Commit 8d5da190 authored by rg's avatar rg

- Ajout du MAPS_TOKEN pour permettre aux frontaux de télecharger la map.

parent 4bb54559
.env
loadbalancer/etc/nginx/ssl
loadbalancer/etc/letsencrypt
loadbalancer/var
......@@ -12,10 +12,12 @@ services:
- BALANCER_IPLIST=${BALANCER_IPLIST:-127.0.0.1}
- SSL=${SSL:-letsencrypt}
- SSL_LETSENCRYPTMAIL=${SSL_LETSENCRYPTMAIL:-root@$DOMAIN}
- MAPS_TOKEN=${MAPS_TOKEN:--}
ports:
- "${HTTP_PORT:-80}:80"
- "${HTTPS_PORT:-443}:443"
volumes:
- ./loadbalancer/home/maps:/home/maps
- ./loadbalancer/etc/nginx/sites-enabled/.templates:/etc/nginx/sites-enabled/.templates
- ./loadbalancer/etc/nginx/ssl:/etc/nginx/ssl
- ./loadbalancer/etc/letsencrypt:/etc/letsencrypt
......
......@@ -12,7 +12,7 @@ RUN apt-get update && \
apt-get -y install python-certbot-nginx; \
apt-get -y install munin logrotate
RUN mkdir -p /home/www/letsencrypt;
RUN mkdir -p /home/www/letsencrypt /home/maps;
ARG BALANCER_IPLIST
......@@ -27,9 +27,12 @@ ENV SSL_LETSENCRYPTMAIL=$SSL_LETSENCRYPTMAIL
ARG SSL=${SSL:-false}
ENV SSL=$SSL
ARG MAPS_TOKEN
ENV MAPS_TOKEN=${MAPS_TOKEN:--}
ARG INIT=/tmp/init.sh
RUN echo 'DOMAIN=$1; shift; SSL=$1; shift; SSL_LETSENCRYPTMAIL=$1; shift;' >>$INIT; \
RUN echo 'DOMAIN=$1; shift; SSL=$1; shift; SSL_LETSENCRYPTMAIL=$1; shift; MAPS_TOKEN=$1; shift;' >>$INIT; \
echo 'i=0;' >>$INIT; \
echo 'echo "" >/tmp/conf;' >>$INIT; \
echo 'for IP in $@; do' >>$INIT; \
......@@ -44,20 +47,23 @@ RUN echo 'DOMAIN=$1; shift; SSL=$1; shift; SSL_LETSENCRYPTMAIL=$1; shift;' >>$IN
echo ' FULLCHAIN="/etc/nginx/ssl/fullchain.pem"' >>$INIT; \
echo ' PRIVKEY="/etc/nginx/ssl/privkey.pem"' >>$INIT; \
echo ' if [ "$SSL" = "letsencrypt" ]; then' >>$INIT; \
echo ' [ ! -d /etc/letsencrypt/live/$DOMAIN ] && mkdir -p /etc/letsencrypt/live/$DOMAIN && FIRST_INIT="true" && openssl req -x509 -nodes -newkey rsa:1024 -days 1 -keyout /etc/letsencrypt/live/$DOMAIN/privkey.pem -out /etc/letsencrypt/live/$DOMAIN/fullchain.pem -subj "/CN=$DOMAIN"' >>$INIT; \
echo ' [ ! -d /etc/letsencrypt/live/$DOMAIN ] && mkdir -p /etc/letsencrypt/live/$DOMAIN && FIRST_INIT="true"' >>$INIT; \
echo ' FULLCHAIN="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"' >>$INIT; \
echo ' PRIVKEY="/etc/letsencrypt/live/$DOMAIN/privkey.pem"' >>$INIT; \
echo " fi" >>$INIT; \
echo ' fi' >>$INIT; \
echo ' [ ! -f $FULLCHAIN ] && [ ! -f $PRIVKEY ] && openssl req -x509 -nodes -newkey rsa:1024 -days 1 -keyout $PRIVKEY -out $FULLCHAIN -subj "/CN=$DOMAIN"' >>$INIT; \
echo ' [ ! -f /etc/nginx/ssl/dhparam.pem ] && openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048' >>$INIT; \
echo ' LISTEN=`cat /etc/nginx/sites-enabled/.templates/listen_ssl.conf`' >>$INIT; \
echo ' LISTEN=${LISTEN//\\{FULLCHAIN\\}/$FULLCHAIN}' >>$INIT; \
echo ' LISTEN=${LISTEN//\\{PRIVKEY\\}/$PRIVKEY}' >>$INIT; \
echo 'else' >>$INIT; \
echo ' LISTEN=`cat /etc/nginx/sites-enabled/.templates/listen_nossl.conf`' >>$INIT; \
echo "fi" >>$INIT; \
echo 'fi' >>$INIT; \
echo '[ "$MAPS_TOKEN" = "-" ] && MAPS_TOKEN=`echo $RANDOM$RANDOM£RANDOM$RANDOM | sha256sum | cut -d " " -f 1`' >>$INIT; \
echo 'CONF=${CONF//\\{LISTEN\\}/$LISTEN}' >>$INIT; \
echo 'CONF=${CONF//\\{NGINX_BALANCERLIST\\}/$TEMP}' >>$INIT; \
echo 'CONF=${CONF//\\{DOMAIN\\}/$DOMAIN}' >>$INIT; \
echo 'CONF=${CONF//\\{MAPS_TOKEN\\}/$MAPS_TOKEN}' >>$INIT; \
echo 'echo "${CONF}" > /etc/nginx/sites-enabled/loadbalancer.conf' >>$INIT; \
echo 'service nginx start' >>$INIT; \
echo '[ "FIRST_INIT" = "true" ] || [ ! -f /etc/letsencrypt/renewal/$DOMAIN.conf ] && certbot certonly --webroot -w /home/www/letsencrypt --agree-tos -d "$DOMAIN" -m $SSL_LETSENCRYPTMAIL && service nginx reload' >>$INIT;
......@@ -78,6 +84,6 @@ CMD chown -R root: /var/cache/nginx /etc/nginx/ssl; \
service munin-node start; \
rm -rf /var/cache/nginx/*; \
rm /etc/nginx/sites-enabled/*; \
bash /tmp/init.sh $DOMAIN $SSL $SSL_LETSENCRYPTMAIL $BALANCER_IPLIST; \
bash /tmp/init.sh "$DOMAIN" "$SSL" "$SSL_LETSENCRYPTMAIL" "$MAPS_TOKEN" $BALANCER_IPLIST; \
service cron start; \
sleep infinity;
......@@ -19,6 +19,10 @@ server {
{LISTEN}
location /{MAPS_TOKEN} {
root /home/maps;
}
location /muninlb {
root /var/cache/munin/www;
index index.html;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment