You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

271 lines
7.9 KiB

6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
  1. #!/usr/bin/env sh
  2. #DEPLOY_DOCKER_CONTAINER_LABEL="xxxxxxx"
  3. #DEPLOY_DOCKER_CONTAINER_KEY_FILE="/path/to/key.pem"
  4. #DEPLOY_DOCKER_CONTAINER_CERT_FILE="/path/to/cert.pem"
  5. #DEPLOY_DOCKER_CONTAINER_CA_FILE="/path/to/ca.pem"
  6. #DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE="/path/to/fullchain.pem"
  7. #DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="service nginx force-reload"
  8. _DEPLOY_DOCKER_WIKI="https://github.com/Neilpang/acme.sh/wiki/deploy-to-docker-containers"
  9. _DOCKER_HOST_DEFAULT="/var/run/docker.sock"
  10. docker_deploy() {
  11. _cdomain="$1"
  12. _ckey="$2"
  13. _ccert="$3"
  14. _cca="$4"
  15. _cfullchain="$5"
  16. _debug _cdomain "$_cdomain"
  17. DEPLOY_DOCKER_CONTAINER_LABEL="$(echo "$DEPLOY_DOCKER_CONTAINER_LABEL" | tr -d '"')"
  18. if [ -z "$DEPLOY_DOCKER_CONTAINER_LABEL" ]; then
  19. _err "The DEPLOY_DOCKER_CONTAINER_LABEL variable is not defined, we use this label to find the container."
  20. _err "See: $_DEPLOY_DOCKER_WIKI"
  21. fi
  22. _savedomainconf DEPLOY_DOCKER_CONTAINER_LABEL "$DEPLOY_DOCKER_CONTAINER_LABEL"
  23. if [ "$DOCKER_HOST" ]; then
  24. _saveaccountconf DOCKER_HOST "$DOCKER_HOST"
  25. fi
  26. if _exists docker && docker version | grep -i docker >/dev/null; then
  27. _info "Using docker command"
  28. export _USE_DOCKER_COMMAND=1
  29. else
  30. export _USE_DOCKER_COMMAND=
  31. fi
  32. export _USE_UNIX_SOCKET=
  33. if [ -z "$_USE_DOCKER_COMMAND" ]; then
  34. export _USE_REST=
  35. if [ "$DOCKER_HOST" ]; then
  36. _debug "Try use docker host: $DOCKER_HOST"
  37. export _USE_REST=1
  38. else
  39. export _DOCKER_SOCK="$_DOCKER_HOST_DEFAULT"
  40. _debug "Try use $_DOCKER_SOCK"
  41. if [ ! -e "$_DOCKER_SOCK" ] || [ ! -w "$_DOCKER_SOCK" ]; then
  42. _err "$_DOCKER_SOCK is not available"
  43. return 1
  44. fi
  45. export _USE_UNIX_SOCKET=1
  46. if ! _exists "curl"; then
  47. _err "Please install curl first."
  48. _err "We need curl to work."
  49. return 1
  50. fi
  51. if ! _check_curl_version; then
  52. return 1
  53. fi
  54. fi
  55. fi
  56. DEPLOY_DOCKER_CONTAINER_KEY_FILE="$(echo "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" | tr -d '"')"
  57. if [ "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" ]; then
  58. _savedomainconf DEPLOY_DOCKER_CONTAINER_KEY_FILE "$DEPLOY_DOCKER_CONTAINER_KEY_FILE"
  59. fi
  60. DEPLOY_DOCKER_CONTAINER_CERT_FILE="$(echo "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" | tr -d '"')"
  61. if [ "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" ]; then
  62. _savedomainconf DEPLOY_DOCKER_CONTAINER_CERT_FILE "$DEPLOY_DOCKER_CONTAINER_CERT_FILE"
  63. fi
  64. DEPLOY_DOCKER_CONTAINER_CA_FILE="$(echo "$DEPLOY_DOCKER_CONTAINER_CA_FILE" | tr -d '"')"
  65. if [ "$DEPLOY_DOCKER_CONTAINER_CA_FILE" ]; then
  66. _savedomainconf DEPLOY_DOCKER_CONTAINER_CA_FILE "$DEPLOY_DOCKER_CONTAINER_CA_FILE"
  67. fi
  68. DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE="$(echo "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" | tr -d '"')"
  69. if [ "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" ]; then
  70. _savedomainconf DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE"
  71. fi
  72. DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="$(echo "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" | tr -d '"')"
  73. if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then
  74. _savedomainconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"
  75. fi
  76. _cid="$(_get_id "$DEPLOY_DOCKER_CONTAINER_LABEL")"
  77. _info "Container id: $_cid"
  78. if [ -z "$_cid" ]; then
  79. _err "can not find container id"
  80. return 1
  81. fi
  82. if [ "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" ]; then
  83. if ! _docker_cp "$_cid" "$_ckey" "$DEPLOY_DOCKER_CONTAINER_KEY_FILE"; then
  84. return 1
  85. fi
  86. fi
  87. if [ "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" ]; then
  88. if ! _docker_cp "$_cid" "$_ccert" "$DEPLOY_DOCKER_CONTAINER_CERT_FILE"; then
  89. return 1
  90. fi
  91. fi
  92. if [ "$DEPLOY_DOCKER_CONTAINER_CA_FILE" ]; then
  93. if ! _docker_cp "$_cid" "$_cca" "$DEPLOY_DOCKER_CONTAINER_CA_FILE"; then
  94. return 1
  95. fi
  96. fi
  97. if [ "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" ]; then
  98. if ! _docker_cp "$_cid" "$_cfullchain" "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE"; then
  99. return 1
  100. fi
  101. fi
  102. if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then
  103. if ! _docker_exec "$_cid" "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"; then
  104. return 1
  105. fi
  106. fi
  107. return 0
  108. }
  109. #label
  110. _get_id() {
  111. _label="$1"
  112. if [ "$_USE_DOCKER_COMMAND" ]; then
  113. docker ps -f label="$_label" --format "{{.ID}}"
  114. elif [ "$_USE_REST" ]; then
  115. _err "Not implemented yet."
  116. return 1
  117. elif [ "$_USE_UNIX_SOCKET" ]; then
  118. _req="{\"label\":[\"$_label\"]}"
  119. _debug2 _req "$_req"
  120. _req="$(printf "%s" "$_req" | _url_encode)"
  121. _debug2 _req "$_req"
  122. listjson="$(_curl_unix_sock "${_DOCKER_SOCK:-$_DOCKER_HOST_DEFAULT}" GET "/containers/json?filters=$_req")"
  123. _debug2 "listjson" "$listjson"
  124. echo "$listjson" | tr '{,' '\n' | grep -i '"id":' | _head_n 1 | cut -d '"' -f 4
  125. else
  126. _err "Not implemented yet."
  127. return 1
  128. fi
  129. }
  130. #id cmd
  131. _docker_exec() {
  132. _eargs="$*"
  133. _debug2 "_docker_exec $_eargs"
  134. _dcid="$1"
  135. shift
  136. if [ "$_USE_DOCKER_COMMAND" ]; then
  137. docker exec -i "$_dcid" "$@"
  138. elif [ "$_USE_REST" ]; then
  139. _err "Not implemented yet."
  140. return 1
  141. elif [ "$_USE_UNIX_SOCKET" ]; then
  142. _cmd="$*"
  143. _cmd="$(printf "%s" "$_cmd" | sed 's/ /","/g')"
  144. _debug2 _cmd "$_cmd"
  145. #create exec instance:
  146. cjson="$(_curl_unix_sock "$_DOCKER_SOCK" POST "/containers/$_dcid/exec" "{\"Cmd\": [\"$_cmd\"]}")"
  147. _debug2 cjson "$cjson"
  148. execid="$(echo "$cjson" | cut -d '"' -f 4)"
  149. _debug execid "$execid"
  150. ejson="$(_curl_unix_sock "$_DOCKER_SOCK" POST "/exec/$execid/start" "{\"Detach\": false,\"Tty\": false}")"
  151. _debug2 ejson "$ejson"
  152. else
  153. _err "Not implemented yet."
