arti24
/
proxy-nginx
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
proxy-nginx/deploy-this/lets-encrypt/lets-encrypt-create-cert.je...

155 lines
5.0 KiB
Plaintext
Executable File
Raw Blame History

def domainsToCert = [
[ false, 'bodypainter.eu', "www", "mail", "stat"],
[ false, 'themself.eu', "www", "mail", "stat", "massage", "driving", "kopama" ],
[ false, "artiks.tk", "www", "mail", "api", "angular", "bodypainter", "themself","arti24"],
[ false, "arti24.eu", "www", "api", "angular", "ai", "job-finder", "zaklik"]
// [ false, 'artikus.dynu.net', "mail", "stat", "www", "nextcloud" ]
]
def createCert(domains, repo) {
echo "Server ENV = ${SERVER_ENV}"
echo "Cerbot image = ${CERTBOT_IMAGE}"
def toCreateDomains = []
for (domain in domains) {
def force = domain[0]
def name = domain[1]
def fileName = '/_docker_data_/letsencrypt/live/' + name + '/cert.pem'
// Get current domains from certificate if it exists
def currentDomains = []
if (fileExists(fileName)) {
def certInfo = sh(script: "openssl x509 -in ${fileName} -text -noout | grep -o 'DNS:[^,]*' | sed 's/DNS://g'", returnStdout: true).trim()
currentDomains = certInfo.split('\n').collect { it.trim() }
}
// Prepare expected domains
def expectedDomains = [name]
for (int i = 2; i < domain.size(); i++) {
expectedDomains.add(domain[i] + "." + name)
}
// Check if we need to create/renew
def needsRenewal = force ||
!fileExists(fileName) ||
currentDomains.size() != expectedDomains.size() ||
!currentDomains.containsAll(expectedDomains)
if (needsRenewal) {
echo "Certificate for '${name}' needs renewal (force: ${force}, missing domains: ${expectedDomains - currentDomains})"
toCreateDomains.add(domain)
} else {
echo "Certificate for '${name}' is up to date with all domains"
}
}
echo "Certificates to create/renew: ${toCreateDomains.collect { it[1] }}"
if (toCreateDomains.isEmpty()) {
echo "All certificates are up to date. Nothing to create/renew."
} else {
def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env "
dir("/_programs_/" + repo + "/deploy-this/lets-encrypt") {
for (domain in toCreateDomains) {
def name = domain[1]
def run = " run --rm certbot certonly" +
" --webroot -w /var/www/certbot" +
" --cert-name='" + name + "'" +
" --non-interactive --agree-tos" +
" --preferred-challenges http" +
" --email kusartur@gmail.com" +
" -d " + name
for (int indexSub = 2; indexSub < domain.size(); indexSub++) {
def subDomain = domain[indexSub]
run = run + " -d " + subDomain + "." + name
}
sh(lets_encrypt + run)
}
}
}
}
def createCertOld(domains, repo){
echo "Server ENV = ${SERVER_ENV}"
echo "Cerbot image = ${CERTBOT_IMAGE} "
def toCreateDomains =[]
for( domain in domains ){
def force = domain[ 0 ]
def name = domain[ 1 ]
def fileName = '/_docker_data_/letsencrypt/live/'+name
if( !force && fileExists( fileName ) ){
echo "The file('${fileName}') certificate for '${domain}(main:${name})' exists! You should renew it"
}else{
echo "File '${fileName}' not exists! or ${force} so create certificate for '${name}'"
toCreateDomains.add( domain )
}
}
echo "Certificate to create "+toCreateDomains
if( 0 == toCreateDomains.size() ){
echo "All certificate should be refreshed! Nothing to create."
}else{
def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env "
dir("/_programs_/"+repo+"/deploy-this/lets-encrypt"){
for( domain in toCreateDomains ){
def name = domain[ 1 ]
def run = " run --rm certbot certonly"+
" --webroot -w /var/www/certbot"+
" --cert-name='"+name+"'"+
" --non-interactive --agree-tos"+
" --preferred-challenges http"+
" --email kusartur@gmail.com" +
" -d "+name
for( int indexSub = 2; indexSub < domain.size(); indexSub ++ ){
def subDomain = domain[ indexSub ]
run = run + " -d "+subDomain+ "." + name
}
sh( lets_encrypt+run )
}
}
}
}
pipeline {
agent any
stages {
stage('Make https cert for my domains') {
steps {
script{
def repo_name ="proxy-nginx"
createCert( domainsToCert, repo_name )
}
}
}
}
}
/*
docker top <name> || docker run --name <name> <image>
*/
Reference in New Issue View Git Blame Copy Permalink