Skip to content

Commit

Permalink
Merge pull request #616 from notional-labs/feat/certbot-renew
Browse files Browse the repository at this point in the history
add: certbot renew script & cronjob script
  • Loading branch information
hqdNotional authored Jun 18, 2024
2 parents 27eb085 + 2a90ee5 commit 0b5542d
Show file tree
Hide file tree
Showing 2 changed files with 203 additions and 0 deletions.
153 changes: 153 additions & 0 deletions ssl/certbot_renew.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
#!/bin/bash

####################################################################################################
# VARIABLES
####################################################################################################

# Color
black='\033[0;30m'
red='\033[0;31m'
green='\033[0;32m'
orange='\033[0;33m'
blue='\033[0;34m'
purple='\033[0;35m'
cyan='\033[0;36m'
gray='\033[0;37m'
gray2='\033[1;30m'
red2='\033[1;31m'
green2='\033[1;32m'
yellow='\033[1;33m'
blue2='\033[1;34m'
purple2='\033[1;35m'
cyan2='\033[1;36m'
white='\033[1;37m'
nc='\033[0m' # No Color

# napi_proxy for notionalapi.net
CONTAINER_NAME=$1
DOMAIN=$2

# Basic variables for certbot
CREDENTIAL_PATH="./cloudflare.ini"
CERTBOT_DIR="/tmp/certbot"
CERTBOT_SERVER="https://acme-v02.api.letsencrypt.org/directory"

####################################################################################################
# FUNCTIONS
####################################################################################################

# Get configs
agent_id=$(docker ps -aqf "name=agent")
# DOMAINS=$(docker exec $agent_id curl -s "http://tasks.web_config/config/cloudflare.domains")
EMAILS=$(docker exec $agent_id curl -s "http://tasks.web_config/config/cloudflare.$DOMAIN.emails")
CREDENTIAL=$(docker exec $agent_id curl -s "http://tasks.web_config/config/cloudflare.$DOMAIN.credential")
DOMAINS="*.${DOMAIN}"

# install binary if not exist
install_binary_if_not_exist () {

local BINARY=$1
local FUNCTION=$2

if command -v ${BINARY} &> /dev/null; then
continue
else
$FUNCTION
fi
}

# install pip package if not exist
install_package_if_not_exist () {

local PACKAGE_NAME=$1
local FUNCTION=$2

if pip show "$PACKAGE_NAME" &> /dev/null; then
continue
else
$FUNCTION
fi

}

# Install pip binary function
install_pip_binary () {
curl -O https://bootstrap.pypa.io/get-pip.py
python get-pip.py --break-system-package
}

# Install certbot dns cloudflare function
install_certbot_dns_cloudflare () {
pip install certbot-dns-cloudflare --break-system-package
}

# Obtain certificates function
obtain_certs () {

local DOMAINS=$1
local EMAILS=$2
local CERTBOT_DIR=$3
local CERTBOT_SERVER=$4
local CREDENTIAL_PATH=$5

certbot certonly \
--dns-cloudflare \
--dry-run \
--dns-cloudflare-credentials $CREDENTIAL_PATH \
--dns-cloudflare-propagation-seconds 60 \
--domains $DOMAINS \
--logs-dir $CERTBOT_DIR \
--config-dir $CERTBOT_DIR \
--work-dir $CERTBOT_DIR \
--email $EMAILS \
--agree-tos \
--non-interactive \
--server $CERTBOT_SERVER \

}

####################################################################################################
# IMPLEMENTATION
####################################################################################################

# Install pip and certbot dns cloudflare
install_binary_if_not_exist pip install_pip_binary
install_package_if_not_exist certbot-dns-cloudflare install_certbot_dns_cloudflare

# Write credentials to file
cat << EOF | sudo tee -a $CREDENTIAL_PATH
$CREDENTIAL
EOF

# Obtain certifications
obtain_certs $DOMAINS $EMAILS $CERTBOT_DIR $CERTBOT_SERVER $CREDENTIAL_PATH

# Remove credential after obtain certs
rm -rf $CREDENTIAL_PATH

# Remove old certificate configs
docker config rm $PRIVKEY_CONFIG
docker config rm $FULLCHAIN_CONFIG

# Create new certificate configs
docker config create $PRIVKEY_CONFIG $CERTBOT_DIR/${DOMAINS}/privkey.pem
docker config create $FULLCHAIN_CONFIG $CERTBOT_DIR/${DOMAINS}.ventures/fullchain.pem

# Get current timestamp
TIMESTAMP=`date +"%s-%A-%d-%B-%Y-@-%Hh%Mm%Ss"`

# Get container id
export SERVICE=$CONTAINER_NAME
CONTAINER_ID=$(docker ps -a | grep $SERVICE | grep -E "$SERVICE." | awk '{print $1}')
docker exec $CONTAINER_ID ls

# Backup old certifications
docker exec $CONTAINER_ID mkdir -p /etc/nginx/$TIMESTAMP
docker exec $CONTAINER_ID cp /etc/nginx/privkey.pem /etc/nginx/$TIMESTAMP/privkey.pem
docker exec $CONTAINER_ID cp /etc/nginx/fullchain.pem /etc/nginx/$TIMESTAMP/fullchain.pem

# Update nginx proxy
docker exec $CONTAINER_ID wget "http://tasks.web_config/config/${DOMAINS}_fullchain.pem" -O /etc/nginx/fullchain.pem
docker exec $CONTAINER_ID wget "http://tasks.web_config/config/${DOMAINS}_privkey.pem" -O /etc/nginx/privkey.pem
docker exec $CONTAINER_ID sleep 3
docker exec $CONTAINER_ID /usr/sbin/nginx -s reload
50 changes: 50 additions & 0 deletions ssl/cronjob.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
#!/bin/bash

####################################################################################################
# VARIABLES
####################################################################################################
CONTAINER_NAME=$1
DOMAIN=$2

# check for container name
if [ -z "${CONTAINER_NAME}" ]; then
echo "missing container name"
echo "Usage: ./cronjob.sh container_name domain_name"
echo "Eg: ./cronjob.sh napi_proxy notionalapi.net"
exit
fi

# check for domain name
if [ -z "${DOMAIN}" ]; then
echo "missing domain name"
echo "Usage: ./cronjob.sh container_name domain_name"
echo "Eg: ./cronjob.sh napi_proxy notionalapi.net"
exit
fi

# Install cronnie on archlinux
pacman -Syyu --noconfirm
pacman -Sy cronie --noconfirm

# Enable cronnie on archlinux
sudo systemctl enable cronie
sudo systemctl start cronie

# Add new cronjob
rm -rf $HOME/cron/*
mkdir -p $HOME/cron
cp -f ./certbot-renew.sh $HOME/cron/certbot-renew

# Your task here
echo "Task is running at $(date)"

# Calculate the next run date (30 days from now)
NEXT_RUN_DATE=$(date -d "30 days" "+%Y-%m-%d %H:%M:%S")

# Convert next run date to cron format
NEXT_RUN_CRON=$(date -d "$NEXT_RUN_DATE" "+%M %H %d %m *")

# Schedule the next run
(crontab -l ; echo "$NEXT_RUN_CRON /bin/sh $HOME/cron/certbot-renew.sh $CONTAINER_NAME $DOMAIN") | crontab -

echo "Next run scheduled for $NEXT_RUN_DATE"

0 comments on commit 0b5542d

Please sign in to comment.