245 lines
8.1 KiB
Plaintext
Executable File
245 lines
8.1 KiB
Plaintext
Executable File
def domainsToCert = [
|
|
|
|
[ false, 'bodypainter.eu', "www", "mail", "stat"],
|
|
[ false, 'themself.eu', "www", "mail", "stat", "massage", "driving", "kopama" ],
|
|
|
|
[ false, "artiks.tk", "www", "mail", "api", "angular", "bodypainter", "themself","arti24"],
|
|
[ false, "arti24.eu", "www", "api", "angular", "ai", "job-finder", "zaklik"]
|
|
// [ false, 'artikus.dynu.net', "mail", "stat", "www", "nextcloud" ]
|
|
]
|
|
|
|
|
|
def createCert(domains, repo) {
|
|
echo "Server ENV = ${SERVER_ENV}"
|
|
echo "Certbot image = ${CERTBOT_IMAGE}"
|
|
|
|
def toCreateDomains = []
|
|
|
|
for (domain in domains) {
|
|
def force = domain[0]
|
|
def name = domain[1]
|
|
def fileName = "/_docker_data_/letsencrypt/live/${name}/cert.pem"
|
|
|
|
def currentDomains = []
|
|
def daysLeft = null
|
|
|
|
// Pobierz dane z istniejącego certyfikatu, jeśli jest
|
|
if (fileExists(fileName)) {
|
|
def certInfo = sh(
|
|
script: "openssl x509 -in ${fileName} -text -noout | grep -o 'DNS:[^,]*' | sed 's/DNS://g'",
|
|
returnStdout: true
|
|
).trim()
|
|
|
|
if (certInfo) {
|
|
currentDomains = certInfo.split('\n').collect { it.trim() }
|
|
}
|
|
|
|
// Oblicz ile dni zostało do wygaśnięcia
|
|
def expiryUnix = sh(
|
|
script: "openssl x509 -enddate -noout -in ${fileName} | cut -d= -f2 | xargs -I{} date -d {} +%s",
|
|
returnStdout: true
|
|
).trim()
|
|
|
|
if (expiryUnix.isNumber()) {
|
|
def nowUnix = sh(script: "date +%s", returnStdout: true).trim().toLong()
|
|
daysLeft = (expiryUnix.toLong() - nowUnix) / (60 * 60 * 24)
|
|
}
|
|
}
|
|
|
|
// Lista oczekiwanych domen
|
|
def expectedDomains = [name]
|
|
for (int i = 2; i < domain.size(); i++) {
|
|
expectedDomains.add("${domain[i]}.${name}")
|
|
}
|
|
|
|
// Czy trzeba odnowić certyfikat?
|
|
def needsRenewal = force ||
|
|
!fileExists(fileName) ||
|
|
currentDomains.size() != expectedDomains.size() ||
|
|
!currentDomains.containsAll(expectedDomains) ||
|
|
(daysLeft != null && daysLeft < 30)
|
|
|
|
if (needsRenewal) {
|
|
echo "Certificate for '${name}' needs renewal (force: ${force}, missing domains: ${expectedDomains - currentDomains}, expires in: ${daysLeft ?: 'unknown'} days)"
|
|
toCreateDomains.add(domain)
|
|
} else {
|
|
echo "Certificate for '${name}' is OK (expires in ${daysLeft} days)"
|
|
}
|
|
}
|
|
|
|
echo "Certificates to create/renew: ${toCreateDomains.collect { it[1] }}"
|
|
|
|
if (toCreateDomains.isEmpty()) {
|
|
echo "All certificates are up to date. Nothing to create/renew."
