From 58ede5f1b67fd8c7eb9fe8e70a4c3528df8a3dd8 Mon Sep 17 00:00:00 2001 From: MrMeeb Date: Mon, 17 Jul 2023 17:19:30 +0000 Subject: [PATCH 1/2] fix build issues due to cython 3.0.0 release --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 3116ad7..945cd44 100644 --- a/Dockerfile +++ b/Dockerfile @@ -55,7 +55,10 @@ ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2 S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 S6_VERBOSI RUN python3 -m venv /app/certbot/ && /app/certbot/bin/pip install --upgrade pip #Get required packages for building, build, then cleanup +#Added additional pip steps to fix cython 3.0.0 issue - https://github.com/yaml/pyyaml/issues/601 RUN apk add --no-cache --virtual .deps gcc python3-dev libc-dev libffi-dev && \ + /app/certbot/bin/pip install wheel && \ + /app/certbot/bin/pip install "Cython<3.0" pyyaml --no-build-isolation && \ /app/certbot/bin/pip install certbot certbot-dns-cloudflare && \ ln -s /app/certbot/bin/certbot /usr/bin/certbot &&\ apk del .deps From c16e730a19ea73c5140efd2c0cdc000ac7469d3f Mon Sep 17 00:00:00 2001 From: MrMeeb Date: Mon, 17 Jul 2023 17:49:02 +0000 Subject: [PATCH 2/2] add ONE_SHOT so container exits after run --- Dockerfile | 2 ++ README.md | 1 + root/certbot-prepare.sh | 18 ++++++++++++++---- root/check-one-shot.sh | 9 +++++++++ root/container-init.sh | 1 + .../dependencies.d/base} | 0 .../dependencies.d/certbot-prepare | 0 .../etc/s6-overlay/s6-rc.d/check-one-shot/type | 1 + root/etc/s6-overlay/s6-rc.d/check-one-shot/up | 1 + .../s6-rc.d/cron/dependencies.d/check-one-shot | 0 10 files changed, 29 insertions(+), 4 deletions(-) create mode 100644 root/check-one-shot.sh rename root/etc/s6-overlay/s6-rc.d/{cron/dependencies.d/certbot-prepare => check-one-shot/dependencies.d/base} (100%) create mode 100644 root/etc/s6-overlay/s6-rc.d/check-one-shot/dependencies.d/certbot-prepare create mode 100644 root/etc/s6-overlay/s6-rc.d/check-one-shot/type create mode 100644 root/etc/s6-overlay/s6-rc.d/check-one-shot/up create mode 100644 root/etc/s6-overlay/s6-rc.d/cron/dependencies.d/check-one-shot diff --git a/Dockerfile b/Dockerfile index 945cd44..865be2f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,7 @@ ENV PGID=1000 ENV TZ=UTC ENV GENERATE_DHPARAM=true ENV INTERVAL="0 */6 * * *" +ENV ONE_SHOT=false # Single domain ENV DOMAINS= @@ -68,6 +69,7 @@ COPY root / RUN chmod +x /container-init.sh && \ chmod +x /certbot-prepare.sh && \ chmod +x /certbot-renew.sh && \ + chmod +x /check-one-shot.sh && \ chown -R ${PUID}:${PGID} /app /config ENTRYPOINT [ "/init" ] diff --git a/README.md b/README.md index 3c5655b..99208ac 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,7 @@ Core options to the container |PUID |int |1000 |Sets the UID of the user certbot runs under | |PGID |int |1000 |Sets the GID of the user certbot runs under | |TZ |[List of valid TZs](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List) |UTC |Sets the timezone of the container | +| ONE_SHOT | false | Whether container exits after first run of certbot, or starts cron-based auto-renewal | | GENERATE_DHPARAM | true (case-sensitive) | Generate Diffie-Hellman keys in /config/letsencrypt/keys | | INTERVAL | 0 */6 * * * | How often certbot attempts to renew the certificate. Cron syntax | | CERT_COUNT | 1 | How many certificates certbot will try to issue (more than 1 not yet implemented) | diff --git a/root/certbot-prepare.sh b/root/certbot-prepare.sh index ea8fe6c..950a130 100644 --- a/root/certbot-prepare.sh +++ b/root/certbot-prepare.sh @@ -761,9 +761,19 @@ then openssl dhparam -out /config/letsencrypt/keys/ssl-dhparams.pem 4096 fi -echo "$INTERVAL /certbot-renew.sh >> /config/logs/renew.log" > /config/.crontab.txt +if [ $ONE_SHOT == "true" ]; then -echo "" + echo "" -echo "Starting automatic renewal job. Schedule is $INTERVAL" -crontab /config/.crontab.txt \ No newline at end of file + echo "ONE_SHOT is true - exiting container" + +elif [ $ONE_SHOT == "false" ]; then + + echo "$INTERVAL /certbot-renew.sh >> /config/logs/renew.log" > /config/.crontab.txt + + echo "" + + echo "Starting automatic renewal job. Schedule is $INTERVAL" + crontab /config/.crontab.txt + +fi \ No newline at end of file diff --git a/root/check-one-shot.sh b/root/check-one-shot.sh new file mode 100644 index 0000000..1808062 --- /dev/null +++ b/root/check-one-shot.sh @@ -0,0 +1,9 @@ +#!/command/with-contenv bash +# shellcheck shell=bash + +if [ $ONE_SHOT == "true" ]; then + + # Cleanly kill container by sending kill signal to supervisor process + kill 1 + +fi \ No newline at end of file diff --git a/root/container-init.sh b/root/container-init.sh index 10683bb..87406fa 100644 --- a/root/container-init.sh +++ b/root/container-init.sh @@ -28,6 +28,7 @@ echo \ "PUID=${PUID} PGID=${PGID} TZ=${TZ} +ONE_SHOT=${ONE_SHOT} INTERVAL=${INTERVAL} GENERATE_DHPARAM=${GENERATE_DHPARAM} CERT_COUNT=${CERT_COUNT}" diff --git a/root/etc/s6-overlay/s6-rc.d/cron/dependencies.d/certbot-prepare b/root/etc/s6-overlay/s6-rc.d/check-one-shot/dependencies.d/base similarity index 100% rename from root/etc/s6-overlay/s6-rc.d/cron/dependencies.d/certbot-prepare rename to root/etc/s6-overlay/s6-rc.d/check-one-shot/dependencies.d/base diff --git a/root/etc/s6-overlay/s6-rc.d/check-one-shot/dependencies.d/certbot-prepare b/root/etc/s6-overlay/s6-rc.d/check-one-shot/dependencies.d/certbot-prepare new file mode 100644 index 0000000..e69de29 diff --git a/root/etc/s6-overlay/s6-rc.d/check-one-shot/type b/root/etc/s6-overlay/s6-rc.d/check-one-shot/type new file mode 100644 index 0000000..3d92b15 --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/check-one-shot/type @@ -0,0 +1 @@ +oneshot \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/check-one-shot/up b/root/etc/s6-overlay/s6-rc.d/check-one-shot/up new file mode 100644 index 0000000..310d23b --- /dev/null +++ b/root/etc/s6-overlay/s6-rc.d/check-one-shot/up @@ -0,0 +1 @@ +exec /check-one-shot.sh \ No newline at end of file diff --git a/root/etc/s6-overlay/s6-rc.d/cron/dependencies.d/check-one-shot b/root/etc/s6-overlay/s6-rc.d/cron/dependencies.d/check-one-shot new file mode 100644 index 0000000..e69de29