mm/jupyterhub-deploy-docker
1
0
Fork 0
Code Pull Requests Releases Activity
95cef91b1a
jupyterhub-deploy-docker/examples/letsencrypt/letsencrypt.sh
Justin Tyberg 73163c76b9 Initial version. 
(c) Copyright IBM Corp. 2016
2016-04-14 15:17:14 -04:00

85 lines
2.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright (c) Jupyter Development Team.
# Distributed under the terms of the Modified BSD License.
# Wrapper script that runs https://letsencrypt.org Docker container to generate
# a certificate for a single domain and store it in a Docker volume.
set -e
USAGE="
Usage: `basename $0` --domain FQDN --email EMAIL --volume SECRETS_VOLUME
[--staging]
"
while [[ $# > 0 ]]
do
key="$1"
case $key in
--domain)
FQDN="$2"
shift # past argument
;;
--email)
EMAIL="$2"
shift # past argument
;;
--volume)
SECRETS_VOLUME="$2"
shift # past argument
;;
--staging)
CERT_SERVER=--staging
;;
*) # unknown option
;;
esac
shift # past argument or value
done
if [ -z "${FQDN:+x}" ]; then
echo "ERROR: Must provide --domain option or set FQDN environment varable"
echo "$USAGE" && exit 1
fi
if [ -z "${EMAIL:+x}" ]; then
echo "ERROR: Must provide --email option set EMAIL environment varable"
echo "$USAGE" && exit 1
fi
if [ -z "${SECRETS_VOLUME:+x}" ]; then
echo "ERROR: Must provide --volume option or set SECRETS_VOLUME environment varable"
echo "$USAGE" && exit 1
fi
# letsencrypt certificate server type (default is production).
# Set `CERT_SERVER=--staging` for staging.
: ${CERT_SERVER=''}
# Generate the cert and save it to the Docker volume
docker run --rm -it \
-p 80:80 \
-v $SECRETS_VOLUME:/etc/letsencrypt \
quay.io/letsencrypt/letsencrypt:latest \
certonly \
--non-interactive \
--keep-until-expiring \
--standalone \
--standalone-supported-challenges http-01 \
--agree-tos \
--force-renewal \
--domain "$FQDN" \
--email "$EMAIL" \
$CERT_SERVER
# Set permissions so nobody can read the cert and key.
# Also symlink the certs into the root of the /etc/letsencrypt
# directory so that the FQDN doesn't have to be known later.
docker run --rm -it \
-v $SECRETS_VOLUME:/etc/letsencrypt \
--entrypoint=/bin/bash \
quay.io/letsencrypt/letsencrypt:latest \
-c "find /etc/letsencrypt/* -maxdepth 1 -type l -delete && \
ln -s /etc/letsencrypt/live/$FQDN/* /etc/letsencrypt/ && \
find /etc/letsencrypt -type d -exec chmod 755 {} +"
View Git Blame Copy Permalink