  154. return 1
  155. fi
  156. }
  157. #id from to
  158. _docker_cp() {
  159. _dcid="$1"
  160. _from="$2"
  161. _to="$3"
  162. _info "Copying file from $_from to $_to"
  163. _dir="$(dirname "$_to")"
  164. _docker_exec "$_dcid" mkdir -p "$_dir"
  165. if [ "$_USE_DOCKER_COMMAND" ]; then
  166. if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
  167. _docker_exec "$_dcid" tee "$_to" <"$_from"
  168. else
  169. _docker_exec "$_dcid" tee "$_to" <"$_from" >/dev/null
  170. fi
  171. if [ "$?" = "0" ]; then
  172. _info "Success"
  173. return 0
  174. else
  175. _info "Error"
  176. return 1
  177. fi
  178. elif [ "$_USE_REST" ]; then
  179. _err "Not implemented yet."
  180. return 1
  181. elif [ "$_USE_UNIX_SOCKET" ]; then
  182. _frompath="$_from"
  183. if _startswith "$_frompath" '/'; then
  184. _frompath="$(echo "$_from" | cut -b 2-)" #remove the first '/' char
  185. fi
  186. _debug2 "_frompath" "$_frompath"
  187. _toname="$(basename "$_to")"
  188. _debug2 "_toname" "$_toname"
  189. if ! tar --transform="s,$_frompath,$_toname," -cz "$_from" 2>/dev/null | _curl_unix_sock "$_DOCKER_SOCK" PUT "/containers/$_dcid/archive?noOverwriteDirNonDir=1&path=$(printf "%s" "$_dir" | _url_encode)" '@-' "Content-Type: application/octet-stream"; then
  190. _err "copy error"
  191. return 1
  192. fi
  193. return 0
  194. else
  195. _err "Not implemented yet."
  196. return 1
  197. fi
  198. }
  199. #sock method endpoint data content-type
  200. _curl_unix_sock() {
  201. _socket="$1"
  202. _method="$2"
  203. _endpoint="$3"
  204. _data="$4"
  205. _ctype="$5"
  206. if [ -z "$_ctype" ]; then
  207. _ctype="Content-Type: application/json"
  208. fi
  209. _debug _data "$_data"
  210. _debug2 "url" "http://localhost$_endpoint"
  211. if [ "$_CURL_NO_HOST" ]; then
  212. _cux_url="http:$_endpoint"
  213. else
  214. _cux_url="http://localhost$_endpoint"
  215. fi
  216. if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then
  217. curl -vvv --silent --unix-socket "$_socket" -X "$_method" --data-binary "$_data" --header "$_ctype" "$_cux_url"
  218. else
  219. curl --silent --unix-socket "$_socket" -X "$_method" --data-binary "$_data" --header "$_ctype" "$_cux_url"
  220. fi
  221. }
  222. _check_curl_version() {
  223. _cversion="$(curl -V | grep '^curl ' | cut -d ' ' -f 2)"
  224. _debug2 "_cversion" "$_cversion"
  225. _major="$(_getfield "$_cversion" 1 '.')"
  226. _debug2 "_major" "$_major"
  227. _minor="$(_getfield "$_cversion" 2 '.')"
  228. _debug2 "_minor" "$_minor"
  229. if [ "$_major$_minor" -lt "740" ]; then
  230. _err "curl v$_cversion doesn't support unit socket"
  231. return 1
  232. fi
  233. if [ "$_major$_minor" -lt "750" ]; then
  234. _debug "Use short host name"
  235. export _CURL_NO_HOST=1
  236. else
  237. export _CURL_NO_HOST=
  238. fi
  239. return 0
  240. }