Commit 23151153 authored by zauberstuhl's avatar zauberstuhl
Browse files

Add docker secret support to letsencrypt image

parent ca3dc6f5
Pipeline #2187 passed with stages
in 2 minutes and 55 seconds
FROM golang:1.12
RUN git clone \
https://git.feneas.org/feneas/infrastructure/rancher-letsencrypt.git \
-b acme-v2 /go/src/github.com/janeczku/rancher-letsencrypt
WORKDIR /go/src/github.com/janeczku/rancher-letsencrypt
RUN make build
RUN mv build/rancher-letsencrypt-linux-amd64 /tmp/rancher-letsencrypt
FROM alpine:3.5
RUN apk add --no-cache ca-certificates
ADD rancher-letsencrypt-linux-amd64 /usr/bin/rancher-letsencrypt
RUN chmod +x /usr/bin/rancher-letsencrypt
ADD entrypoint.sh /entrypoint.sh
ADD env_secrets_expand.sh /env_secrets_expand.sh
COPY --from=0 /tmp/rancher-letsencrypt /usr/bin/rancher-letsencrypt
RUN chmod +x \
/usr/bin/rancher-letsencrypt \
/entrypoint.sh \
/env_secrets_expand.sh
ENTRYPOINT ["/usr/bin/rancher-letsencrypt"]
ENTRYPOINT ["/entrypoint.sh"]
EXPOSE 80
Letsencrypt
-----------
Build acme-v2 branch from
* git@git.feneas.org:feneas/infrastructure/rancher-letsencrypt.git
with gandiv5 support (manually)
#!/bin/sh
# expand docker secrets
. /env_secrets_expand.sh
/usr/bin/rancher-letsencrypt $@
#!/bin/sh
: ${ENV_SECRETS_DIR:=/run/secrets}
env_secret_debug()
{
if [ ! -z "$ENV_SECRETS_DEBUG" ]; then
echo -e "\033[1m$@\033[0m"
fi
}
# usage: env_secret_expand VAR
# ie: env_secret_expand 'XYZ_DB_PASSWORD'
# (will check for "$XYZ_DB_PASSWORD" variable value for a placeholder that defines the
# name of the docker secret to use instead of the original value. For example:
# XYZ_DB_PASSWORD={{DOCKER-SECRET:my-db.secret}}
env_secret_expand() {
var="$1"
eval val=\$$var
if secret_name=$(expr match "$val" "{{DOCKER-SECRET:\([^}]\+\)}}$"); then
secret="${ENV_SECRETS_DIR}/${secret_name}"
env_secret_debug "Secret file for $var: $secret"
if [ -f "$secret" ]; then
val=$(cat "${secret}")
export "$var"="$val"
env_secret_debug "Expanded variable: $var=$val"
else
env_secret_debug "Secret file does not exist! $secret"
fi
fi
}
env_secrets_expand() {
for env_var in $(printenv | cut -f1 -d"=")
do
env_secret_expand $env_var
done
if [ ! -z "$ENV_SECRETS_DEBUG" ]; then
echo -e "\n\033[1mExpanded environment variables\033[0m"
printenv
fi
}
env_secrets_expand
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment