103 lines
4.2 KiB
Makefile
103 lines
4.2 KiB
Makefile
ENV_VARS += DOCKER_HOST_IFACE DOCKER_HOST_INET4 DOCKER_INTERNAL_DOCKER_HOST
|
|
MAKECMDARGS += host-exec stack-host-exec host-exec:% host-exec@% host-run host-run:% host-run@%
|
|
SETUP_LETSENCRYPT ?=
|
|
host ?= host/consul host/fabio host/registrator
|
|
|
|
# target bootstrap-stack-host: Fire host-certbot host-ssl-certs
|
|
.PHONY: bootstrap-stack-host
|
|
bootstrap-stack-host: $(if $(SETUP_CERTBOT),host-certbot) host-ssl-certs
|
|
|
|
# target host: Fire stack-host-up
|
|
.PHONY: host
|
|
host: stack-host-up
|
|
|
|
# target host-%; Fire target stack-host-%
|
|
.PHONY: host-%
|
|
host-%: stack-host-%;
|
|
|
|
# target host-ssl-certs: Create invalid ${DOMAIN} certificate files with openssl
|
|
.PHONY: host-ssl-certs
|
|
host-ssl-certs:
|
|
$(RUN) docker run --rm \
|
|
-e DOMAIN='$(DOMAIN)' \
|
|
--mount source=$(HOST_DOCKER_VOLUME),target=/host \
|
|
alpine sh -c "mkdir -p /host/htpasswd && chmod 700 /host/htpasswd \
|
|
; mkdir -p /host/certs && chmod 0700 /host/certs \
|
|
; [ -f /host/htpasswd/default.htpasswd ] \
|
|
|| echo "${HOSTNAME}:{PLAIN}$(shell head -c 15 /dev/random |base64)" > /host/htpasswd/default.htpasswd \
|
|
; apk --no-cache add openssl \
|
|
; for domain in ${DOMAIN}; do \
|
|
[ -f /host/live/\$${domain}/privkey.pem ] \
|
|
&& openssl x509 -in /host/live/\$${domain}/fullchain.pem -noout -issuer 2>/dev/null |grep -iqv staging \
|
|
&& cp -L /host/live/\$${domain}/fullchain.pem /host/certs/\$${domain}-cert.pem \
|
|
&& cp -L /host/live/\$${domain}/privkey.pem /host/certs/\$${domain}-key.pem \
|
|
; if [ ! -f /host/certs/\$${domain}-key.pem ]; then \
|
|
openssl genrsa -out /host/certs/\$${domain}-key.pem 2048 \
|
|
&& openssl req -key /host/certs/\$${domain}-key.pem -out /host/certs/\$${domain}-cert.pem \
|
|
-addext extendedKeyUsage=serverAuth \
|
|
-addext subjectAltName=DNS:\$${domain},DNS:*.\$${domain} \
|
|
-subj \"/C=/ST=/L=/O=/CN=\$${domain}\" \
|
|
-x509 -days 365 \
|
|
; fi \
|
|
; done \
|
|
"
|
|
|
|
# target host-certbot: Create ${DOMAIN} certificate files with letsencrypt
|
|
.PHONY: host-certbot
|
|
host-certbot: host-docker-build-certbot
|
|
$(foreach domain,$(DOMAIN), \
|
|
$(RUN) docker run --rm \
|
|
-e DOMAIN=$(domain) \
|
|
--mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \
|
|
--mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
|
|
--network host \
|
|
$(HOST_DOCKER_REPOSITORY)/certbot \
|
|
--dns-standalone-address=0.0.0.0 \
|
|
--dns-standalone-port=53 \
|
|
--non-interactive --agree-tos --email hostmaster@$(domain) certonly \
|
|
--preferred-challenges dns --authenticator dns-standalone \
|
|
-d $(domain) \
|
|
-d *.$(domain) \
|
|
&& \
|
|
) true
|
|
|
|
# target host-certbot-certificates: List letsencrypt certificates
|
|
.PHONY: host-certbot-certificates
|
|
host-certbot-certificates: host-docker-build-certbot
|
|
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ $(HOST_DOCKER_REPOSITORY)/certbot certificates
|
|
|
|
# target host-certbot-renew: Renew letsencrypt certificates
|
|
.PHONY: host-certbot-renew
|
|
host-certbot-renew: host-docker-build-certbot
|
|
docker run --rm --mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ --network host $(HOST_DOCKER_REPOSITORY)/certbot renew
|
|
|
|
# target host-certbot-staging: Create staging ${DOMAIN} certificate files with letsencrypt
|
|
.PHONY: host-certbot-staging
|
|
host-certbot-staging: host-docker-build-certbot
|
|
$(foreach domain,$(DOMAIN), \
|
|
$(RUN) docker run --rm \
|
|
-e DOMAIN=$(domain) \
|
|
--mount source=$(HOST_DOCKER_VOLUME),target=/etc/letsencrypt/ \
|
|
--mount source=$(HOST_DOCKER_VOLUME),target=/var/log/letsencrypt/ \
|
|
--network host \
|
|
$(HOST_DOCKER_REPOSITORY)/certbot \
|
|
--dns-standalone-address=0.0.0.0 \
|
|
--dns-standalone-port=53 \
|
|
--non-interactive --agree-tos --email hostmaster@$(domain) certonly \
|
|
--preferred-challenges dns --authenticator dns-standalone \
|
|
--staging \
|
|
-d $(domain) \
|
|
-d *.$(domain) \
|
|
&& \
|
|
) true
|
|
|
|
# target host-docker-build-%: Build % docker
|
|
.PHONY: host-docker-build-%
|
|
host-docker-build-%:
|
|
$(call docker-build,docker/$*,$(HOST_DOCKER_REPOSITORY)/$*:$(DOCKER_IMAGE_TAG))
|
|
|
|
# target host-docker-rebuild-%: Rebuild % docker
|
|
.PHONY: host-docker-rebuild-%
|
|
host-docker-rebuild-%:
|
|
$(call make,host-docker-build-$* DOCKER_BUILD_CACHE=false)
|