mirror of
https://github.com/nginx-proxy/docker-letsencrypt-nginx-proxy-companion
synced 2024-09-28 07:30:21 +02:00
CI/CD: Refactor the run_nginx_container() function
This commit is contained in:
parent
2222adc954
commit
dc4255d8fa
@ -2,18 +2,6 @@
|
||||
|
||||
## Test for ACME accounts handling.
|
||||
|
||||
case $ACME_CA in
|
||||
pebble)
|
||||
test_net='acme_net'
|
||||
;;
|
||||
boulder)
|
||||
test_net='boulder_bluenet'
|
||||
;;
|
||||
*)
|
||||
echo "$0 $ACME_CA: invalid option."
|
||||
exit 1
|
||||
esac
|
||||
|
||||
if [[ -z $GITHUB_ACTIONS ]]; then
|
||||
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
|
||||
else
|
||||
@ -38,7 +26,7 @@ function cleanup {
|
||||
trap cleanup EXIT
|
||||
|
||||
# Run an nginx container for ${domains[0]}.
|
||||
run_nginx_container "${domains[0]}"
|
||||
run_nginx_container --hosts "${domains[0]}"
|
||||
|
||||
# Wait for a symlink at /etc/nginx/certs/${domains[0]}.crt
|
||||
wait_for_symlink "${domains[0]}" "$le_container_name"
|
||||
@ -65,7 +53,7 @@ le_container_name="${le_container_name}_default"
|
||||
run_le_container "${1:?}" "$le_container_name" "--env DEFAULT_EMAIL=${default_email}"
|
||||
|
||||
# Run an nginx container for ${domains[1]} without LETSENCRYPT_EMAIL set.
|
||||
run_nginx_container "${domains[1]}"
|
||||
run_nginx_container --hosts "${domains[1]}"
|
||||
|
||||
# Wait for a symlink at /etc/nginx/certs/${domains[1]}.crt
|
||||
wait_for_symlink "${domains[1]}" "$le_container_name"
|
||||
@ -83,18 +71,7 @@ fi
|
||||
|
||||
# Run an nginx container for ${domains[2]} with LETSENCRYPT_EMAIL set.
|
||||
container_email="contact@${domains[2]}"
|
||||
if ! docker run --rm -d \
|
||||
--name "${domains[2]}" \
|
||||
-e "VIRTUAL_HOST=${domains[2]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[2]}" \
|
||||
-e "LETSENCRYPT_EMAIL=${container_email}" \
|
||||
--network "$test_net" \
|
||||
nginx:alpine > /dev/null ; \
|
||||
then
|
||||
echo "Failed to start test web server for ${domains[2]}"
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "Started test web server for ${domains[2]}"
|
||||
fi
|
||||
run_nginx_container --hosts "${domains[2]}" --cli-args "--env LETSENCRYPT_EMAIL=${container_email}"
|
||||
|
||||
# Wait for a symlink at /etc/nginx/certs/${domains[2]}.crt
|
||||
wait_for_symlink "${domains[2]}" "$le_container_name"
|
||||
|
@ -46,7 +46,7 @@ for hosts in "${letsencrypt_hosts[@]}"; do
|
||||
container="test$i"
|
||||
|
||||
# Run an Nginx container passing one of the comma separated list as LETSENCRYPT_HOST env var.
|
||||
run_nginx_container "$hosts" "$container"
|
||||
run_nginx_container --hosts "$hosts" --name "$container"
|
||||
|
||||
# Wait for a symlink at /etc/nginx/certs/$base_domain.crt
|
||||
if wait_for_symlink "$base_domain" "$le_container_name" "./${base_domain}/fullchain.pem"; then
|
||||
|
@ -28,7 +28,7 @@ trap cleanup EXIT
|
||||
# Run a separate nginx container for each domain in the $domains array.
|
||||
# Start all the containers in a row so that docker-gen debounce timers fire only once.
|
||||
for domain in "${domains[@]}"; do
|
||||
run_nginx_container "$domain"
|
||||
run_nginx_container --hosts "$domain"
|
||||
done
|
||||
|
||||
for domain in "${domains[@]}"; do
|
||||
|
@ -2,18 +2,6 @@
|
||||
|
||||
## Test for spliting SAN certificates into single domain certificates by NGINX container env variables
|
||||
|
||||
case $ACME_CA in
|
||||
pebble)
|
||||
test_net='acme_net'
|
||||
;;
|
||||
boulder)
|
||||
test_net='boulder_bluenet'
|
||||
;;
|
||||
*)
|
||||
echo "$0 $ACME_CA: invalid option."
