From 4eba712b102740666fff6bd0f9c69ef6b56dfecb Mon Sep 17 00:00:00 2001 From: Olivier Leger Date: Wed, 16 Aug 2023 16:15:41 -0400 Subject: [PATCH 1/6] Add compose V2 support to letsencrypt container --- helpers/template.py | 7 +++++++ templates/nginx-certbot/init-letsencrypt.sh.tpl | 12 ++++++------ 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/helpers/template.py b/helpers/template.py index 84d91cc..8ccf622 100644 --- a/helpers/template.py +++ b/helpers/template.py @@ -317,6 +317,13 @@ def _get_value(property_, true_value='', false_value='#', if config.local_install else _get_value('service_account_whitelisted_hosts') ), + 'DOCKER_COMPOSE_CMD': _get_value( + 'compose_version', 'docker-compose', 'docker', 'v1' + ), + # Keep leading space in front of suffix if any + 'DOCKER_COMPOSE_SUFFIX': _get_value( + 'compose_version', '', ' compose', 'v1' + ) } @staticmethod diff --git a/templates/nginx-certbot/init-letsencrypt.sh.tpl b/templates/nginx-certbot/init-letsencrypt.sh.tpl index a05acb4..3d2b1f6 100644 --- a/templates/nginx-certbot/init-letsencrypt.sh.tpl +++ b/templates/nginx-certbot/init-letsencrypt.sh.tpl @@ -9,7 +9,7 @@ DATA_PATH="./data/certbot" EMAIL="" # Adding a valid address is strongly recommended STAGING=0 # Set to 1 if you're testing your setup to avoid hitting request limits MKDIR_CMD=$$(which mkdir) -DOCKER_COMPOSE_CMD=$$(which docker-compose) +DOCKER_COMPOSE_CMD="$$(which ${DOCKER_COMPOSE_CMD})" CURL_CMD=$$(which curl) @@ -31,7 +31,7 @@ fi echo "### Creating dummy certificate for $${DOMAINS_CSV} ..." DOMAINS_PATH="/etc/letsencrypt/live/$$DOMAINS" $$MKDIR_CMD -p "$$DATA_PATH/conf/live/$$DOMAINS" -$$DOCKER_COMPOSE_CMD run --rm --entrypoint "\ +$$DOCKER_COMPOSE_CMD ${DOCKER_COMPOSE_SUFFIX} run --rm --entrypoint "\ openssl req -x509 -nodes -newkey rsa:1024 -days 1\ -keyout '$$DOMAINS_PATH/privkey.pem' \ -out '$$DOMAINS_PATH/fullchain.pem' \ @@ -40,11 +40,11 @@ echo echo "### Starting nginx ..." -$$DOCKER_COMPOSE_CMD up --force-recreate -d nginx_ssl_proxy +$$DOCKER_COMPOSE_CMD ${DOCKER_COMPOSE_SUFFIX} up --force-recreate -d nginx_ssl_proxy echo echo "### Deleting dummy certificate for $${DOMAINS_CSV} ..." -$$DOCKER_COMPOSE_CMD run --rm --entrypoint "\ +$$DOCKER_COMPOSE_CMD ${DOCKER_COMPOSE_SUFFIX} run --rm --entrypoint "\ rm -Rf /etc/letsencrypt/live/$$DOMAINS && \ rm -Rf /etc/letsencrypt/archive/$$DOMAINS && \ rm -Rf /etc/letsencrypt/renewal/$$DOMAINS.conf" certbot @@ -67,7 +67,7 @@ esac # Enable staging mode if needed if [ $$STAGING != "0" ]; then STAGING_ARG="--staging"; fi -$$DOCKER_COMPOSE_CMD run --rm --entrypoint "\ +$$DOCKER_COMPOSE_CMD ${DOCKER_COMPOSE_SUFFIX} run --rm --entrypoint "\ certbot certonly --webroot -w /var/www/certbot \ $$STAGING_ARG \ $$EMAIL_ARG \ @@ -78,4 +78,4 @@ $$DOCKER_COMPOSE_CMD run --rm --entrypoint "\ echo echo "### Reloading nginx ..." -$$DOCKER_COMPOSE_CMD exec nginx_ssl_proxy nginx -s reload +$$DOCKER_COMPOSE_CMD ${DOCKER_COMPOSE_SUFFIX} exec nginx_ssl_proxy nginx -s reload From 0a25594d533c1c75f48cd1c0d4aad2f4680c652f Mon Sep 17 00:00:00 2001 From: Olivier Leger Date: Wed, 13 Sep 2023 09:46:08 -0400 Subject: [PATCH 2/6] Update README --- readme.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/readme.md b/readme.md index e0a6595..58909f5 100644 --- a/readme.md +++ b/readme.md @@ -147,9 +147,9 @@ User can choose between 2 types of installations: ## Requirements - Linux 5 / macOS 6 -- Python 3.7+ -- [Docker](https://www.docker.com/get-started "") & [Docker Compose](https://docs.docker.com/compose/install/ "") -- Available TCP Ports: 7 +- Python 3.8+ +- [Docker](https://www.docker.com/get-started "") 7 +- Available TCP Ports: 8 1. 80 NGINX 1. 