Commit d0679017 authored by rg's avatar rg

Début de fusion

parent 453194f3
...@@ -17,7 +17,6 @@ services: ...@@ -17,7 +17,6 @@ services:
- "${HTTP_PORT:-80}:80" - "${HTTP_PORT:-80}:80"
- "${HTTPS_PORT:-443}:443" - "${HTTPS_PORT:-443}:443"
volumes: volumes:
- ./loadbalancer/home/maps:/home/maps
- ./loadbalancer/etc/nginx/sites-enabled/.templates:/etc/nginx/sites-enabled/.templates - ./loadbalancer/etc/nginx/sites-enabled/.templates:/etc/nginx/sites-enabled/.templates
- ./loadbalancer/etc/nginx/ssl:/etc/nginx/ssl - ./loadbalancer/etc/nginx/ssl:/etc/nginx/ssl
- ./loadbalancer/etc/letsencrypt:/etc/letsencrypt - ./loadbalancer/etc/letsencrypt:/etc/letsencrypt
......
FROM ubuntu:bionic FROM klokantech/tileserver-gl
RUN apt-get update && \ RUN apt-get update && \
apt-get -y install wget rsyslog logrotate cron bzip2 telnet vim language-pack-fr sudo && \ apt-get -y install wget rsyslog logrotate cron bzip2 telnet vim sudo net-tools && \
echo "LANG=\"fr_FR.UTF-8\"\nLANGUAGE=\"fr_FR:fr\"\nLC_NUMERIC=\"fr_FR.UTF-8\"\nLC_TIME=\"fr_FR.UTF-8\"\nLC_MONETARY=\"fr_FR.UTF-8\"\nLC_PAPER=\"fr_FR.UTF-8\"\nLC_IDENTIFICATION=\"fr_FR.UTF-8\"\nLC_NAME=\"fr_FR.UTF-8\"\nLC_ADDRESS=\"fr_FR.UTF-8\"\nLC_TELEPHONE=\"fr_FR.UTF-8\"\nLC_MEASUREMENT=\"fr_FR.UTF-8\"" >>/etc/default/locale echo "LANG=\"fr_FR.UTF-8\"\nLANGUAGE=\"fr_FR:fr\"\nLC_NUMERIC=\"fr_FR.UTF-8\"\nLC_TIME=\"fr_FR.UTF-8\"\nLC_MONETARY=\"fr_FR.UTF-8\"\nLC_PAPER=\"fr_FR.UTF-8\"\nLC_IDENTIFICATION=\"fr_FR.UTF-8\"\nLC_NAME=\"fr_FR.UTF-8\"\nLC_ADDRESS=\"fr_FR.UTF-8\"\nLC_TELEPHONE=\"fr_FR.UTF-8\"\nLC_MEASUREMENT=\"fr_FR.UTF-8\"" >>/etc/default/locale
RUN apt-get update && \ RUN apt-get update && \
apt-get -y install software-properties-common; \ apt-get -y install software-properties-common; \
add-apt-repository -y ppa:certbot/certbot; \ #echo "deb http://nginx.org/packages/mainline/debian/ stretch nginx" >>/etc/apt/sources.list; \
apt-get update; \ #curl -Ss http://nginx.org/keys/nginx_signing.key | apt-key add -; \
apt-get -y install nginx; \ #apt-get update; \
apt-get -y install python-certbot-nginx; \ apt-get -y install nginx python-certbot-nginx munin logrotate;
apt-get -y install munin logrotate
RUN mkdir -p /home/www/letsencrypt /home/maps; RUN mkdir -p /home/www/letsencrypt /home/maps;
...@@ -30,61 +29,88 @@ ENV SSL=$SSL ...@@ -30,61 +29,88 @@ ENV SSL=$SSL
ARG MAPS_TOKEN ARG MAPS_TOKEN
ENV MAPS_TOKEN=${MAPS_TOKEN:--} ENV MAPS_TOKEN=${MAPS_TOKEN:--}
ARG INIT=/tmp/init.sh
RUN echo 'DOMAIN=$1; shift; SSL=$1; shift; SSL_LETSENCRYPTMAIL=$1; shift; MAPS_TOKEN=$1; shift;' >>$INIT; \ ARG INIT_NGINX=/tmp/init_nginx.sh
echo 'i=0;' >>$INIT; \ ENV INIT_NGINX=$INIT_NGINX
