diff --git a/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile b/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile index 3de762e..b856363 100755 --- a/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile +++ b/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile @@ -1,32 +1,33 @@ -def domainsToCert = [ - - [ false, 'kopama.com.pl', 'www'], - [ false, 'plecianki.pl'], +// Define common paths and variables +def baseCertPath = '/_docker_data_/letsencrypt/live' +def letsEncryptCommand = "docker compose --file lets-encrypt.yml --env-file lets.env" +def email = env.LETSENCRYPT_EMAIL ?: 'kusartur@gmail.com' +def workDir = "/_sd_/_programs_/proxy-nginx/deploy-this/lets-encrypt" +def domainsToCert = [ + [ false, 'plecianki.pl'], + [ false, 'kopama.com.pl', 'www'], [ false, 'bodypainter.eu', "www", "mail", "stat"], - [ false, 'themself.eu', "www", "mail", "stat", "massage", "driving", "kopama" ], + [ false, 'themself.eu', "www", "mail", "stat", "massage", "driving", "kopama" ], + [ false, "artiks.tk", "www", "mail", "api", "angular", "bodypainter", "themself","arti24"], + [ false, "arti24.eu", "www", "api", "angular", "ai", "job-finder", "zaklik"] +] - [ false, "artiks.tk", "www", "mail", "api", "angular", "bodypainter", "themself","arti24"], - [ false, "arti24.eu", "www", "api", "angular", "ai", "job-finder", "zaklik"] - // [ false, 'artikus.dynu.net', "mail", "stat", "www", "nextcloud" ] -] - - -def createCert(domains, repo) { +def createCert(domains) { echo "Server ENV = ${SERVER_ENV}" echo "Certbot image = ${CERTBOT_IMAGE}" - + def toCreateDomains = [] for (domain in domains) { def force = domain[0] def name = domain[1] - def fileName = "/_docker_data_/letsencrypt/live/${name}/cert.pem" + def fileName = "${baseCertPath}/${name}/cert.pem" def currentDomains = [] def daysLeft = null - // Pobierz dane z istniejącego certyfikatu, jeśli jest + // Get existing certificate data if exists if (fileExists(fileName)) { def certInfo = sh( script: "openssl x509 -in ${fileName} -text -noout | grep -o 'DNS:[^,]*' | sed 's/DNS://g'", @@ -37,7 +38,7 @@ def createCert(domains, repo) { currentDomains = certInfo.split('\n').collect { it.trim() } } - // Oblicz ile dni zostało do wygaśnięcia + // Calculate days until expiration def expiryUnix = sh( script: "openssl x509 -enddate -noout -in ${fileName} | cut -d= -f2 | xargs -I{} date -d {} +%s", returnStdout: true @@ -49,13 +50,10 @@ def createCert(domains, repo) { } } - // Lista oczekiwanych domen - def expectedDomains = [name] - for (int i = 2; i < domain.size(); i++) { - expectedDomains.add("${domain[i]}.${name}") - } + // Build expected domains list + def expectedDomains = [name] + domain[2..-1].collect { "${it}.${name}" } - // Czy trzeba odnowić certyfikat? + // Check if certificate needs renewal def needsRenewal = force || !fileExists(fileName) || currentDomains.size() != expectedDomains.size() || @@ -77,171 +75,34 @@ def createCert(domains, repo) { return } - def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env " - - dir("/_programs_/${repo}/deploy-this/lets-encrypt") { + dir(workDir) { for (domain in toCreateDomains) { def name = domain[1] + def subDomains = domain[2..-1].collect { "-d ${it}.${name}" }.join(' ') - def run = " run --rm certbot certonly" + - " --webroot -w /var/www/certbot" + - " --cert-name='${name}'" + - " --non-interactive --agree-tos" + - " --preferred-challenges http" + - " --email ${env.LETSENCRYPT_EMAIL ?: 'kusartur@gmail.com'}" + - " -d ${name}" - - for (int i = 2; i < domain.size(); i++) { - run += " -d ${domain[i]}.${name}" - } - - sh(lets_encrypt + run) + sh """ + ${letsEncryptCommand} run --rm certbot certonly \ + --webroot -w /var/www/certbot \ + --cert-name='${name}' \ + --non-interactive --agree-tos \ + --preferred-challenges http \ + --email ${email} \ + -d ${name} ${subDomains} + """ } } } - -def createCertOld(domains, repo) { - echo "Server ENV = ${SERVER_ENV}" - echo "Cerbot image = ${CERTBOT_IMAGE}" - - def toCreateDomains = [] - - for (domain in domains) { - def force = domain[0] - def name = domain[1] - def fileName = '/_docker_data_/letsencrypt/live/' + name + '/cert.pem' - - // Get current domains from certificate if it exists - def currentDomains = [] - if (fileExists(fileName)) { - def certInfo = sh(script: "openssl x509 -in ${fileName} -text -noout | grep -o 'DNS:[^,]*' | sed 's/DNS://g'", returnStdout: true).trim() - currentDomains = certInfo.split('\n').collect { it.trim() } - } - - // Prepare expected domains - def expectedDomains = [name] - for (int i = 2; i < domain.size(); i++) { - expectedDomains.add(domain[i] + "." + name) - } - - // Check if we need to create/renew - def needsRenewal = force || - !fileExists(fileName) || - currentDomains.size() != expectedDomains.size() || - !currentDomains.containsAll(expectedDomains) - - if (needsRenewal) { - echo "Certificate for '${name}' needs renewal (force: ${force}, missing domains: ${expectedDomains - currentDomains})" - toCreateDomains.add(domain) - } else { - echo "Certificate for '${name}' is up to date with all domains" - } - } - - echo "Certificates to create/renew: ${toCreateDomains.collect { it[1] }}" - - if (toCreateDomains.isEmpty()) { - echo "All certificates are up to date. Nothing to create/renew." - } else { - def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env " - - dir("/_programs_/" + repo + "/deploy-this/lets-encrypt") { - for (domain in toCreateDomains) { - def name = domain[1] - - def run = " run --rm certbot certonly" + - " --webroot -w /var/www/certbot" + - " --cert-name='" + name + "'" + - " --non-interactive --agree-tos" + - " --preferred-challenges http" + - " --email kusartur@gmail.com" + - " -d " + name - - for (int indexSub = 2; indexSub < domain.size(); indexSub++) { - def subDomain = domain[indexSub] - run = run + " -d " + subDomain + "." + name - } - - sh(lets_encrypt + run) - } - } - } -} - -def createCertOlder(domains, repo){ - - echo "Server ENV = ${SERVER_ENV}" - echo "Cerbot image = ${CERTBOT_IMAGE} " - - - - def toCreateDomains =[] - - for( domain in domains ){ - def force = domain[ 0 ] - def name = domain[ 1 ] - def fileName = '/_docker_data_/letsencrypt/live/'+name - if( !force && fileExists( fileName ) ){ - echo "The file('${fileName}') certificate for '${domain}(main:${name})' exists! You should renew it" - }else{ - echo "File '${fileName}' not exists! or ${force} so create certificate for '${name}'" - toCreateDomains.add( domain ) - } - } - - echo "Certificate to create "+toCreateDomains - if( 0 == toCreateDomains.size() ){ - echo "All certificate should be refreshed! Nothing to create." - }else{ - - def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env " - - dir("/_programs_/"+repo+"/deploy-this/lets-encrypt"){ - - for( domain in toCreateDomains ){ - - def name = domain[ 1 ] - - def run = " run --rm certbot certonly"+ - " --webroot -w /var/www/certbot"+ - " --cert-name='"+name+"'"+ - " --non-interactive --agree-tos"+ - " --preferred-challenges http"+ - " --email kusartur@gmail.com" + - " -d "+name - - for( int indexSub = 2; indexSub < domain.size(); indexSub ++ ){ - def subDomain = domain[ indexSub ] - run = run + " -d "+subDomain+ "." + name - } - - sh( lets_encrypt+run ) - - } - } - } - -} - - pipeline { - agent any - stages { stage('Make https cert for my domains') { steps { - script{ - def repo_name ="proxy-nginx" - createCert( domainsToCert, repo_name ) - } + script { + + createCert(domainsToCert) + } } - } + } } - -} - -/* -docker top || docker run --name - */ +} \ No newline at end of file