|
|
return
|
|
}
|
|
|
|
def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env "
|
|
|
|
dir("/_programs_/${repo}/deploy-this/lets-encrypt") {
|
|
for (domain in toCreateDomains) {
|
|
def name = domain[1]
|
|
|
|
def run = " run --rm certbot certonly" +
|
|
" --webroot -w /var/www/certbot" +
|
|
" --cert-name='${name}'" +
|
|
" --non-interactive --agree-tos" +
|
|
" --preferred-challenges http" +
|
|
" --email ${env.LETSENCRYPT_EMAIL ?: 'kusartur@gmail.com'}" +
|
|
" -d ${name}"
|
|
|
|
for (int i = 2; i < domain.size(); i++) {
|
|
run += " -d ${domain[i]}.${name}"
|
|
}
|
|
|
|
sh(lets_encrypt + run)
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
def createCertOld(domains, repo) {
|
|
echo "Server ENV = ${SERVER_ENV}"
|
|
echo "Cerbot image = ${CERTBOT_IMAGE}"
|
|
|
|
def toCreateDomains = []
|
|
|
|
for (domain in domains) {
|
|
def force = domain[0]
|
|
def name = domain[1]
|
|
def fileName = '/_docker_data_/letsencrypt/live/' + name + '/cert.pem'
|
|
|
|
// Get current domains from certificate if it exists
|
|
def currentDomains = []
|
|
if (fileExists(fileName)) {
|
|
def certInfo = sh(script: "openssl x509 -in ${fileName} -text -noout | grep -o 'DNS:[^,]*' | sed 's/DNS://g'", returnStdout: true).trim()
|
|
currentDomains = certInfo.split('\n').collect { it.trim() }
|
|
}
|
|
|
|
// Prepare expected domains
|
|
def expectedDomains = [name]
|
|
for (int i = 2; i < domain.size(); i++) {
|
|
expectedDomains.add(domain[i] + "." + name)
|
|
}
|
|
|
|
// Check if we need to create/renew
|
|
def needsRenewal = force ||
|
|
!fileExists(fileName) ||
|
|
currentDomains.size() != expectedDomains.size() ||
|
|
!currentDomains.containsAll(expectedDomains)
|
|
|
|
if (needsRenewal) {
|
|
echo "Certificate for '${name}' needs renewal (force: ${force}, missing domains: ${expectedDomains - currentDomains})"
|
|
toCreateDomains.add(domain)
|
|
} else {
|
|
echo "Certificate for '${name}' is up to date with all domains"
|
|
}
|
|
}
|
|
|
|
echo "Certificates to create/renew: ${toCreateDomains.collect { it[1] }}"
|
|
|
|
if (toCreateDomains.isEmpty()) {
|
|
echo "All certificates are up to date. Nothing to create/renew."
|
|
} else {
|
|
def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env "
|
|
|
|
dir("/_programs_/" + repo + "/deploy-this/lets-encrypt") {
|
|
for (domain in toCreateDomains) {
|
|
def name = domain[1]
|
|
|
|
def run = " run --rm certbot certonly" +
|
|
" --webroot -w /var/www/certbot" +
|
|
" --cert-name='" + name + "'" +
|
|
" --non-interactive --agree-tos" +
|
|
" --preferred-challenges http" +
|
|
" --email kusartur@gmail.com" +
|
|
" -d " + name
|
|
|
|
for (int indexSub = 2; indexSub < domain.size(); indexSub++) {
|
|
def subDomain = domain[indexSub]
|
|
run = run + " -d " + subDomain + "." + name
|
|
}
|
|
|
|
sh(lets_encrypt + run)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
def createCertOlder(domains, repo){
|
|
|
|
echo "Server ENV = ${SERVER_ENV}"
|
|
echo "Cerbot image = ${CERTBOT_IMAGE} "
|
|
|
|
|
|
|
|
def toCreateDomains =[]
|
|
|
|
for( domain in domains ){
|
|
def force = domain[ 0 ]
|
|
def name = domain[ 1 ]
|
|
def fileName = '/_docker_data_/letsencrypt/live/'+name
|
|
if( !force && fileExists( fileName ) ){
|
|
echo "The file('${fileName}') certificate for '${domain}(main:${name})' exists! You should renew it"
|
|
}else{
|
|
echo "File '${fileName}' not exists! or ${force} so create certificate for '${name}'"
|
|
toCreateDomains.add( domain )
|
|
}
|
|
}
|
|
|
|
echo "Certificate to create "+toCreateDomains
|
|
if( 0 == toCreateDomains.size() ){
|
|
echo "All certificate should be refreshed! Nothing to create."
|
|
}else{
|
|
|
|
def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env "
|
|
|
|
dir("/_programs_/"+repo+"/deploy-this/lets-encrypt"){
|
|
|
|
for( domain in toCreateDomains ){
|
|
|
|
def name = domain[ 1 ]
|
|
|
|
def run = " run --rm certbot certonly"+
|
|
" --webroot -w /var/www/certbot"+
|
|
" --cert-name='"+name+"'"+
|
|
" --non-interactive --agree-tos"+
|
|
" --preferred-challenges http"+
|
|
" --email kusartur@gmail.com" +
|
|
" -d "+name
|
|
|
|
for( int indexSub = 2; indexSub < domain.size(); indexSub ++ ){
|
|
def subDomain = domain[ indexSub ]
|
|
run = run + " -d "+subDomain+ "." + name
|
|
}
|
|
|
|
sh( lets_encrypt+run )
|
|
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
|
|
pipeline {
|
|
|
|
agent any
|
|
|
|
stages {
|
|
stage('Make https cert for my domains') {
|
|
steps {
|
|
script{
|
|
def repo_name ="proxy-nginx"
|
|
createCert( domainsToCert, repo_name )
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
/*
|
|
docker top <name> || docker run --name <name> <image>
|
|
*/
|