arti24
/
proxy-nginx
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

changing to _sd_ for programs

This commit is contained in:
Artur Kuś 2025-09-08 14:07:53 +02:00
parent 946b00599c
commit 228e684f52
1 changed files with 37 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

213
deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile
View File

@ -1,32 +1,33 @@
def domainsToCert = [
[ false, 'kopama.com.pl', 'www'],
[ false, 'plecianki.pl'],
// Define common paths and variables
def baseCertPath = '/_docker_data_/letsencrypt/live'
def letsEncryptCommand = "docker compose --file lets-encrypt.yml --env-file lets.env"
def email = env.LETSENCRYPT_EMAIL ?: 'kusartur@gmail.com'
def workDir = "/_sd_/_programs_/proxy-nginx/deploy-this/lets-encrypt"
def domainsToCert = [
[ false, 'plecianki.pl'],
[ false, 'kopama.com.pl', 'www'],
[ false, 'bodypainter.eu', "www", "mail", "stat"],
[ false, 'themself.eu', "www", "mail", "stat", "massage", "driving", "kopama" ],
[ false, 'themself.eu', "www", "mail", "stat", "massage", "driving", "kopama" ],
[ false, "artiks.tk", "www", "mail", "api", "angular", "bodypainter", "themself","arti24"],
[ false, "arti24.eu", "www", "api", "angular", "ai", "job-finder", "zaklik"]
]
[ false, "artiks.tk", "www", "mail", "api", "angular", "bodypainter", "themself","arti24"],
[ false, "arti24.eu", "www", "api", "angular", "ai", "job-finder", "zaklik"]
// [ false, 'artikus.dynu.net', "mail", "stat", "www", "nextcloud" ]
]
def createCert(domains, repo) {
def createCert(domains) {
echo "Server ENV = ${SERVER_ENV}"
echo "Certbot image = ${CERTBOT_IMAGE}"
def toCreateDomains = []
for (domain in domains) {
def force = domain[0]
def name = domain[1]
def fileName = "/_docker_data_/letsencrypt/live/${name}/cert.pem"
def fileName = "${baseCertPath}/${name}/cert.pem"
def currentDomains = []
def daysLeft = null
// Pobierz dane z istniejącego certyfikatu, jeśli jest
// Get existing certificate data if exists
if (fileExists(fileName)) {
def certInfo = sh(
script: "openssl x509 -in ${fileName} -text -noout | grep -o 'DNS:[^,]*' | sed 's/DNS://g'",
@ -37,7 +38,7 @@ def createCert(domains, repo) {
currentDomains = certInfo.split('\n').collect { it.trim() }
}
// Oblicz ile dni zostało do wygaśnięcia
// Calculate days until expiration
def expiryUnix = sh(
script: "openssl x509 -enddate -noout -in ${fileName} | cut -d= -f2 | xargs -I{} date -d {} +%s",
returnStdout: true
@ -49,13 +50,10 @@ def createCert(domains, repo) {
}
}
// Lista oczekiwanych domen
def expectedDomains = [name]
for (int i = 2; i < domain.size(); i++) {
expectedDomains.add("${domain[i]}.${name}")
}
// Build expected domains list
def expectedDomains = [name] + domain[2..-1].collect { "${it}.${name}" }
// Czy trzeba odnowić certyfikat?
// Check if certificate needs renewal
def needsRenewal = force ||
!fileExists(fileName) ||
currentDomains.size() != expectedDomains.size() ||
@ -77,171 +75,34 @@ def createCert(domains, repo) {
return
}
def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env "
dir("/_programs_/${repo}/deploy-this/lets-encrypt") {
dir(workDir) {
for (domain in toCreateDomains) {
def name = domain[1]
def subDomains = domain[2..-1].collect { "-d ${it}.${name}" }.join(' ')
def run = " run --rm certbot certonly" +
" --webroot -w /var/www/certbot" +
" --cert-name='${name}'" +
" --non-interactive --agree-tos" +
" --preferred-challenges http" +
" --email ${env.LETSENCRYPT_EMAIL ?: 'kusartur@gmail.com'}" +
" -d ${name}"
for (int i = 2; i < domain.size(); i++) {
run += " -d ${domain[i]}.${name}"
}
sh(lets_encrypt + run)
sh """
${letsEncryptCommand} run --rm certbot certonly \
--webroot -w /var/www/certbot \
--cert-name='${name}' \
--non-interactive --agree-tos \
--preferred-challenges http \
--email ${email} \
-d ${name} ${subDomains}
"""
}
}
}
def createCertOld(domains, repo) {
echo "Server ENV = ${SERVER_ENV}"
echo "Cerbot image = ${CERTBOT_IMAGE}"
def toCreateDomains = []
for (domain in domains) {
def force = domain[0]
def name = domain[1]
def fileName = '/_docker_data_/letsencrypt/live/' + name + '/cert.pem'
// Get current domains from certificate if it exists
def currentDomains = []
if (fileExists(fileName)) {
def certInfo = sh(script: "openssl x509 -in ${fileName} -text -noout | grep -o 'DNS:[^,]*' | sed 's/DNS://g'", returnStdout: true).trim()
currentDomains = certInfo.split('\n').collect { it.trim() }
}
// Prepare expected domains
def expectedDomains = [name]
for (int i = 2; i < domain.size(); i++) {
expectedDomains.add(domain[i] + "." + name)
}
// Check if we need to create/renew
def needsRenewal = force ||
!fileExists(fileName) ||
currentDomains.size() != expectedDomains.size() ||
!currentDomains.containsAll(expectedDomains)
if (needsRenewal) {
echo "Certificate for '${name}' needs renewal (force: ${force}, missing domains: ${expectedDomains - currentDomains})"
toCreateDomains.add(domain)
} else {
echo "Certificate for '${name}' is up to date with all domains"
}
}
echo "Certificates to create/renew: ${toCreateDomains.collect { it[1] }}"
if (toCreateDomains.isEmpty()) {
echo "All certificates are up to date. Nothing to create/renew."
} else {
def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env "
dir("/_programs_/" + repo + "/deploy-this/lets-encrypt") {
for (domain in toCreateDomains) {
def name = domain[1]
def run = " run --rm certbot certonly" +
" --webroot -w /var/www/certbot" +
" --cert-name='" + name + "'" +
" --non-interactive --agree-tos" +
" --preferred-challenges http" +
" --email kusartur@gmail.com" +
" -d " + name
for (int indexSub = 2; indexSub < domain.size(); indexSub++) {
def subDomain = domain[indexSub]
run = run + " -d " + subDomain + "." + name
}
sh(lets_encrypt + run)
}
}
}
}
def createCertOlder(domains, repo){
echo "Server ENV = ${SERVER_ENV}"
echo "Cerbot image = ${CERTBOT_IMAGE} "
def toCreateDomains =[]
for( domain in domains ){
def force = domain[ 0 ]
def name = domain[ 1 ]
def fileName = '/_docker_data_/letsencrypt/live/'+name
if( !force && fileExists( fileName ) ){
echo "The file('${fileName}') certificate for '${domain}(main:${name})' exists! You should renew it"
}else{
echo "File '${fileName}' not exists! or ${force} so create certificate for '${name}'"
toCreateDomains.add( domain )
}
}
echo "Certificate to create "+toCreateDomains
if( 0 == toCreateDomains.size() ){
echo "All certificate should be refreshed! Nothing to create."
}else{
def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env "
dir("/_programs_/"+repo+"/deploy-this/lets-encrypt"){
for( domain in toCreateDomains ){
def name = domain[ 1 ]
def run = " run --rm certbot certonly"+
" --webroot -w /var/www/certbot"+
" --cert-name='"+name+"'"+
" --non-interactive --agree-tos"+
" --preferred-challenges http"+
" --email kusartur@gmail.com" +
" -d "+name
for( int indexSub = 2; indexSub < domain.size(); indexSub ++ ){
def subDomain = domain[ indexSub ]
run = run + " -d "+subDomain+ "." + name
}
sh( lets_encrypt+run )
}
}
}
}
pipeline {
agent any
stages {
stage('Make https cert for my domains') {
steps {
script{
def repo_name ="proxy-nginx"
createCert( domainsToCert, repo_name )
}
script {
createCert(domainsToCert)
}
}
}
}
}
}
/*
docker top <name> || docker run --name <name> <image>
*/
}