Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add compose v2 support to letsencrypt init script #233

Merged
merged 6 commits into from
Sep 13, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions helpers/command.py
Original file line number Diff line number Diff line change
Expand Up @@ -374,10 +374,11 @@ def start(cls, frontend_only=False, force_setup=False):
# Let's Encrypt NGINX container needs kobo-docker NGINX
# container to be started first
config.init_letsencrypt()
else:
proxy_command = run_docker_compose(dict_, ['up', '-d'])
CLI.run_command(proxy_command,
config.get_letsencrypt_repo_path())

proxy_command = run_docker_compose(dict_, ['up', '-d'])
CLI.run_command(
proxy_command, config.get_letsencrypt_repo_path()
)

if dict_['maintenance_enabled']:
CLI.colored_print(
Expand Down
7 changes: 7 additions & 0 deletions helpers/template.py
Original file line number Diff line number Diff line change
Expand Up @@ -317,6 +317,13 @@ def _get_value(property_, true_value='', false_value='#',
if config.local_install
else _get_value('service_account_whitelisted_hosts')
),
'DOCKER_COMPOSE_CMD': _get_value(
'compose_version', 'docker-compose', 'docker', 'v1'
),
# Keep leading space in front of suffix if any
'DOCKER_COMPOSE_SUFFIX': _get_value(
'compose_version', '', 'compose', 'v1'
)
}

@staticmethod
Expand Down
12 changes: 7 additions & 5 deletions readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -147,9 +147,9 @@ User can choose between 2 types of installations:
## Requirements

- Linux <sup>5</sup> / macOS <sup>6</sup>
- Python 3.7+
- [Docker](https://www.docker.com/get-started "") & [Docker Compose](https://docs.docker.com/compose/install/ "")
- Available TCP Ports: <sup>7</sup>
- Python 3.8+
- [Docker](https://www.docker.com/get-started "") <sup>7</sup>
- Available TCP Ports: <sup>8</sup>

1. 80 NGINX
1. 443 NGINX (if you use kobo-install with LetsEncrypt proxy)
Expand All @@ -163,11 +163,13 @@ User can choose between 2 types of installations:
- _If you use a firewall, be sure to open traffic publicly on NGINX port, otherwise kobo-install cannot work_
- _By default, additional ports are not exposed except when using multi servers configuration. If you choose to expose them, **be sure to not expose them publicly** (e.g. use a firewall and allow traffic between front-end and back-end containers only. NGINX port still has to stay publicly opened though)._

<sup>5)</sup> _It has been tested with Ubuntu 14.04, 16.04 and 18.04, CentOS 8_
<sup>5)</sup> _It has been tested with Ubuntu 18.04, 20.04 and 22.04_

<sup>6)</sup> _Docker on macOS is slow. First boot usually takes a while to be ready. You may have to answer `Yes` once or twice to question `Wait for another 600 seconds?` when prompted_

<sup>7)</sup> _These are defaults but can be customized with advanced options_
<sup>7)</sup> _Compose V1 is still supported but has reached its EOL from July 2023_

<sup>8)</sup> _These are defaults but can be customized with advanced options_


## Tests
Expand Down
14 changes: 7 additions & 7 deletions templates/nginx-certbot/init-letsencrypt.sh.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@ DATA_PATH="./data/certbot"
EMAIL="" # Adding a valid address is strongly recommended
STAGING=0 # Set to 1 if you're testing your setup to avoid hitting request limits
MKDIR_CMD=$$(which mkdir)
DOCKER_COMPOSE_CMD=$$(which docker-compose)
DOCKER_COMPOSE_CMD="$$(which ${DOCKER_COMPOSE_CMD})"
CURL_CMD=$$(which curl)


if [ -d "$$DATA_PATH" ]; then
if [ -d "$$DATA_PATH/conf/live/$$DOMAINS" ]; then
read -p "Existing data found for $$DOMAINS_CSV. Continue and replace existing certificate? (y/N) " decision
if [ "$$decision" != "Y" ] && [ "$$decision" != "y" ]; then
exit
Expand All @@ -31,7 +31,7 @@ fi
echo "### Creating dummy certificate for $${DOMAINS_CSV} ..."
DOMAINS_PATH="/etc/letsencrypt/live/$$DOMAINS"
$$MKDIR_CMD -p "$$DATA_PATH/conf/live/$$DOMAINS"
$$DOCKER_COMPOSE_CMD run --rm --entrypoint "\
$$DOCKER_COMPOSE_CMD ${DOCKER_COMPOSE_SUFFIX} run --rm --entrypoint "\
openssl req -x509 -nodes -newkey rsa:1024 -days 1\
-keyout '$$DOMAINS_PATH/privkey.pem' \
-out '$$DOMAINS_PATH/fullchain.pem' \
Expand All @@ -40,11 +40,11 @@ echo


echo "### Starting nginx ..."
$$DOCKER_COMPOSE_CMD up --force-recreate -d nginx_ssl_proxy
$$DOCKER_COMPOSE_CMD ${DOCKER_COMPOSE_SUFFIX} up --force-recreate -d nginx_ssl_proxy
echo

echo "### Deleting dummy certificate for $${DOMAINS_CSV} ..."
$$DOCKER_COMPOSE_CMD run --rm --entrypoint "\
$$DOCKER_COMPOSE_CMD ${DOCKER_COMPOSE_SUFFIX} run --rm --entrypoint "\
rm -Rf /etc/letsencrypt/live/$$DOMAINS && \
rm -Rf /etc/letsencrypt/archive/$$DOMAINS && \
rm -Rf /etc/letsencrypt/renewal/$$DOMAINS.conf" certbot
Expand All @@ -67,7 +67,7 @@ esac
# Enable staging mode if needed
if [ $$STAGING != "0" ]; then STAGING_ARG="--staging"; fi

$$DOCKER_COMPOSE_CMD run --rm --entrypoint "\
$$DOCKER_COMPOSE_CMD ${DOCKER_COMPOSE_SUFFIX} run --rm --entrypoint "\
certbot certonly --webroot -w /var/www/certbot \
$$STAGING_ARG \
$$EMAIL_ARG \
Expand All @@ -78,4 +78,4 @@ $$DOCKER_COMPOSE_CMD run --rm --entrypoint "\
echo

echo "### Reloading nginx ..."
$$DOCKER_COMPOSE_CMD exec nginx_ssl_proxy nginx -s reload
$$DOCKER_COMPOSE_CMD ${DOCKER_COMPOSE_SUFFIX} exec nginx_ssl_proxy nginx -s reload