echo 'echo "" >/tmp/conf;' >>$INIT; \ RUN echo 'DOMAIN=$1; shift; SSL=$1; shift; SSL_LETSENCRYPTMAIL=$1; shift; MAPS_TOKEN=$1; shift;' >>$INIT_NGINX; \
echo 'for IP in $@; do' >>$INIT; \ echo 'FIRST_INIT=false;' >>$INIT_NGINX; \
echo ' ((i++));' >>$INIT; \ echo 'i=0;' >>$INIT_NGINX; \
echo ' echo "[mapft$i]\n\taddress $IP\n\tuse_node_name yes" >/etc/munin/munin-conf.d/mapft$i.conf;' >>$INIT; \ echo 'echo "" >/tmp/conf;' >>$INIT_NGINX; \
echo ' echo "\tserver $IP max_fails=5 fail_timeout=10s weight=1;" >>/tmp/conf;' >>$INIT; \ echo 'for IP in $@; do' >>$INIT_NGINX; \
echo 'done;' >>$INIT; \ echo ' ((i++));' >>$INIT_NGINX; \
echo 'TEMP=`cat /tmp/conf`;' >>$INIT; \ echo ' [ "$IP" = "127.0.0.1" ] && IP="$IP:8080";' >>$INIT_NGINX; \
echo 'CONF=`cat /etc/nginx/sites-enabled/.templates/loadbalancer.conf`;' >>$INIT; \ echo ' echo "[mapft$i]\n\taddress $IP\n\tuse_node_name yes" >/etc/munin/munin-conf.d/mapft$i.conf;' >>$INIT_NGINX; \
echo 'CONF=${CONF//\\{NGINX_BALANCERLIST\\}/$TEMP}' >>$INIT; \ echo ' echo "\tserver $IP max_fails=5 fail_timeout=10s weight=1;" >>/tmp/conf;' >>$INIT_NGINX; \
echo 'if [ "$SSL" != "false" ]; then' >>$INIT; \ echo 'done;' >>$INIT_NGINX; \
echo ' FULLCHAIN="/etc/nginx/ssl/fullchain.pem"' >>$INIT; \ echo 'TEMP=`cat /tmp/conf`;' >>$INIT_NGINX; \
echo ' PRIVKEY="/etc/nginx/ssl/privkey.pem"' >>$INIT; \ echo 'CONF=`cat /etc/nginx/sites-enabled/.templates/loadbalancer.conf`;' >>$INIT_NGINX; \
echo ' if [ "$SSL" = "letsencrypt" ]; then' >>$INIT; \ echo 'CONF=${CONF//\\{NGINX_BALANCERLIST\\}/$TEMP}' >>$INIT_NGINX; \
echo ' [ ! -d /etc/letsencrypt/live/$DOMAIN ] && mkdir -p /etc/letsencrypt/live/$DOMAIN && FIRST_INIT="true"' >>$INIT; \ echo 'if [ "$SSL" != "false" ]; then' >>$INIT_NGINX; \
echo ' [ ! -f /etc/letsencrypt/renewal/$DOMAIN.conf ] && FIRST_INIT="true"' >>$INIT; \ echo ' FULLCHAIN="/etc/nginx/ssl/fullchain.pem"' >>$INIT_NGINX; \
echo ' FULLCHAIN="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"' >>$INIT; \ echo ' PRIVKEY="/etc/nginx/ssl/privkey.pem"' >>$INIT_NGINX; \
echo ' PRIVKEY="/etc/letsencrypt/live/$DOMAIN/privkey.pem"' >>$INIT; \ echo ' if [ "$SSL" = "letsencrypt" ]; then' >>$INIT_NGINX; \
echo ' fi' >>$INIT; \ echo ' [ ! -d /etc/letsencrypt/live/$DOMAIN ] && mkdir -p /etc/letsencrypt/live/$DOMAIN && FIRST_INIT="true"' >>$INIT_NGINX; \
echo ' [ ! -f $FULLCHAIN ] && [ ! -f $PRIVKEY ] && openssl req -x509 -nodes -newkey rsa:1024 -days 1 -keyout $PRIVKEY -out $FULLCHAIN -subj "/CN=$DOMAIN"' >>$INIT; \ echo ' [ ! -f /etc/letsencrypt/renewal/$DOMAIN.conf ] && FIRST_INIT="true"' >>$INIT_NGINX; \
