]>
Commit | Line | Data |
---|---|---|
561803c0 | 1 | #!/usr/bin/env sh |
2 | ||
3 | #DEPLOY_DOCKER_CONTAINER_LABEL="xxxxxxx" | |
561803c0 | 4 | |
5 | #DEPLOY_DOCKER_CONTAINER_KEY_FILE="/path/to/key.pem" | |
6 | #DEPLOY_DOCKER_CONTAINER_CERT_FILE="/path/to/cert.pem" | |
7 | #DEPLOY_DOCKER_CONTAINER_CA_FILE="/path/to/ca.pem" | |
8 | #DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE="/path/to/fullchain.pem" | |
9 | #DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="service nginx force-reload" | |
10 | ||
d795fac3 | 11 | _DEPLOY_DOCKER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/deploy-to-docker-containers" |
561803c0 | 12 | |
13 | _DOCKER_HOST_DEFAULT="/var/run/docker.sock" | |
14 | ||
15 | docker_deploy() { | |
16 | _cdomain="$1" | |
17 | _ckey="$2" | |
18 | _ccert="$3" | |
19 | _cca="$4" | |
20 | _cfullchain="$5" | |
0bbaa519 | 21 | _debug _cdomain "$_cdomain" |
aec66362 | 22 | _getdeployconf DEPLOY_DOCKER_CONTAINER_LABEL |
2e3ddd3a | 23 | _debug2 DEPLOY_DOCKER_CONTAINER_LABEL "$DEPLOY_DOCKER_CONTAINER_LABEL" |
561803c0 | 24 | if [ -z "$DEPLOY_DOCKER_CONTAINER_LABEL" ]; then |
25 | _err "The DEPLOY_DOCKER_CONTAINER_LABEL variable is not defined, we use this label to find the container." | |
26 | _err "See: $_DEPLOY_DOCKER_WIKI" | |
27 | fi | |
28 | ||
aec66362 | 29 | _savedeployconf DEPLOY_DOCKER_CONTAINER_LABEL "$DEPLOY_DOCKER_CONTAINER_LABEL" |
561803c0 | 30 | |
31 | if [ "$DOCKER_HOST" ]; then | |
32 | _saveaccountconf DOCKER_HOST "$DOCKER_HOST" | |
33 | fi | |
34 | ||
35 | if _exists docker && docker version | grep -i docker >/dev/null; then | |
36 | _info "Using docker command" | |
37 | export _USE_DOCKER_COMMAND=1 | |
38 | else | |
39 | export _USE_DOCKER_COMMAND= | |
40 | fi | |
41 | ||
42 | export _USE_UNIX_SOCKET= | |
43 | if [ -z "$_USE_DOCKER_COMMAND" ]; then | |
44 | export _USE_REST= | |
45 | if [ "$DOCKER_HOST" ]; then | |
46 | _debug "Try use docker host: $DOCKER_HOST" | |
47 | export _USE_REST=1 | |
48 | else | |
49 | export _DOCKER_SOCK="$_DOCKER_HOST_DEFAULT" | |
50 | _debug "Try use $_DOCKER_SOCK" | |
51 | if [ ! -e "$_DOCKER_SOCK" ] || [ ! -w "$_DOCKER_SOCK" ]; then | |
52 | _err "$_DOCKER_SOCK is not available" | |
53 | return 1 | |
54 | fi | |
55 | export _USE_UNIX_SOCKET=1 | |
56 | if ! _exists "curl"; then | |
57 | _err "Please install curl first." | |
58 | _err "We need curl to work." | |
59 | return 1 | |
60 | fi | |
61 | if ! _check_curl_version; then | |
62 | return 1 | |
63 | fi | |
64 | fi | |
65 | fi | |
66 | ||
aec66362 | 67 | _getdeployconf DEPLOY_DOCKER_CONTAINER_KEY_FILE |
2e3ddd3a | 68 | _debug2 DEPLOY_DOCKER_CONTAINER_KEY_FILE "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" |
561803c0 | 69 | if [ "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" ]; then |
aec66362 | 70 | _savedeployconf DEPLOY_DOCKER_CONTAINER_KEY_FILE "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" |
561803c0 | 71 | fi |
72 | ||
aec66362 | 73 | _getdeployconf DEPLOY_DOCKER_CONTAINER_CERT_FILE |
2e3ddd3a | 74 | _debug2 DEPLOY_DOCKER_CONTAINER_CERT_FILE "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" |
561803c0 | 75 | if [ "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" ]; then |
aec66362 | 76 | _savedeployconf DEPLOY_DOCKER_CONTAINER_CERT_FILE "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" |
561803c0 | 77 | fi |
78 | ||
aec66362 | 79 | _getdeployconf DEPLOY_DOCKER_CONTAINER_CA_FILE |
2e3ddd3a | 80 | _debug2 DEPLOY_DOCKER_CONTAINER_CA_FILE "$DEPLOY_DOCKER_CONTAINER_CA_FILE" |
561803c0 | 81 | if [ "$DEPLOY_DOCKER_CONTAINER_CA_FILE" ]; then |
aec66362 | 82 | _savedeployconf DEPLOY_DOCKER_CONTAINER_CA_FILE "$DEPLOY_DOCKER_CONTAINER_CA_FILE" |
561803c0 | 83 | fi |
84 | ||
aec66362 | 85 | _getdeployconf DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE |
2e3ddd3a | 86 | _debug2 DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" |
561803c0 | 87 | if [ "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" ]; then |
aec66362 | 88 | _savedeployconf DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" |
561803c0 | 89 | fi |
90 | ||
aec66362 | 91 | _getdeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD |
2e3ddd3a | 92 | _debug2 DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" |
561803c0 | 93 | if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then |
01ebb657 | 94 | _savedeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" "base64" |
561803c0 | 95 | fi |
96 | ||
97 | _cid="$(_get_id "$DEPLOY_DOCKER_CONTAINER_LABEL")" | |
98 | _info "Container id: $_cid" | |
99 | if [ -z "$_cid" ]; then | |
100 | _err "can not find container id" | |
101 | return 1 | |
102 | fi | |
103 | ||
104 | if [ "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" ]; then | |
105 | if ! _docker_cp "$_cid" "$_ckey" "$DEPLOY_DOCKER_CONTAINER_KEY_FILE"; then | |
106 | return 1 | |
107 | fi | |
108 | fi | |
109 | ||
110 | if [ "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" ]; then | |
111 | if ! _docker_cp "$_cid" "$_ccert" "$DEPLOY_DOCKER_CONTAINER_CERT_FILE"; then | |
112 | return 1 | |
113 | fi | |
114 | fi | |
115 | ||
116 | if [ "$DEPLOY_DOCKER_CONTAINER_CA_FILE" ]; then | |
117 | if ! _docker_cp "$_cid" "$_cca" "$DEPLOY_DOCKER_CONTAINER_CA_FILE"; then | |
118 | return 1 | |
119 | fi | |
120 | fi | |
121 | ||
122 | if [ "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" ]; then | |
123 | if ! _docker_cp "$_cid" "$_cfullchain" "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE"; then | |
124 | return 1 | |
125 | fi | |
126 | fi | |
127 | ||
128 | if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then | |
45e8bb03 | 129 | _info "Reloading: $DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" |
561803c0 | 130 | if ! _docker_exec "$_cid" "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"; then |
131 | return 1 | |
132 | fi | |
133 | fi | |
134 | return 0 | |
135 | } | |
136 | ||
137 | #label | |
138 | _get_id() { | |
139 | _label="$1" | |
140 | if [ "$_USE_DOCKER_COMMAND" ]; then | |
141 | docker ps -f label="$_label" --format "{{.ID}}" | |
142 | elif [ "$_USE_REST" ]; then | |
143 | _err "Not implemented yet." | |
144 | return 1 | |
145 | elif [ "$_USE_UNIX_SOCKET" ]; then | |
146 | _req="{\"label\":[\"$_label\"]}" | |
147 | _debug2 _req "$_req" | |
148 | _req="$(printf "%s" "$_req" | _url_encode)" | |
149 | _debug2 _req "$_req" | |
0bbaa519 | 150 | listjson="$(_curl_unix_sock "${_DOCKER_SOCK:-$_DOCKER_HOST_DEFAULT}" GET "/containers/json?filters=$_req")" |
561803c0 | 151 | _debug2 "listjson" "$listjson" |
152 | echo "$listjson" | tr '{,' '\n' | grep -i '"id":' | _head_n 1 | cut -d '"' -f 4 | |
153 | else | |
154 | _err "Not implemented yet." | |
155 | return 1 | |
156 | fi | |
157 | } | |
158 | ||
159 | #id cmd | |
160 | _docker_exec() { | |
0bbaa519 | 161 | _eargs="$*" |
561803c0 | 162 | _debug2 "_docker_exec $_eargs" |
163 | _dcid="$1" | |
164 | shift | |
165 | if [ "$_USE_DOCKER_COMMAND" ]; then | |
a18c3ff0 | 166 | docker exec -i "$_dcid" sh -c "$*" |
561803c0 | 167 | elif [ "$_USE_REST" ]; then |
168 | _err "Not implemented yet." | |
169 | return 1 | |
170 | elif [ "$_USE_UNIX_SOCKET" ]; then | |
0bbaa519 | 171 | _cmd="$*" |
a18c3ff0 | 172 | #_cmd="$(printf "%s" "$_cmd" | sed 's/ /","/g')" |
561803c0 | 173 | _debug2 _cmd "$_cmd" |
174 | #create exec instance: | |
a18c3ff0 | 175 | cjson="$(_curl_unix_sock "$_DOCKER_SOCK" POST "/containers/$_dcid/exec" "{\"Cmd\": [\"sh\", \"-c\", \"$_cmd\"]}")" |
561803c0 | 176 | _debug2 cjson "$cjson" |
177 | execid="$(echo "$cjson" | cut -d '"' -f 4)" | |
178 | _debug execid "$execid" | |
0bbaa519 | 179 | ejson="$(_curl_unix_sock "$_DOCKER_SOCK" POST "/exec/$execid/start" "{\"Detach\": false,\"Tty\": false}")" |
