WIP

Dockerfile

@@ -26,6 +26,8 @@ LABEL maintainer="Nicolas Duchon <[email protected]> (@buchdag)"
 ARG GIT_DESCRIBE
 ARG ACMESH_VERSION=2.8.8
 
+ARG ACMESH_PATH=/home/acme.sh
+
 ENV COMPANION_VERSION=$GIT_DESCRIBE \
     DOCKER_HOST=unix:///var/run/docker.sock \
     PATH=$PATH:/app

app/cleanup_test_artifacts

@@ -31,9 +31,9 @@ done
 for domain in le1.wtf le2.wtf le3.wtf le4.wtf lim.it; do
     folder="/etc/nginx/certs/$domain"
     [[ -d "$folder" ]] && rm -rf "$folder"
-    folder="/etc/acme.sh/default/$domain"
+    folder="${ACMESH_PATH}/default/$domain"
     [[ -d "$folder" ]] && rm -rf "$folder"
-    folder="/etc/acme.sh/default/${domain}_ecc"
+    folder="${ACMESH_PATH}/default/${domain}_ecc"
     [[ -d "$folder" ]] && rm -rf "$folder"
     location_file="/etc/nginx/vhost.d/$domain"
     [[ -f "$location_file" ]] && rm -rf "$location_file" 2> /dev/null

app/entrypoint.sh

@@ -24,18 +24,18 @@ function check_docker_socket {
 
 function check_writable_directory {
     local dir="$1"
-    if [[ $(get_self_cid) ]]; then
-        if ! docker_api "/containers/$(get_self_cid)/json" | jq ".Mounts[].Destination" | grep -q "^\"$dir\"$"; then
-            echo "Warning: '$dir' does not appear to be a mounted volume."
-        fi
-    else
-        echo "Warning: can't check if '$dir' is a mounted volume without self container ID."
-    fi
-    if [[ ! -d "$dir" ]]; then
-        echo "Error: can't access to '$dir' directory !" >&2
-        echo "Check that '$dir' directory is declared as a writable volume." >&2
-        exit 1
-    fi
+#    if [[ $(get_self_cid) ]]; then
+#        if ! docker_api "/containers/$(get_self_cid)/json" | jq ".Mounts[].Destination" | grep -q "^\"$dir\"$"; then
+#            echo "Warning: '$dir' does not appear to be a mounted volume."
+#        fi
+#    else
+#        echo "Warning: can't check if '$dir' is a mounted volume without self container ID."
+#    fi
+#    if [[ ! -d "$dir" ]]; then
+#        echo "Error: can't access to '$dir' directory !" >&2
+#        echo "Check that '$dir' directory is declared as a writable volume." >&2
+#        exit 1
+#    fi
     if ! touch "$dir/.check_writable" 2>/dev/null ; then
         echo "Error: can't write to the '$dir' directory !" >&2
         echo "Check that '$dir' directory is export as a writable volume." >&2
@@ -135,9 +135,9 @@ function check_default_cert_key {
 
 function check_default_account {
     # The default account is now for empty account email
-    if [[ -f /etc/acme.sh/default/account.conf ]]; then
-        if grep -q ACCOUNT_EMAIL /etc/acme.sh/default/account.conf; then
-            sed -i '/ACCOUNT_EMAIL/d' /etc/acme.sh/default/account.conf
+    if [[ -f "${ACMESH_PATH}/default/account.conf" ]]; then
+        if grep -q ACCOUNT_EMAIL "${ACMESH_PATH}/default/account.conf"; then
+            sed -i '/ACCOUNT_EMAIL/d' "${ACMESH_PATH}/default/account.conf"
         fi
     fi
 }
@@ -161,7 +161,7 @@ if [[ "$*" == "/bin/bash /app/start.sh" ]]; then
     fi
     check_writable_directory '/etc/nginx/certs'
     check_writable_directory '/etc/nginx/vhost.d'
-    check_writable_directory '/etc/acme.sh'
+    check_writable_directory "${ACMESH_PATH}"
     check_writable_directory '/usr/share/nginx/html'
     [[ -f /app/letsencrypt_user_data ]] && check_writable_directory '/etc/nginx/conf.d'
     check_default_cert_key

