Skip to content

Commit 814bde3

Browse files
Support multiple, comma-separated PROXY_ADDRESS values (#50)
1 parent 670e669 commit 814bde3

1 file changed

Lines changed: 79 additions & 76 deletions

File tree

renewAndSendToProxy.sh

Lines changed: 79 additions & 76 deletions
Original file line numberDiff line numberDiff line change
@@ -17,40 +17,42 @@ TIMEOUT=5
1717
printf "${GREEN}Hello! renewAndSendToProxy runs. Today is $(date)${NC}\n"
1818

1919
# send current certificates to proxy - after that do a certbot renew round (which could take some seconds) and send updated certificates to proxy (faster startup with https when old certificates are still valid)
20-
for d in /etc/letsencrypt/live/*/ ; do
21-
#move to directory
22-
cd $d
23-
24-
#get directory name (which is the name of the regular domain)
25-
folder=${PWD##*/}
26-
27-
#concat certificates
28-
printf "old certificates for $folder will be send to proxy\n"
29-
cat cert.pem chain.pem privkey.pem > $folder.combined.pem
30-
31-
#send to proxy, retry up to 5 times with a timeout of $TIMEOUT seconds
32-
33-
#reset tries to 0
34-
TRIES=0
35-
exitcode=0
36-
until [ $TRIES -ge $MAXRETRIES ]
37-
do
38-
TRIES=$[$TRIES+1]
39-
curl --silent --show-error -i -XPUT \
40-
--data-binary @$folder.combined.pem \
41-
"$PROXY_ADDRESS:8080/v1/docker-flow-proxy/cert?certName=$folder.combined.pem&distribute=true" > /var/log/dockeroutput.log && break
42-
exitcode=$?
43-
if [ $TRIES -eq $MAXRETRIES ]; then
44-
printf "old certificate: ${RED}transmit failed after ${TRIES} attempts.${NC}\n"
45-
else
46-
printf "old certificate: ${RED}transmit failed, we try again in ${TIMEOUT} seconds.${NC}\n"
47-
sleep $TIMEOUT
48-
fi
49-
done
50-
51-
if [ $exitcode -eq 0 ]; then
52-
printf "old certificates: proxy received $folder.combined.pem\n"
53-
fi
20+
echo $PROXY_ADDRESS | tr ',' '\n' | while read proxy_addr; do
21+
for d in /etc/letsencrypt/live/*/ ; do
22+
#move to directory
23+
cd $d
24+
25+
#get directory name (which is the name of the regular domain)
26+
folder=${PWD##*/}
27+
28+
#concat certificates
29+
printf "old certificates for $folder will be send to proxy\n"
30+
cat cert.pem chain.pem privkey.pem > $folder.combined.pem
31+
32+
#send to proxy, retry up to 5 times with a timeout of $TIMEOUT seconds
33+
34+
#reset tries to 0
35+
TRIES=0
36+
exitcode=0
37+
until [ $TRIES -ge $MAXRETRIES ]
38+
do
39+
TRIES=$[$TRIES+1]
40+
curl --silent --show-error -i -XPUT \
41+
--data-binary @$folder.combined.pem \
42+
"$proxy_addr:8080/v1/docker-flow-proxy/cert?certName=$folder.combined.pem&distribute=true" > /var/log/dockeroutput.log && break
43+
exitcode=$?
44+
if [ $TRIES -eq $MAXRETRIES ]; then
45+
printf "old certificate: ${RED}transmit failed after ${TRIES} attempts.${NC}\n"
46+
else
47+
printf "old certificate: ${RED}transmit failed, we try again in ${TIMEOUT} seconds.${NC}\n"
48+
sleep $TIMEOUT
49+
fi
50+
done
51+
52+
if [ $exitcode -eq 0 ]; then
53+
printf "old certificates: proxy received $folder.combined.pem\n"
54+
fi
55+
done
5456
done
5557

5658

@@ -60,48 +62,49 @@ done
6062
#--no-self-upgrade: revent the certbot-auto script from upgrading itself to newer released versions
6163
/root/certbot-auto renew --no-bootstrap --no-self-upgrade > /var/log/dockeroutput.log
6264