561803c0 | 180 | _debug2 ejson "$ejson" |
a18c3ff0 | 181 | if [ "$ejson" ]; then |
182 | _err "$ejson" | |
183 | return 1 | |
184 | fi | |
561803c0 | 185 | else |
186 | _err "Not implemented yet." | |
187 | return 1 | |
188 | fi | |
189 | } | |
190 | ||
191 | #id from to | |
192 | _docker_cp() { | |
193 | _dcid="$1" | |
194 | _from="$2" | |
195 | _to="$3" | |
196 | _info "Copying file from $_from to $_to" | |
197 | _dir="$(dirname "$_to")" | |
2e3ddd3a | 198 | _debug2 _dir "$_dir" |
951bd3a5 | 199 | if ! _docker_exec "$_dcid" mkdir -p "$_dir"; then |
200 | _err "Can not create dir: $_dir" | |
201 | return 1 | |
202 | fi | |
561803c0 | 203 | if [ "$_USE_DOCKER_COMMAND" ]; then |
0bbaa519 | 204 | if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then |
205 | _docker_exec "$_dcid" tee "$_to" <"$_from" | |
206 | else | |
207 | _docker_exec "$_dcid" tee "$_to" <"$_from" >/dev/null | |
208 | fi | |
561803c0 | 209 | if [ "$?" = "0" ]; then |
210 | _info "Success" | |
211 | return 0 | |
212 | else | |
213 | _info "Error" | |
214 | return 1 | |
215 | fi | |
216 | elif [ "$_USE_REST" ]; then | |
217 | _err "Not implemented yet." | |
218 | return 1 | |
219 | elif [ "$_USE_UNIX_SOCKET" ]; then | |
220 | _frompath="$_from" | |
221 | if _startswith "$_frompath" '/'; then | |
0bbaa519 | 222 | _frompath="$(echo "$_from" | cut -b 2-)" #remove the first '/' char |
561803c0 | 223 | fi |
224 | _debug2 "_frompath" "$_frompath" | |
225 | _toname="$(basename "$_to")" | |
226 | _debug2 "_toname" "$_toname" | |
54e18961 | 227 | _debug2 "_from" "$_from" |
228 | if ! tar --transform="s,$(printf "%s" "$_frompath" | tr '*' .),$_toname," -cz "$_from" 2>/dev/null | _curl_unix_sock "$_DOCKER_SOCK" PUT "/containers/$_dcid/archive?noOverwriteDirNonDir=1&path=$(printf "%s" "$_dir" | _url_encode)" '@-' "Content-Type: application/octet-stream"; then | |
561803c0 | 229 | _err "copy error" |
230 | return 1 | |
231 | fi | |
232 | return 0 | |
233 | else | |
234 | _err "Not implemented yet." | |
235 | return 1 | |
236 | fi | |
237 | ||
238 | } | |
239 | ||
240 | #sock method endpoint data content-type | |
241 | _curl_unix_sock() { | |
242 | _socket="$1" | |
243 | _method="$2" | |
244 | _endpoint="$3" | |
245 | _data="$4" | |
246 | _ctype="$5" | |
247 | if [ -z "$_ctype" ]; then | |
248 | _ctype="Content-Type: application/json" | |
249 | fi | |
250 | _debug _data "$_data" | |
251 | _debug2 "url" "http://localhost$_endpoint" | |
252 | if [ "$_CURL_NO_HOST" ]; then | |
253 | _cux_url="http:$_endpoint" | |
254 | else | |
255 | _cux_url="http://localhost$_endpoint" | |
256 | fi | |
257 | ||
258 | if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then | |
0bbaa519 | 259 | curl -vvv --silent --unix-socket "$_socket" -X "$_method" --data-binary "$_data" --header "$_ctype" "$_cux_url" |
561803c0 | 260 | else |
0bbaa519 | 261 | curl --silent --unix-socket "$_socket" -X "$_method" --data-binary "$_data" --header "$_ctype" "$_cux_url" |
561803c0 | 262 | fi |
263 | ||
264 | } | |
265 | ||
266 | _check_curl_version() { | |
267 | _cversion="$(curl -V | grep '^curl ' | cut -d ' ' -f 2)" | |
268 | _debug2 "_cversion" "$_cversion" | |
269 | ||
270 | _major="$(_getfield "$_cversion" 1 '.')" | |
271 | _debug2 "_major" "$_major" | |
272 | ||
273 | _minor="$(_getfield "$_cversion" 2 '.')" | |
274 | _debug2 "_minor" "$_minor" | |
275 | ||
276 | if [ "$_major$_minor" -lt "740" ]; then | |
277 | _err "curl v$_cversion doesn't support unit socket" | |
15fb47cb | 278 | _err "Please upgrade to curl 7.40 or later." |
561803c0 | 279 | return 1 |
280 | fi | |
281 | if [ "$_major$_minor" -lt "750" ]; then | |
282 | _debug "Use short host name" | |
283 | export _CURL_NO_HOST=1 | |
284 | else | |
285 | export _CURL_NO_HOST= | |
286 | fi | |
287 | return 0 | |
288 | } |