|
||||
exit 1
|
||||
esac
|
||||
|
||||
if [[ -z $GITHUB_ACTIONS ]]; then
|
||||
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
|
||||
else
|
||||
@ -54,18 +42,7 @@ for hosts in "${letsencrypt_hosts[@]}"; do
|
||||
container="test$i"
|
||||
|
||||
# Run an Nginx container passing one of the comma separated list as LETSENCRYPT_HOST env var.
|
||||
if ! docker run --rm -d \
|
||||
--name "$container" \
|
||||
-e "VIRTUAL_HOST=${TEST_DOMAINS}" \
|
||||
-e "LETSENCRYPT_HOST=${hosts}" \
|
||||
-e "LETSENCRYPT_SINGLE_DOMAIN_CERTS=true" \
|
||||
--network "$test_net" \
|
||||
nginx:alpine > /dev/null;
|
||||
then
|
||||
echo "Could not start test web server for $hosts"
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "Started test web server for $hosts"
|
||||
fi
|
||||
run_nginx_container --hosts "${hosts}" --name "$container" --cli-args "--env LETSENCRYPT_SINGLE_DOMAIN_CERTS=true"
|
||||
|
||||
for domain in "${domains[@]}"; do
|
||||
## For all the domains in the $domains array ...
|
||||
|
@ -2,18 +2,6 @@
|
||||
|
||||
## Test for LETSENCRYPT_RESTART_CONTAINER variable.
|
||||
|
||||
case $ACME_CA in
|
||||
pebble)
|
||||
test_net='acme_net'
|
||||
;;
|
||||
boulder)
|
||||
test_net='boulder_bluenet'
|
||||
;;
|
||||
*)
|
||||
echo "$0 $ACME_CA: invalid option."
|
||||
exit 1
|
||||
esac
|
||||
|
||||
if [[ -z $GITHUB_ACTIONS ]]; then
|
||||
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
|
||||
else
|
||||
@ -49,18 +37,7 @@ trap cleanup EXIT
|
||||
|
||||
# Run a separate nginx container for each domain in the $domains array.
|
||||
for domain in "${domains[@]}"; do
|
||||
if docker run --rm -d \
|
||||
--name "$domain" \
|
||||
-e "VIRTUAL_HOST=${domain}" \
|
||||
-e "LETSENCRYPT_HOST=${domain}" \
|
||||
-e "LETSENCRYPT_RESTART_CONTAINER=true" \
|
||||
--network "$test_net" \
|
||||
nginx:alpine > /dev/null; \
|
||||
then
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Started test web server for $domain"
|
||||
else
|
||||
echo "Could not start test web server for $domain"
|
||||
fi
|
||||
run_nginx_container --hosts "$domain" --cli-args "--env LETSENCRYPT_RESTART_CONTAINER=true"
|
||||
|
||||
# Check if container restarted
|
||||
timeout="$(date +%s)"
|
||||
|
@ -24,7 +24,7 @@ function cleanup {
|
||||
trap cleanup EXIT
|
||||
|
||||
# Run a nginx container for ${domains[0]}.
|
||||
run_nginx_container "${domains[0]}"
|
||||
run_nginx_container --hosts "${domains[0]}"
|
||||
|
||||
# Wait for a symlink at /etc/nginx/certs/${domains[0]}.crt
|
||||
# Grab the expiration time of the certificate
|
||||
|
@ -2,18 +2,6 @@
|
||||
|
||||
## Test for OCSP Must-Staple extension.
|
||||
|
||||
case $ACME_CA in
|
||||
pebble)
|
||||
test_net='acme_net'
|
||||
;;
|
||||
boulder)
|
||||
test_net='boulder_bluenet'
|
||||
;;
|
||||
*)
|
||||
echo "$0 $ACME_CA: invalid option."
|
||||
exit 1
|
||||
esac
|
||||
|
||||
if [[ -z $GITHUB_ACTIONS ]]; then
|
||||
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
|
||||
else
|
||||
@ -38,21 +26,10 @@ function cleanup {
|
||||
trap cleanup EXIT
|
||||
|
||||
# Run an nginx container with ACME_OCSP=true
|
||||
if docker run --rm -d \
|
||||
--name "${domains[0]}" \
|
||||
-e "VIRTUAL_HOST=${domains[0]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[0]}" \
|
||||
-e "ACME_OCSP=true" \
|
||||
--network "$test_net" \
|
||||
nginx:alpine > /dev/null; \
|
||||
then
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Started test web server for ${domains[0]} (ACME_OCSP=true)"
|
||||
else
|
||||
echo "Could not start test web server for ${domains[0]} (ACME_OCSP=true)"
|
||||
fi
|
||||
run_nginx_container --hosts "${domains[0]}" --cli-args "--env ACME_OCSP=true"
|
||||
|
||||
# Run an second nginx container without ACME_OCSP=true
|
||||
run_nginx_container "${domains[1]}"
|
||||
run_nginx_container --hosts "${domains[1]}"
|
||||
|
||||
# Wait for the symlink to the ${domains[0]} certificate
|
||||
wait_for_symlink "${domains[0]}" "$le_container_name"
