt/shared/letsencrypt-2:/opt/shared/letsencrypt \
-e "LETSENCRYPT_EMAIL=r_morgan@sympatico.ca" \
-e "LETSENCRYPT_DOMAIN1=xai-corp.net" \
-e "LETSENCRYPT_DOMAIN2=git.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN3=xaibox.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN4=dkui.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN5=dkregistry.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN6=fs.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN7=jenkins.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN8=sql.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN9=www.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN90=office.xai-corp.net" \
blacklabelops/letsencrypt install
```
```
DOCKER_HOST=dkhost:2376 docker run -d \
-p 80:80 \
--name letsencrypt_updates \
-e "LETSENCRYPT_HTTPS_ENABLED=false" \
-v /opt/shared/letsencrypt-2:/opt/shared/letsencrypt \
-e "LETSENCRYPT_EMAIL=r_morgan@sympatico.ca" \
-e "LETSENCRYPT_DOMAIN1=xai-corp.net" \
-e "LETSENCRYPT_DOMAIN2=git.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN3=xaibox.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN4=dkui.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN5=dkregistry.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN6=fs.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN7=jenkins.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN8=sql.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN9=www.xai-corp.net" \
-e "LETSENCRYPT_DOMAIN90=office.xai-corp.net" \
blacklabelops/letsencrypt
```