From 846e4fbc4330bcfbdd18ccd0c0b7be0b011d8e3c Mon Sep 17 00:00:00 2001 From: Artur Date: Fri, 4 Oct 2024 16:50:25 +0200 Subject: [PATCH] Create https certificates --- deploy-this/lets-encrypt/all-domains.conf | 18 ++++ .../lets-encrypt-create-cert.jenkinsfile | 82 +++++++++++++++++++ .../lets-encrypt/lets-encrypt-multi-domain.sh | 10 +++ .../lets-encrypt-renew.jenkinsfile | 15 ++++ deploy-this/lets-encrypt/lets-encrypt.yml | 8 ++ deploy-this/lets-encrypt/lets.env | 7 ++ 6 files changed, 140 insertions(+) create mode 100644 deploy-this/lets-encrypt/all-domains.conf create mode 100755 deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile create mode 100755 deploy-this/lets-encrypt/lets-encrypt-multi-domain.sh create mode 100755 deploy-this/lets-encrypt/lets-encrypt-renew.jenkinsfile create mode 100644 deploy-this/lets-encrypt/lets-encrypt.yml create mode 100644 deploy-this/lets-encrypt/lets.env diff --git a/deploy-this/lets-encrypt/all-domains.conf b/deploy-this/lets-encrypt/all-domains.conf new file mode 100644 index 0000000..616fe7a --- /dev/null +++ b/deploy-this/lets-encrypt/all-domains.conf @@ -0,0 +1,18 @@ +server { + listen 80 ; + + server_tokens off; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + + location / { + + proxy_pass http://work:8091; + + return 301 https://$host$request_uri; + } + +} diff --git a/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile b/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile new file mode 100755 index 0000000..85cb2b6 --- /dev/null +++ b/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile @@ -0,0 +1,82 @@ +def domainsToCert = [ + + // [ false, 'bodypainter.eu', "mail", "stat", "www" ] + + [ false, 'artikus.dynu.net', "mail", "stat", "www", "nextcloud" ] +] + +def createCert(domains, repo){ + + echo "Server ENV = ${SERVER_ENV}" + echo "Cerbot image = ${CERTBOT_IMAGE} " + + + def toCreateDomains =[] + + for( domain in domains ){ + def force = domain[ 0 ] + def name = domain[ 1 ] + def fileName = '/_docker_data_/letsencrypt/live/'+name + if( !force && fileExists( fileName ) ){ + echo "The file('${fileName}') certificate for '${domain}(main:${name})' exists! You should renew it" + }else{ + echo "File '${fileName}' not exists! or ${force} so create certificate for '${name}'" + toCreateDomains.add( domain ) + } + } + + echo "Certificate to create "+toCreateDomains + if( 0 == toCreateDomains.size() ){ + echo "All certificate should be refreshed! Nothing to create." + }else{ + + def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env " + + dir("/_programs_/"+repo+"/lets-encrypt"){ + + for( domain in toCreateDomains ){ + + def name = domain[ 1 ] + + def run = " run --rm certbot certonly"+ + " --webroot -w /var/www/certbot"+ + " --cert-name='"+name+"'"+ + " --non-interactive --agree-tos"+ + " --preferred-challenges http"+ + " --email kusartur@gmail.com" + + " -d "+name + + for( int indexSub = 2; indexSub < domain.size(); indexSub ++ ){ + def subDomain = domain[ indexSub ] + run = run + " -d "+subDomain+ "." + name + } + + sh( lets_encrypt+run ) + + } + } + } + +} + + +pipeline { + + agent any + + stages { + stage('Make https cert for my domains') { + steps { + script{ + def repo_name ="zaklik-by-spring-boot" + createCert( domainsToCert, repo_name ) + } + } + } + } + +} + +/* +docker top || docker run --name + */ diff --git a/deploy-this/lets-encrypt/lets-encrypt-multi-domain.sh b/deploy-this/lets-encrypt/lets-encrypt-multi-domain.sh new file mode 100755 index 0000000..74a4da9 --- /dev/null +++ b/deploy-this/lets-encrypt/lets-encrypt-multi-domain.sh @@ -0,0 +1,10 @@ +docker compose --profile lets-encrypt \ + --file 2.jenkins-with-docker-compose.yml --env-file for-lets-encrypt-docker.env \ + run --rm certbot certonly \ + --webroot -w /var/www/certbot \ + --cert-name="artikus.dynu.net" \ + --preferred-challenges http \ + -d artikus.dynu.net -d arti24.eu -d artikus.tk -d springing.tk -d artikusapi.tk \ + --email kusartur@gmail.com + + diff --git a/deploy-this/lets-encrypt/lets-encrypt-renew.jenkinsfile b/deploy-this/lets-encrypt/lets-encrypt-renew.jenkinsfile new file mode 100755 index 0000000..8b94521 --- /dev/null +++ b/deploy-this/lets-encrypt/lets-encrypt-renew.jenkinsfile @@ -0,0 +1,15 @@ +pipeline { + + agent any + + stages { + stage('Make https cert for my domains') { + + steps { + dir("/_programs_/zaklik-by-spring-boot/lets-encrypt"){ + sh "docker compose --file lets-encrypt.yml --env-file lets.env run --rm certbot renew" + } + } + } + } +} \ No newline at end of file diff --git a/deploy-this/lets-encrypt/lets-encrypt.yml b/deploy-this/lets-encrypt/lets-encrypt.yml new file mode 100644 index 0000000..7a11cc2 --- /dev/null +++ b/deploy-this/lets-encrypt/lets-encrypt.yml @@ -0,0 +1,8 @@ +services: + + certbot: + image: ${CERTBOT_IMAGE} + container_name: certbot + volumes: + - ${DOCKER_DATA}/letsencrypt:/etc/letsencrypt:rw + - ${DOCKER_DATA}/letsencrypt-tmp:/var/www/certbot/:rw diff --git a/deploy-this/lets-encrypt/lets.env b/deploy-this/lets-encrypt/lets.env new file mode 100644 index 0000000..65da861 --- /dev/null +++ b/deploy-this/lets-encrypt/lets.env @@ -0,0 +1,7 @@ +INFO=Version 1_ +IMPORTANT_DATA=/home/artur/_important_data_ +DOCKER_DATA=/home/artur/_important_data_/_docker_data_ +JAVA_FOR_CV=openjdk:11 +MONGO_DB_PLATFORM=mongo +NGINX_CONF=/home/artur/_important_data_/_start_system_on_docker_/nginx/conf/for-lets-encrypt +