|
||||
|
@ -30,7 +30,7 @@ function cleanup {
|
||||
trap cleanup EXIT
|
||||
|
||||
# Run an nginx container for ${domains[0]}.
|
||||
run_nginx_container "${domains[0]}"
|
||||
run_nginx_container --hosts "${domains[0]}"
|
||||
|
||||
# Wait for the cert symlink.
|
||||
wait_for_symlink "${domains[0]}" "$le_container_name"
|
||||
|
@ -24,7 +24,7 @@ function cleanup {
|
||||
trap cleanup EXIT
|
||||
|
||||
# Run an nginx container for ${domains[0]}.
|
||||
run_nginx_container "${domains[0]}"
|
||||
run_nginx_container --hosts "${domains[0]}"
|
||||
|
||||
# Wait for the cert symlink.
|
||||
wait_for_symlink "${domains[0]}" "$le_container_name"
|
||||
|
@ -2,18 +2,6 @@
|
||||
|
||||
## Test for private keys types
|
||||
|
||||
case $ACME_CA in
|
||||
pebble)
|
||||
test_net='acme_net'
|
||||
;;
|
||||
boulder)
|
||||
test_net='boulder_bluenet'
|
||||
;;
|
||||
*)
|
||||
echo "$0 $ACME_CA: invalid option."
|
||||
exit 1
|
||||
esac
|
||||
|
||||
if [[ -z $GITHUB_ACTIONS ]]; then
|
||||
le_container_name="$(basename "${0%/*}")_$(date "+%Y-%m-%d_%H.%M.%S")"
|
||||
else
|
||||
@ -49,18 +37,7 @@ key_types=( \
|
||||
for key in "${!key_types[@]}"; do
|
||||
|
||||
# Run an Nginx container with the wanted key type.
|
||||
if ! docker run --rm -d \
|
||||
--name "${key}" \
|
||||
-e "VIRTUAL_HOST=${domains[0]}" \
|
||||
-e "LETSENCRYPT_HOST=${domains[0]}" \
|
||||
-e "LETSENCRYPT_KEYSIZE=${key}" \
|
||||
--network "$test_net" \
|
||||
nginx:alpine > /dev/null;
|
||||
then
|
||||
echo "Could not start test web server for ${key}"
|
||||
elif [[ "${DRY_RUN:-}" == 1 ]]; then
|
||||
echo "Started test web server for ${key}"
|
||||
fi
|
||||
run_nginx_container --hosts "${domains[0]}" --name "${key}" --cli-args "--env LETSENCRYPT_KEYSIZE=${key}"
|
||||
|
||||
# Grep the expected string from the public key in text form.
|
||||
if wait_for_symlink "${domains[0]}" "$le_container_name"; then
|
||||
|
@ -30,10 +30,10 @@ function cleanup {
|
||||
trap cleanup EXIT
|
||||
|
||||
# Run a nginx container for the firs two domain in the $domains array ...
|
||||
run_nginx_container "${domains[0]},${domains[1]}" "symlink-le1-le2"
|
||||
run_nginx_container --hosts "${domains[0]},${domains[1]}" --name "symlink-le1-le2"
|
||||
|
||||
# ... plus another nginx container for the third domain.
|
||||
run_nginx_container "${domains[2]}" "symlink-le3"
|
||||
run_nginx_container --hosts "${domains[2]}" --name "symlink-le3"
|
||||
|
||||
# Wait for a file at /etc/nginx/certs/$domain/cert.pem
|
||||
wait_for_symlink "${domains[0]}" "$le_container_name" "./${domains[0]}/fullchain.pem"
|
||||
@ -65,7 +65,7 @@ wait_for_symlink_rm "${domains[2]}" "$le_container_name"
|
||||
|
||||
# Start the nginx containers for ${domains[2]} again,
|
||||
# and check if the corresponding symlink is re-created.
|
||||
run_nginx_container "${domains[2]}" "symlink-le3"
|
||||
run_nginx_container --hosts "${domains[2]}" --name "symlink-le3"
|
||||
wait_for_symlink "${domains[2]}" "$le_container_name" "./${domains[2]}/fullchain.pem"
