mirrors2/eiblog
1
0
Fork 0
mirror of https://github.com/eiblog/eiblog.git synced 2026-02-04 13:52:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

添加 Makefile,使用 acme.sh 自动更新证书

Browse Source
This commit is contained in:
deepzz0
2017-06-25 06:48:19 +08:00
parent 3992db49ba
commit 6cea283f86
3 changed files with 75 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Dockerfile
View File

@@ -1,8 +1,7 @@
FROM alpine FROM alpine
MAINTAINER deepzz <deepzz.qi@gmail.com> MAINTAINER deepzz <deepzz.qi@gmail.com>
RUN apk update RUN apk add --update --no-cache ca-certificates
RUN apk add ca-certificates
ADD static/tzdata/Shanghai /etc/localtime ADD static/tzdata/Shanghai /etc/localtime
COPY . /eiblog COPY . /eiblog

74
Makefile Normal file
View File

@@ -0,0 +1,74 @@
# use aliyun dns api to auto renew cert.
# env:
# export Ali_Key="sdfsdfsdfljlbjkljlkjsdfoiwje"
# export Ali_Secret="jlsdflanljkljlfdsaklkjflsa"
docker_registry?=registry.cn-hangzhou.aliyuncs.com
acme?=~/.acme.sh
acme.sh?=$(acme)/acme.sh
config?=tmp/conf
test:
build:
@echo "go build..."
@CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build && \
docker build -t $(docker_registry)/deepzz/eiblog .
deploy:build
@docker push $(docker_registry)/deepzz/eiblog
dist:
@./dist.sh
gencert:
@echo $(Ali_Key) $(Ali_Secret)
@if [ ! -n "$(sans)" ]; then \
printf "Need one argument [sans=params]\n"; \
printf "example: sans=\"-d domain -d domain\"\n"; \
exit 1; \
fi; \
if [ ! -n "$(cn)" ]; then \
printf "Need one argument [cn=params]\n"; \
printf "example: cn=domain\n"; \
exit 1; \
fi
@if [ ! -f $(acme.sh) ]; then \
curl https://get.acme.sh | sh; \
fi
@echo "generate rsa cert..."
@$(acme.sh) --force --issue --dns dns_ali \
$(sans) --log
@$(acme.sh) --install-cert -d $(cn) \
--key-file $(config)/ssl/domain.rsa.key \
--fullchain-file $(config)/ssl/domain.rsa.pem \
--reloadcmd "service nginx force-reload"
@ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/venafi.sct && \
ct-submit ctlog-gen2.api.venafi.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/venafi2.sct
@echo "generate ecc cert..."
@$(acme.sh) --force --issue --dns dns_ali \
$(sans) -k ec-256 --log
@$(acme.sh) --install-cert -d $(cn) --ecc \
--key-file $(config)/ssl/domain.ecc.key \
--fullchain-file $(config)/ssl/domain.ecc.pem \
--reloadcmd "service nginx force-reload"
@ct-submit ctlog.api.venafi.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/venafi.sct && \
ct-submit ctlog-gen2.api.venafi.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/venafi2.sct
# fullchained:
# @if [ ! -n "$(cn)" ]; then \
# printf "Use acme.sh generated certs, Need one argument [cn=params]\n"; \
# printf "example: cn=domain\n"; \
# exit 1; \
# fi
# @cp $(acme)/$(cn)/ca.cer $(config)/ssl/full_chained.pem && \
# echo $(X3) >> $(config)/ssl/full_chained.pem
dhparams:
@openssl dhparam -out $(config)/ssl/dhparams.pem 2048
clean:

10
build_docker.sh
View File

@@ -1,10 +0,0 @@
#!/bin/bash
echo "go build..."
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build && \
domain="registry.cn-hangzhou.aliyuncs.com" && \
docker build -t $domain/deepzz/eiblog . && \
read -p "是否上传到服务器(y/n):" word && \
if [ $word = "y" ] ;then
docker push $domain/deepzz/eiblog
fi