Commit 3f45d1a8 authored by Pedro Eduardo Trujillo's avatar Pedro Eduardo Trujillo
Browse files

Parametriza dh_numbits, retorna a uso de volúmenes 

Al parecer, no se consigue escribir en los montajes de los contenedores
lanzados internamente, por lo que se vuelven a usar los volúmenes
originales directamente.

Permite definir un número de bits diferente para la generación de los
parámetros DH (por si con el valor por defecto tarda demasiado).
parent d3f7231a

deploy/.env

+6 −2
Original line number Diff line number Diff line 
DH_NUMBITS=4096

SERVER_SERVICE=gateway_nginx-proxy-https

PUSHGATEWAY_HOST=pushgateway:9091



DHPARAMS_VOL_NAME=dhparams-vol

CERTBOT_CONFIG_VOL_NAME=certbot-config-vol

CERTBOT_LOGS_VOL_NAME=certbot-logs-vol

DHPARAMS_VOL_NAME=dhparams-vol

PUSHGATEWAY_HOST=pushgateway:9091

ACME_VOL_NAME=acme-vol



AWS_REGION=eu-west-1

deploy/docker-compose.dev.yml

+8 −8
Original line number Diff line number Diff line 
version: '3.5'



volumes:

  config-vol:

    name: ${CERTBOT_CONFIG_VOL_NAME}

    driver: local

    driver_opts:

      type: ${CERTBOT_CONFIG_VOL_TYPE:-nfs4}

      o: addr=${CERTBOT_CONFIG_VOL_ADDR:-127.0.0.1},${CERTBOT_CONFIG_VOL_OPTIONS:-rw,nolock,noatime,tcp,rsize=8192,wsize=8192,timeo=14}

      device: ${CERTBOT_CONFIG_VOL_DEVICE:-:/certbot-config-vol/}



  dhparams-vol:

    name: ${DHPARAMS_VOL_NAME}

    driver: local
@@ -16,3 +8,11 @@ volumes: 
      type: ${DHPARAMS_VOL_TYPE:-nfs4}

      o: addr=${DHPARAMS_VOL_ADDR:-127.0.0.1},${DHPARAMS_VOL_OPTIONS:-rw,nolock,noatime,tcp,rsize=8192,wsize=8192,timeo=14}

      device: ${DHPARAMS_VOL_DEVICE:-:/dhparams-vol/}



  config-vol:

    name: ${CERTBOT_CONFIG_VOL_NAME}

    driver: local

    driver_opts:

      type: ${CERTBOT_CONFIG_VOL_TYPE:-nfs4}

      o: addr=${CERTBOT_CONFIG_VOL_ADDR:-127.0.0.1},${CERTBOT_CONFIG_VOL_OPTIONS:-rw,nolock,noatime,tcp,rsize=8192,wsize=8192,timeo=14}

      device: ${CERTBOT_CONFIG_VOL_DEVICE:-:/certbot-config-vol/}

deploy/docker-compose.prod.yml

+3 −3
Original line number Diff line number Diff line
@@ -8,8 +8,8 @@ services: 
          - engine.labels.availability_zone == ${AWS_REGION}a



volumes:

  config-vol:

    name: ${CERTBOT_CONFIG_VOL_NAME}



  dhparams-vol:

    name: ${DHPARAMS_VOL_NAME}



  config-vol:

    name: ${CERTBOT_CONFIG_VOL_NAME}

deploy/docker-compose.tmpl.yml

+5 −6
Original line number Diff line number Diff line
@@ -8,15 +8,18 @@ services: 
      CERT_NAME:

      DOMAIN_LIST:

      EMAIL_LIST:

      SERVER_SERVICE:

      DH_NUMBITS:

      DHPARAMS_VOL_NAME:

      CERTBOT_CONFIG_VOL_NAME:

      CERTBOT_LOGS_VOL_NAME:

      ACME_VOL_NAME:

      SERVER_SERVICE:

      PUSHGATEWAY_HOST:

    networks:

      metric-net:

    volumes:

      - dhparams-vol:/dhparams

      - config-vol:/certs

      - acme-vol:/acme

      - /var/lib/docker:/var/lib/docker

      - /var/run/docker.sock:/var/run/docker.sock

    configs:
@@ -46,10 +49,6 @@ networks: 
    external: true



volumes:

  acme-vol:

    name: ${ACME_VOL_NAME:-acme-vol}

    external: true



  logs-vol:

    name: ${CERTBOT_LOGS_VOL_NAME}

deploy/scripts/manage-certificates.sh

+4 −4
Original line number Diff line number Diff line
@@ -11,10 +11,10 @@ if [ ! -e "${dhparamFile}" ] 
then

	echo "DHParam not found, generating.."

	docker run --rm --name openssl \

		-v /dhparams:/dhparams \

		-v ${DHPARAMS_VOL_NAME}:/dhparams \

		frapsoft/openssl dhparam \

			-out "${dhparamFile}" \

			4096

			${DH_NUMBITS}

fi



fileToTestUpdate="/certs/live/${CERT_NAME}/chain.pem"
@@ -28,10 +28,10 @@ fi 
mkdir -p /work



if ! docker run --rm --name certbot \

	-v /certs:/etc/letsencrypt \

	-v /work:/var/lib/letsencrypt \

	-v ${CERTBOT_CONFIG_VOL_NAME}:/etc/letsencrypt \

	-v ${CERTBOT_LOGS_VOL_NAME}:/var/log/letsencrypt \

	-v /acme:/var/www/html \

	-v ${ACME_VOL_NAME}:/var/www/html \

	certbot/certbot certonly \

		--expand \

		--keep-until-expiring \