2
This commit is contained in:
Cantibra
@@ -37,7 +37,10 @@ case "${1}" in
|
|||||||
/usr/bin/install --directory --group='traefik' --mode='750' --owner='traefik' '/var/lib/traefik'
|
/usr/bin/install --directory --group='traefik' --mode='750' --owner='traefik' '/var/lib/traefik'
|
||||||
/usr/bin/install --directory --group='traefik' --mode='750' --owner='traefik' '/var/log/traefik'
|
/usr/bin/install --directory --group='traefik' --mode='750' --owner='traefik' '/var/log/traefik'
|
||||||
/usr/bin/install --directory --group='traefik' --mode='750' --owner='traefik' '/var/logrotate/traefik'
|
/usr/bin/install --directory --group='traefik' --mode='750' --owner='traefik' '/var/logrotate/traefik'
|
||||||
/usr/bin/chown --quiet --recursive 'traefik' '/etc/traefik'
|
/usr/bin/chown --quiet --recursive 'traefik' \
|
||||||
|
'/etc/traefik/providers.yml' \
|
||||||
|
'/etc/traefik/traefik.env' \
|
||||||
|
'/etc/traefik/traefik.yml'
|
||||||
if [ -x '/usr/bin/deb-systemd-invoke' ]; then
|
if [ -x '/usr/bin/deb-systemd-invoke' ]; then
|
||||||
/usr/bin/systemctl --system daemon-reload > '/dev/null' || true
|
/usr/bin/systemctl --system daemon-reload > '/dev/null' || true
|
||||||
if [ -n "${2}" ]; then
|
if [ -n "${2}" ]; then
|
||||||
|
|||||||
@@ -51,7 +51,6 @@ for RESOLVER in $(/usr/bin/jq --raw-output --exit-status 'keys[]' "${ACME_DATABA
|
|||||||
/usr/bin/echo -e "-----BEGIN RSA PRIVATE KEY-----\n${ACCOUNT}\n-----END RSA PRIVATE KEY-----" | \
|
/usr/bin/echo -e "-----BEGIN RSA PRIVATE KEY-----\n${ACCOUNT}\n-----END RSA PRIVATE KEY-----" | \
|
||||||
/usr/bin/openssl 'rsa' -inform 'pem' -out "${ACME_STORAGE}/.${RESOLVER}/account.key" &> '/dev/null'
|
/usr/bin/openssl 'rsa' -inform 'pem' -out "${ACME_STORAGE}/.${RESOLVER}/account.key" &> '/dev/null'
|
||||||
/usr/bin/chmod '0400' "${ACME_STORAGE}/.${RESOLVER}/account.key"
|
/usr/bin/chmod '0400' "${ACME_STORAGE}/.${RESOLVER}/account.key"
|
||||||
/usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/.${RESOLVER}/account.key"
|
|
||||||
for DOMAIN in $(/usr/bin/jq --raw-output --arg resolver "${RESOLVER}" --exit-status '.[$resolver].Certificates[].domain.main' "${ACME_DATABASE}"); do
|
for DOMAIN in $(/usr/bin/jq --raw-output --arg resolver "${RESOLVER}" --exit-status '.[$resolver].Certificates[].domain.main' "${ACME_DATABASE}"); do
|
||||||
CERTIFICATE=$(/usr/bin/jq --raw-output --arg resolver "${RESOLVER}" --arg domain "${DOMAIN}" --exit-status '.[$resolver].Certificates[] | select (.domain.main == $domain ) | .certificate' "${ACME_DATABASE}")
|
CERTIFICATE=$(/usr/bin/jq --raw-output --arg resolver "${RESOLVER}" --arg domain "${DOMAIN}" --exit-status '.[$resolver].Certificates[] | select (.domain.main == $domain ) | .certificate' "${ACME_DATABASE}")
|
||||||
KEY=$(/usr/bin/jq --raw-output --arg resolver "${RESOLVER}" --arg domain "${DOMAIN}" --exit-status '.[$resolver].Certificates[] | select (.domain.main == $domain ) | .key' "${ACME_DATABASE}")
|
KEY=$(/usr/bin/jq --raw-output --arg resolver "${RESOLVER}" --arg domain "${DOMAIN}" --exit-status '.[$resolver].Certificates[] | select (.domain.main == $domain ) | .key' "${ACME_DATABASE}")
|
||||||
@@ -62,22 +61,18 @@ for RESOLVER in $(/usr/bin/jq --raw-output --exit-status 'keys[]' "${ACME_DATABA
|
|||||||
/usr/bin/echo "${CERTIFICATE}" | \
|
/usr/bin/echo "${CERTIFICATE}" | \
|
||||||
/usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/rsa/root.crt"
|
/usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/rsa/root.crt"
|
||||||
/usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/rsa/root.crt"
|
/usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/rsa/root.crt"
|
||||||
/usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/${DOMAIN}/rsa/root.crt"
|
|
||||||
/usr/bin/echo "${KEY}" | \
|
/usr/bin/echo "${KEY}" | \
|
||||||
/usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/rsa/root.key"
|
/usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/rsa/root.key"
|
||||||
/usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/rsa/root.key"
|
/usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/rsa/root.key"
|
||||||
/usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/${DOMAIN}/rsa/root.key"
|
|
||||||
;;
|
;;
|
||||||
*ecdsa*)
|
*ecdsa*)
|
||||||
/usr/bin/install --directory --group='traefik' --mode='0700' --owner='traefik' "${ACME_STORAGE}/${DOMAIN}/ecc"
|
/usr/bin/install --directory --group='traefik' --mode='0700' --owner='traefik' "${ACME_STORAGE}/${DOMAIN}/ecc"
|
||||||
/usr/bin/echo "${CERTIFICATE}" | \
|
/usr/bin/echo "${CERTIFICATE}" | \
|
||||||
/usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/ecc/root.crt"
|
/usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/ecc/root.crt"
|
||||||
/usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/ecc/root.crt"
|
/usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/ecc/root.crt"
|
||||||
/usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/${DOMAIN}/ecc/root.crt"
|
|
||||||
/usr/bin/echo "${KEY}" | \
|
/usr/bin/echo "${KEY}" | \
|
||||||
/usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/ecc/root.key"
|
/usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/ecc/root.key"
|
||||||
/usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/ecc/root.key"
|
/usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/ecc/root.key"
|
||||||
/usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/${DOMAIN}/ecc/root.key"
|
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|||||||
@@ -46,11 +46,11 @@ trap "/usr/bin/rm --force --recursive ${TMP_DIRECTORY}" EXIT
|
|||||||
if [[ ! -f "${ACME_STORAGE_HASH}" ]]; then
|
if [[ ! -f "${ACME_STORAGE_HASH}" ]]; then
|
||||||
/usr/bin/find "${ACME_STORAGE}" -type f -exec /usr/bin/md5sum {} + > "${ACME_STORAGE_HASH}"
|
/usr/bin/find "${ACME_STORAGE}" -type f -exec /usr/bin/md5sum {} + > "${ACME_STORAGE_HASH}"
|
||||||
/usr/bin/chmod 0600 "${ACME_STORAGE_HASH}"
|
/usr/bin/chmod 0600 "${ACME_STORAGE_HASH}"
|
||||||
/usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE_HASH}"
|
# /usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE_HASH}"
|
||||||
/usr/bin/diff '/dev/null' "${ACME_STORAGE_HASH}" | /usr/bin/grep '^>' | /usr/bin/awk '{print $3}' > "${ACME_STORAGE_CHANGELOG}" || \
|
/usr/bin/diff '/dev/null' "${ACME_STORAGE_HASH}" | /usr/bin/grep '^>' | /usr/bin/awk '{print $3}' > "${ACME_STORAGE_CHANGELOG}" || \
|
||||||
/usr/bin/true
|
/usr/bin/true
|
||||||
/usr/bin/chmod 0600 "${ACME_STORAGE_CHANGELOG}"
|
/usr/bin/chmod 0600 "${ACME_STORAGE_CHANGELOG}"
|
||||||
/usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE_CHANGELOG}"
|
# /usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE_CHANGELOG}"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
@@ -5,8 +5,7 @@ accessLog:
|
|||||||
|
|
||||||
# - - - - - API - - - - - #
|
# - - - - - API - - - - - #
|
||||||
|
|
||||||
api:
|
api: {}
|
||||||
disableDashboardAd: true
|
|
||||||
|
|
||||||
# - - - - - Certificates Resolver - - - - - #
|
# - - - - - Certificates Resolver - - - - - #
|
||||||
|
|
||||||
|
|||||||
@@ -8,8 +8,6 @@ Type=simple
|
|||||||
EnvironmentFile=/etc/traefik/acme/acme.env
|
EnvironmentFile=/etc/traefik/acme/acme.env
|
||||||
ExecStartPre=/usr/bin/sleep 3s
|
ExecStartPre=/usr/bin/sleep 3s
|
||||||
ExecStart=/usr/bin/run-parts --exit-on-error --new-session /etc/traefik/acme
|
ExecStart=/usr/bin/run-parts --exit-on-error --new-session /etc/traefik/acme
|
||||||
User=traefik
|
|
||||||
Group=traefik
|
|
||||||
PrivateDevices=true
|
PrivateDevices=true
|
||||||
PrivateTmp=true
|
PrivateTmp=true
|
||||||
ProtectSystem=strict
|
ProtectSystem=strict
|
||||||
|
|||||||
Reference in New Issue
Block a user