From 6cea283f8688e9d994c424d757d5d63d9e5bb17b Mon Sep 17 00:00:00 2001 From: deepzz0 Date: Sun, 25 Jun 2017 06:48:19 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20Makefile=EF=BC=8C=E4=BD=BF?= =?UTF-8?q?=E7=94=A8=20acme.sh=20=E8=87=AA=E5=8A=A8=E6=9B=B4=E6=96=B0?= =?UTF-8?q?=E8=AF=81=E4=B9=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 3 +- Makefile | 74 +++++++++++++++++++++++++++++++++++++++++++++++++ build_docker.sh | 10 ------- 3 files changed, 75 insertions(+), 12 deletions(-) create mode 100644 Makefile delete mode 100755 build_docker.sh diff --git a/Dockerfile b/Dockerfile index ebe0037..fa8b898 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,7 @@ FROM alpine MAINTAINER deepzz -RUN apk update -RUN apk add ca-certificates +RUN apk add --update --no-cache ca-certificates ADD static/tzdata/Shanghai /etc/localtime COPY . /eiblog diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..766f92c --- /dev/null +++ b/Makefile @@ -0,0 +1,74 @@ +# use aliyun dns api to auto renew cert. +# env: +# export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje" +# export Ali_Secret="jlsdflanljkljlfdsaklkjflsa" + +docker_registry?=registry.cn-hangzhou.aliyuncs.com +acme?=~/.acme.sh +acme.sh?=$(acme)/acme.sh +config?=tmp/conf + + +test: + +build: + @echo "go build..." + @CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build && \ + docker build -t $(docker_registry)/deepzz/eiblog . + +deploy:build + @docker push $(docker_registry)/deepzz/eiblog + +dist: + @./dist.sh + +gencert: + @echo $(Ali_Key) $(Ali_Secret) + @if [ ! -n "$(sans)" ]; then \ + printf "Need one argument [sans=params]\n"; \ + printf "example: sans=\"-d domain -d domain\"\n"; \ + exit 1; \ + fi; \ + if [ ! -n "$(cn)" ]; then \ + printf "Need one argument [cn=params]\n"; \ + printf "example: cn=domain\n"; \ + exit 1; \ + fi + @if [ ! -f $(acme.sh) ]; then \ + curl https://get.acme.sh | sh; \ + fi + + @echo "generate rsa cert..." + @$(acme.sh) --force --issue --dns dns_ali \ + $(sans) --log + @$(acme.sh) --install-cert -d $(cn) \ + --key-file $(config)/ssl/domain.rsa.key \ + --fullchain-file $(config)/ssl/domain.rsa.pem \ + --reloadcmd "service nginx force-reload" + @ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/venafi.sct && \ + ct-submit ctlog-gen2.api.venafi.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/venafi2.sct + + @echo "generate ecc cert..." + @$(acme.sh) --force --issue --dns dns_ali \ + $(sans) -k ec-256 --log + @$(acme.sh) --install-cert -d $(cn) --ecc \ + --key-file $(config)/ssl/domain.ecc.key \ + --fullchain-file $(config)/ssl/domain.ecc.pem \ + --reloadcmd "service nginx force-reload" + @ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/venafi.sct && \ + ct-submit ctlog-gen2.api.venafi.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/venafi2.sct + +# fullchained: +# @if [ ! -n "$(cn)" ]; then \ +# printf "Use acme.sh generated certs, Need one argument [cn=params]\n"; \ +# printf "example: cn=domain\n"; \ +# exit 1; \ +# fi +# @cp $(acme)/$(cn)/ca.cer $(config)/ssl/full_chained.pem && \ +# echo $(X3) >> $(config)/ssl/full_chained.pem + +dhparams: + @openssl dhparam -out $(config)/ssl/dhparams.pem 2048 + +clean: + diff --git a/build_docker.sh b/build_docker.sh deleted file mode 100755 index f2b7379..0000000 --- a/build_docker.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -echo "go build..." -CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build && \ - -domain="registry.cn-hangzhou.aliyuncs.com" && \ -docker build -t $domain/deepzz/eiblog . && \ -read -p "是否上传到服务器(y/n):" word && \ -if [ $word = "y" ] ;then - docker push $domain/deepzz/eiblog -fi