echo ' [ ! -f /etc/nginx/ssl/dhparam.pem ] && openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048' >>$INIT; \ echo ' FULLCHAIN="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"' >>$INIT_NGINX; \
echo ' LISTEN=`cat /etc/nginx/sites-enabled/.templates/listen_ssl.conf`' >>$INIT; \ echo ' PRIVKEY="/etc/letsencrypt/live/$DOMAIN/privkey.pem"' >>$INIT_NGINX; \
echo ' LISTEN=${LISTEN//\\{FULLCHAIN\\}/$FULLCHAIN}' >>$INIT; \ echo ' fi' >>$INIT_NGINX; \
echo ' LISTEN=${LISTEN//\\{PRIVKEY\\}/$PRIVKEY}' >>$INIT; \ echo ' [ ! -f $FULLCHAIN ] && [ ! -f $PRIVKEY ] && openssl req -x509 -nodes -newkey rsa:1024 -days 1 -keyout $PRIVKEY -out $FULLCHAIN -subj "/CN=$DOMAIN"' >>$INIT_NGINX; \
echo 'else' >>$INIT; \ echo ' [ ! -f /etc/nginx/ssl/dhparam.pem ] && openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048' >>$INIT_NGINX; \
echo ' LISTEN=`cat /etc/nginx/sites-enabled/.templates/listen_nossl.conf`' >>$INIT; \ echo ' LISTEN=`cat /etc/nginx/sites-enabled/.templates/listen_ssl.conf`' >>$INIT_NGINX; \
echo 'fi' >>$INIT; \ echo ' LISTEN=${LISTEN//\\{FULLCHAIN\\}/$FULLCHAIN}' >>$INIT_NGINX; \
echo '[ "$MAPS_TOKEN" = "-" ] && MAPS_TOKEN=`echo $RANDOM$RANDOM£RANDOM$RANDOM | sha256sum | cut -d " " -f 1`' >>$INIT; \ echo ' LISTEN=${LISTEN//\\{PRIVKEY\\}/$PRIVKEY}' >>$INIT_NGINX; \
echo 'CONF=${CONF//\\{LISTEN\\}/$LISTEN}' >>$INIT; \ echo 'else' >>$INIT_NGINX; \
echo 'CONF=${CONF//\\{NGINX_BALANCERLIST\\}/$TEMP}' >>$INIT; \ echo ' LISTEN=`cat /etc/nginx/sites-enabled/.templates/listen_nossl.conf`' >>$INIT_NGINX; \
echo 'CONF=${CONF//\\{DOMAIN\\}/$DOMAIN}' >>$INIT; \ echo 'fi' >>$INIT_NGINX; \
echo 'CONF=${CONF//\\{MAPS_TOKEN\\}/$MAPS_TOKEN}' >>$INIT; \ echo '[ "$MAPS_TOKEN" = "-" ] && MAPS_TOKEN=`echo $RANDOM$RANDOM£RANDOM$RANDOM | sha256sum | cut -d " " -f 1`' >>$INIT_NGINX; \
echo 'echo "${CONF}" > /etc/nginx/sites-enabled/loadbalancer.conf' >>$INIT; \ echo 'CONF=${CONF//\\{LISTEN\\}/$LISTEN}' >>$INIT_NGINX; \
echo 'service nginx start' >>$INIT; \ echo 'CONF=${CONF//\\{NGINX_BALANCERLIST\\}/$TEMP}' >>$INIT_NGINX; \
echo '[ "FIRST_INIT" = "true" ] && certbot certonly --webroot -w /home/www/letsencrypt --agree-tos -d "$DOMAIN" -m $SSL_LETSENCRYPTMAIL && service nginx reload' >>$INIT; echo 'CONF=${CONF//\\{DOMAIN\\}/$DOMAIN}' >>$INIT_NGINX; \
echo 'CONF=${CONF//\\{MAPS_TOKEN\\}/$MAPS_TOKEN}' >>$INIT_NGINX; \
echo 'echo "${CONF}" > /etc/nginx/conf.d/loadbalancer.conf' >>$INIT_NGINX; \
echo 'service nginx start' >>$INIT_NGINX; \
echo '[ "FIRST_INIT" = "true" ] && certbot certonly --webroot -w /home/www/letsencrypt --agree-tos -d "$DOMAIN" -m $SSL_LETSENCRYPTMAIL && service nginx reload' >>$INIT_NGINX;