|
||||
|
||||
# Stop the nginx containers for ${domains[2]} silently and wait for symlink removal.
|
||||
@ -73,7 +73,7 @@ docker stop "symlink-le3" > /dev/null
|
||||
wait_for_symlink_rm "${domains[2]}" "$le_container_name"
|
||||
|
||||
# Move ${domains[2]} to a san certificate with ${domains[0]} and ${domains[1]}
|
||||
run_nginx_container "${domains[0]},${domains[1]},${domains[2]}" "symlink-le1-le2-le3"
|
||||
run_nginx_container --hosts "${domains[0]},${domains[1]},${domains[2]}" --name "symlink-le1-le2-le3"
|
||||
|
||||
# Check where the symlink points (should be ./le1.wtf/fullchain.pem)
|
||||
wait_for_symlink "${domains[2]}" "$le_container_name" "./${domains[0]}/fullchain.pem"
|
||||
@ -87,7 +87,7 @@ for domain in "${domains[@]}"; do
|
||||
done
|
||||
|
||||
# Move ${domains[1]} to a new single domain certificate
|
||||
run_nginx_container "${domains[1]}" "symlink-le2"
|
||||
run_nginx_container --hosts "${domains[1]}" --name "symlink-le2"
|
||||
|
||||
# Check where the symlink points (should be ./le2.wtf/fullchain.pem)
|
||||
wait_for_symlink "${domains[1]}" "$le_container_name" "./${domains[1]}/fullchain.pem"
|
||||
@ -95,7 +95,7 @@ wait_for_symlink "${domains[1]}" "$le_container_name" "./${domains[1]}/fullchain
|
||||
# Stop the nginx container silently and try to put ${domains[1]} on a
|
||||
# san certificate whose authorization will fail.
|
||||
docker stop "symlink-le2" > /dev/null
|
||||
run_nginx_container "lim.it,${domains[1]}" "symlink-lim-le2"
|
||||
run_nginx_container --hosts "lim.it,${domains[1]}" --name "symlink-lim-le2"
|
||||
|
||||
# The symlink creation for lim.it should time out, and the ${domains[1]}
|
||||
# symlink should still point to ./le2.wtf/fullchain.pem
|
||||
|
@ -58,11 +58,37 @@ export -f run_le_container
|
||||
|
||||
# Run an nginx container
|
||||
function run_nginx_container {
|
||||
local le_host="${1:?}"
|
||||
local virtual_host="${le_host// /}"; virtual_host="${virtual_host//.,/,}"; virtual_host="${virtual_host%,}"
|
||||
local container_name="${2:-$virtual_host}"
|
||||
|
||||
local -a cli_args_arr
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
local flag="$1"
|
||||
|
||||
case $flag in
|
||||
-h|--hosts)
|
||||
local le_host="${2:?}"
|
||||
local virtual_host="${le_host// /}"; virtual_host="${virtual_host//.,/,}"; virtual_host="${virtual_host%,}"
|
||||
shift 2
|
||||
;;
|
||||
|
||||
-n|--name)
|
||||
local container_name="${2:?}"
|
||||
shift 2
|
||||
;;
|
||||
|
||||
-c|--cli-args)
|
||||
local cli_args_str="${2:?}"
|
||||
for arg in $cli_args_str; do
|
||||
cli_args_arr+=("$arg")
|
||||
done
|
||||
shift 2
|
||||
;;
|
||||
|
||||
*) #Unknown option
|
||||
shift
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ "$ACME_CA" == 'boulder' ]]; then
|
||||
cli_args_arr+=(--network boulder_bluenet)
|
||||
elif [[ "$ACME_CA" == 'pebble' ]]; then
|
||||
@ -71,9 +97,10 @@ function run_nginx_container {
|
||||
return 1
|
||||
fi
|
||||
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Starting $container_name nginx container, with environment variables VIRTUAL_HOST=$virtual_host and LETSENCRYPT_HOST=$le_host"
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Starting $container_name nginx container, with VIRTUAL_HOST=$virtual_host, LETSENCRYPT_HOST=$le_host and the following cli arguments : ${cli_args_arr[*]}."
|
||||
|
||||
if docker run --rm -d \
|
||||
--name "$container_name" \
|
||||
--name "${container_name:-$virtual_host}" \
|
||||
-e "VIRTUAL_HOST=$virtual_host" \
|
||||
-e "LETSENCRYPT_HOST=$le_host" \
|
||||
"${cli_args_arr[@]}" \
|
||||
@ -81,7 +108,7 @@ function run_nginx_container {
|
||||
then
|
||||
[[ "${DRY_RUN:-}" == 1 ]] && echo "Started $container_name nginx container."
|
||||
else
|
||||
echo "Failed to start test web server for $le_host"
|
||||
echo "Failed to start $container_name nginx container, with VIRTUAL_HOST=$virtual_host, LETSENCRYPT_HOST=$le_host and the following cli arguments : ${cli_args_arr[*]}."
|
||||
return 1
|
||||
fi
|
||||
return 0
|
||||
|
Loading…
Reference in New Issue
Block a user