63-
printf "Docker Flow: Proxy DNS-Name: ${GREEN}$PROXY_ADDRESS${NC}\n";
64-
65-
for d in /etc/letsencrypt/live/*/ ; do
66-
#move to directory
67-
cd $d
68-
69-
#get directory name (which is the name of the regular domain)
70-
folder=${PWD##*/}
71-
printf "current folder name is: $folder\n"
72-
73-
#concat certificates
74-
printf "concat certificates for $folder\n"
75-
cat cert.pem chain.pem privkey.pem > $folder.combined.pem
76-
printf "${GREEN}generated $folder.combined.pem${NC}\n"
77-
78-
#send to proxy, retry up to 5 times with a timeout of $TIMEOUT seconds
79-
printf "${GREEN}transmit $folder.combined.pem to $PROXY_ADDRESS${NC}\n"
80-
81-
#reset tries to 0
82-
TRIES=0
83-
84-
exitcode=0
85-
until [ $TRIES -ge $MAXRETRIES ]
86-
do
87-
TRIES=$[$TRIES+1]
88-
curl --silent --show-error -i -XPUT \
89-
--data-binary @$folder.combined.pem \
90-
"$PROXY_ADDRESS:8080/v1/docker-flow-proxy/cert?certName=$folder.combined.pem&distribute=true" > /var/log/dockeroutput.log && break
91-
exitcode=$?
92-
93-
if [ $TRIES -eq $MAXRETRIES ]; then
94-
printf "${RED}transmit failed after ${TRIES} attempts.${NC}\n"
95-
else
96-
printf "${RED}transmit failed, we try again in ${TIMEOUT} seconds.${NC}\n"
97-
sleep $TIMEOUT
98-
fi
99-
done
100-
101-
if [ $exitcode -eq 0 ]; then
102-
printf "proxy received $folder.combined.pem\n"
103-
fi
104-
65+
echo $PROXY_ADDRESS | tr ',' '\n' | while read proxy_addr; do
66+
printf "Docker Flow: Proxy DNS-Name: ${GREEN}$proxy_addr${NC}\n";
67+
for d in /etc/letsencrypt/live/*/ ; do
68+
#move to directory
69+
cd $d
70+
71+
#get directory name (which is the name of the regular domain)
72+
folder=${PWD##*/}
73+
printf "current folder name is: $folder\n"
74+
75+
#concat certificates
76+
printf "concat certificates for $folder\n"
77+
cat cert.pem chain.pem privkey.pem > $folder.combined.pem
78+
printf "${GREEN}generated $folder.combined.pem${NC}\n"
79+
80+
#send to proxy, retry up to 5 times with a timeout of $TIMEOUT seconds
81+
printf "${GREEN}transmit $folder.combined.pem to $proxy_addr${NC}\n"
82+
83+
#reset tries to 0
84+
TRIES=0
85+
86+
exitcode=0
87+
until [ $TRIES -ge $MAXRETRIES ]
88+
do
89+
TRIES=$[$TRIES+1]
90+
curl --silent --show-error -i -XPUT \
91+
--data-binary @$folder.combined.pem \
92+
"$proxy_addr:8080/v1/docker-flow-proxy/cert?certName=$folder.combined.pem&distribute=true" > /var/log/dockeroutput.log && break
93+
exitcode=$?
94+
95+
if [ $TRIES -eq $MAXRETRIES ]; then
96+
printf "${RED}transmit failed after ${TRIES} attempts.${NC}\n"
97+
else
98+
printf "${RED}transmit failed, we try again in ${TIMEOUT} seconds.${NC}\n"
99+
sleep $TIMEOUT
100+
fi
101+
done
102+
103+
if [ $exitcode -eq 0 ]; then
104+
printf "proxy received $folder.combined.pem\n"
105+
fi
106+
107+
done
105108
done
106109

107110
printf "${RED}/etc/letsencrypt will be backed up as backup-date-time.tar.gz. It's important to know that some files are symbolic links (inside this backup) and they need to be untared correctly.${NC}\n"

0 commit comments

Comments
 (0)