app/functions.sh

@@ -203,9 +203,9 @@ function docker_api {
         scheme='http://localhost'
     else
         scheme="${LE_DOCKER_HOST}"
-        curl_opts+=(--cacert /home/ubuntu/.docker/ca.pem)
-        curl_opts+=(--key /home/ubuntu/.docker/key.pem)
-        curl_opts+=( --cert /home/ubuntu/.docker/cert.pem)
+        curl_opts+=(--cacert '/home/ubuntu/.docker/ca.pem')
+        curl_opts+=(--key '/home/ubuntu/.docker/key.pem')
+        curl_opts+=( --cert '/home/ubuntu/.docker/cert.pem')
     fi
     [[ $method = "POST" ]] && curl_opts+=(-H 'Content-Type: application/json')
     echo "${curl_opts[@]}" -X "${method}" "${scheme}$1"

app/letsencrypt_service

@@ -177,10 +177,10 @@ function update_cert {
     fi
     if [[ -n "${accountemail// }" ]]; then
         # If we got an email, use it with the corresponding config home
-        config_home="/etc/acme.sh/$accountemail"
+        config_home="${ACMESH_PATH}/$accountemail"
     else
         # If we did not get any email at all, use the default (empty mail) config
-        config_home="/etc/acme.sh/default"
+        config_home="${ACMESH_PATH}/default"
     fi 
 
     local -n acme_ca_uri="ACME_${cid}_CA_URI"
@@ -207,7 +207,7 @@ function update_cert {
         # Unset accountemail
         # force config dir to 'staging'
         unset accountemail
-        config_home="/etc/acme.sh/staging"
+        config_home="${ACMESH_PATH}/staging"
         # Prefix test certificate directory with _test_
         certificate_dir="/etc/nginx/certs/_test_$base_domain"
     else
@@ -277,13 +277,13 @@ function update_cert {
     # Account registration and update if required
     if [[ ! -f "$account_file" ]]; then
         params_register_arr=("${params_base_arr[@]}" "${params_register_arr[@]}")
-        [[ "$DEBUG" == 1 ]] && echo "Calling acme.sh --register-account with the following parameters : ${params_register_arr[*]}"
-        acme.sh --register-account "${params_register_arr[@]}"
+        [[ "$DEBUG" == 1 ]] && echo "Calling ${ACMESH_PATH}/acme.sh --register-account with the following parameters : ${params_register_arr[*]}"
+        . ${ACMESH_PATH}/acme.sh --register-account "${params_register_arr[@]}"
     fi
     if [[ -n "${accountemail// }" ]] && ! grep -q "mailto:$accountemail" "$account_file"; then
         local -a params_update_arr=("${params_base_arr[@]}" --accountemail "$accountemail")
-        [[ "$DEBUG" == 1 ]] && echo "Calling acme.sh --update-account with the following parameters : ${params_update_arr[*]}"
-        acme.sh --update-account "${params_update_arr[@]}"
+        [[ "$DEBUG" == 1 ]] && echo "Calling ${ACMESH_PATH}/acme.sh --update-account with the following parameters : ${params_update_arr[*]}"
+        . ${ACMESH_PATH}/acme.sh --update-account "${params_update_arr[@]}"
     fi
 
     # If we still don't have an account.json file by this point, we've got an issue
@@ -314,9 +314,9 @@ function update_cert {
     done
 
     params_issue_arr=("${params_base_arr[@]}" "${params_issue_arr[@]}")
-    [[ "$DEBUG" == 1 ]] && echo "Calling acme.sh --issue with the following parameters : ${params_issue_arr[*]}"
+    [[ "$DEBUG" == 1 ]] && echo "Calling ${ACMESH_PATH}/acme.sh --issue with the following parameters : ${params_issue_arr[*]}"
     echo "Creating/renewal $base_domain certificates... (${hosts_array[*]})"
-    acme.sh --issue "${params_issue_arr[@]}"
+    . ${ACMESH_PATH}/acme.sh --issue "${params_issue_arr[@]}"
 
     local acmesh_return=$?
 

install_acme.sh

@@ -13,12 +13,15 @@ if [[ "$ACMESH_VERSION" != "master" ]]; then
   git -c advice.detachedHead=false checkout "$ACMESH_VERSION"
 fi
 
+
+mkdir "${ACMESH_PATH}"
+
 # Install acme.sh in /app
 ./acme.sh --install \
   --nocron \
   --auto-upgrade 0 \
   --home /app \
-  --config-home /etc/acme.sh/default
+  --config-home "${ACMESH_PATH}/default"
 
 # Make house cleaning
 cd /