Infra-Mirrors/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2025-03-11 00:29:47 -04:00
Code Issues Packages Projects Releases Wiki Activity

remove unnecessary eab retrieval

Browse Source 
also suppress error when no proxy confs are activated
This commit is contained in:
aptalca 2020-12-20 16:55:11 -05:00
parent 21e9d7298a
commit 832dde3b35
2 changed files with 11 additions and 7 deletions
root/etc/cont-init.d
50-config70-templates

16
root/etc/cont-init.d/50-config

@ -124,10 +124,7 @@ if [ "$CERTPROVIDER" = "zerossl" ] && [ "$STAGING" = "true" ]; then
fi fi
if [ "$CERTPROVIDER" = "zerossl" ] && [ -n "$EMAIL" ]; then if [ "$CERTPROVIDER" = "zerossl" ] && [ -n "$EMAIL" ]; then
echo "ZeroSSL is selected as the cert provider, registering cert with $EMAIL" echo "ZeroSSL is selected as the cert provider, registering cert with $EMAIL"
EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=$EMAIL") ACMESERVER="https://acme.zerossl.com/v2/DV90"
ZEROSSL_EAB_KID=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
ZEROSSL_EAB_HMAC_KEY=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
ACMESERVER="https://acme.zerossl.com/v2/DV90 --eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}"
elif [ "$CERTPROVIDER" = "zerossl" ] && [ -z "$EMAIL" ]; then elif [ "$CERTPROVIDER" = "zerossl" ] && [ -z "$EMAIL" ]; then
echo "ZeroSSL is selected as the cert provider, but the e-mail address has not been entered. Please visit https://zerossl.com, register a new account and set the account e-mail address in the EMAIL environment variable" echo "ZeroSSL is selected as the cert provider, but the e-mail address has not been entered. Please visit https://zerossl.com, register a new account and set the account e-mail address in the EMAIL environment variable"
sleep infinity sleep infinity
@ -276,9 +273,16 @@ fi
# generating certs if necessary # generating certs if necessary
if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then if [ ! -f "/config/keys/letsencrypt/fullchain.pem" ]; then
if [ "$CERTPROVIDER" = "zerossl" ] && [ -n "$EMAIL" ]; then
echo "Retrieving EAB from ZeroSSL"
EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=$EMAIL")
ZEROSSL_EAB_KID=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])")
ZEROSSL_EAB_HMAC_KEY=$(echo "$EAB_CREDS" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])")
ZEROSSL_EAB="--eab-kid ${ZEROSSL_EAB_KID} --eab-hmac-key ${ZEROSSL_EAB_HMAC_KEY}"
fi
echo "Generating new certificate" echo "Generating new certificate"
# shellcheck disable=SC2086 # shellcheck disable=SC2086
certbot certonly --renew-by-default --server $ACMESERVER $PREFCHAL --rsa-key-size 4096 $EMAILPARAM --agree-tos $URL_REAL certbot certonly --renew-by-default --server $ACMESERVER $ZEROSSL_EAB $PREFCHAL --rsa-key-size 4096 $EMAILPARAM --agree-tos $URL_REAL
if [ -d /config/keys/letsencrypt ]; then if [ -d /config/keys/letsencrypt ]; then
cd /config/keys/letsencrypt || exit cd /config/keys/letsencrypt || exit
else else

2
root/etc/cont-init.d/70-templates

@ -24,7 +24,7 @@ if [ -n "$nginx_confs_changed" ]; then
echo -e "${nginx_confs_changed}" echo -e "${nginx_confs_changed}"
fi fi
proxy_confs=$(ls /config/nginx/proxy-confs/*.conf) proxy_confs=$(ls /config/nginx/proxy-confs/*.conf 2>/dev/null)
for i in $proxy_confs; do for i in $proxy_confs; do
if [ -f "${i}.sample" ]; then if [ -f "${i}.sample" ]; then