443 NGINX (if you use kobo-install with LetsEncrypt proxy) @@ -163,11 +163,13 @@ User can choose between 2 types of installations: - _If you use a firewall, be sure to open traffic publicly on NGINX port, otherwise kobo-install cannot work_ - _By default, additional ports are not exposed except when using multi servers configuration. If you choose to expose them, **be sure to not expose them publicly** (e.g. use a firewall and allow traffic between front-end and back-end containers only. NGINX port still has to stay publicly opened though)._ -5) _It has been tested with Ubuntu 14.04, 16.04 and 18.04, CentOS 8_ +5) _It has been tested with Ubuntu 18.04, 20.04 and 22.04_ 6) _Docker on macOS is slow. First boot usually takes a while to be ready. You may have to answer `Yes` once or twice to question `Wait for another 600 seconds?` when prompted_ -7) _These are defaults but can be customized with advanced options_ +7) _Compose V1 is still supported but reached its EOL_ + +8) _These are defaults but can be customized with advanced options_ ## Tests From 9692acc0a60f83358ead637e8364631171c92e03 Mon Sep 17 00:00:00 2001 From: Olivier Leger Date: Wed, 13 Sep 2023 12:38:30 -0400 Subject: [PATCH 3/6] Remove leading space on compose suffix --- helpers/template.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helpers/template.py b/helpers/template.py index 8ccf622..0814152 100644 --- a/helpers/template.py +++ b/helpers/template.py @@ -322,7 +322,7 @@ def _get_value(property_, true_value='', false_value='#', ), # Keep leading space in front of suffix if any 'DOCKER_COMPOSE_SUFFIX': _get_value( - 'compose_version', '', ' compose', 'v1' + 'compose_version', '', 'compose', 'v1' ) } From 9eb6ecd5c0c09be0b605a72903423d4c2dbcd004 Mon Sep 17 00:00:00 2001 From: Olivier Leger Date: Wed, 13 Sep 2023 15:11:24 -0400 Subject: [PATCH 4/6] Fix restart letsencrypt when running setup with existing installs --- helpers/command.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/helpers/command.py b/helpers/command.py index 61b84e7..8063d03 100644 --- a/helpers/command.py +++ b/helpers/command.py @@ -374,10 +374,11 @@ def start(cls, frontend_only=False, force_setup=False): # Let's Encrypt NGINX container needs kobo-docker NGINX # container to be started first config.init_letsencrypt() - else: - proxy_command = run_docker_compose(dict_, ['up', '-d']) - CLI.run_command(proxy_command, - config.get_letsencrypt_repo_path()) + + proxy_command = run_docker_compose(dict_, ['up', '-d']) + CLI.run_command( + proxy_command, config.get_letsencrypt_repo_path() + ) if dict_['maintenance_enabled']: CLI.colored_print( From b0754ee2c4b5c716d1d38cf8ffa65da810a3faae Mon Sep 17 00:00:00 2001 From: Olivier Leger Date: Wed, 13 Sep 2023 16:09:53 -0400 Subject: [PATCH 5/6] Check from domains folder when renewing certificate --- templates/nginx-certbot/init-letsencrypt.sh.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/nginx-certbot/init-letsencrypt.sh.tpl b/templates/nginx-certbot/init-letsencrypt.sh.tpl index 3d2b1f6..87e8d33 100644 --- a/templates/nginx-certbot/init-letsencrypt.sh.tpl +++ b/templates/nginx-certbot/init-letsencrypt.sh.tpl @@ -13,7 +13,7 @@ DOCKER_COMPOSE_CMD="$$(which ${DOCKER_COMPOSE_CMD})" CURL_CMD=$$(which curl) -if [ -d "$$DATA_PATH" ]; then +if [ -d "$$DATA_PATH/conf/live/$$DOMAINS" ]; then read -p "Existing data found for $$DOMAINS_CSV. Continue and replace existing certificate? (y/N) " decision if [ "$$decision" != "Y" ] && [ "$$decision" != "y" ]; then exit From 7c399483d8727aa3019ab10c7b8b3801ea02a7c3 Mon Sep 17 00:00:00 2001 From: Olivier Leger Date: Wed, 13 Sep 2023 16:30:56 -0400 Subject: [PATCH 6/6] Typo in README --- readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/readme.md b/readme.md index 58909f5..367d4ed 100644 --- a/readme.md +++ b/readme.md @@ -167,7 +167,7 @@ User can choose between 2 types of installations: 6) _Docker on macOS is slow. First boot usually takes a while to be ready. You may have to answer `Yes` once or twice to question `Wait for another 600 seconds?` when prompted_ -7) _Compose V1 is still supported but reached its EOL_ +7) _Compose V1 is still supported but has reached its EOL from July 2023_ 8) _These are defaults but can be customized with advanced options_