From 9ce04bdbc7eb45f50440306408996353e33a511e Mon Sep 17 00:00:00 2001 From: Helder Correia Date: Thu, 6 Jul 2017 22:03:14 +0000 Subject: [PATCH 1/6] Allow setting NGINX_DOCKER_GEN_CONTAINER from a label --- app/entrypoint.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/app/entrypoint.sh b/app/entrypoint.sh index 8f726278..e8e5799d 100755 --- a/app/entrypoint.sh +++ b/app/entrypoint.sh @@ -23,6 +23,14 @@ EOT fi } +function get_nginx_gen_cid { + # Check if any container has been labelled as the nginx gen container. + local labeled_cid=$(docker_api "/containers/json" | jq -r '.[] | select( .Labels["com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_gen"] == "true")|.Id') + if [[ ! -z "${labeled_cid:-}" ]]; then + export NGINX_DOCKER_GEN_CONTAINER=$labeled_cid + fi +} + function get_nginx_proxy_cid { # Look for a NGINX_VERSION environment variable in containers that we have mount volumes from. local volumes_from=$(docker_api "/containers/$CONTAINER_ID/json" | jq -r '.HostConfig.VolumesFrom[]' 2>/dev/null) @@ -79,6 +87,7 @@ source /app/functions.sh if [[ "$*" == "/bin/bash /app/start.sh" ]]; then check_docker_socket + [[ -z "${NGINX_DOCKER_GEN_CONTAINER:-}" ]] && get_nginx_gen_cid if [[ -z "${NGINX_DOCKER_GEN_CONTAINER:-}" ]]; then [[ -z "${NGINX_PROXY_CONTAINER:-}" ]] && get_nginx_proxy_cid fi From 5a819b62d4fe4ecaae62d85d359042d10909fd87 Mon Sep 17 00:00:00 2001 From: Helder Correia Date: Sat, 8 Jul 2017 10:48:44 +0000 Subject: [PATCH 2/6] Find labeled cid in runtime instead of startup time MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Because a new container could have been redeployed during the companion’s lifecycle. --- app/entrypoint.sh | 18 ++---------------- app/functions.sh | 34 +++++++++++++++++++++++++--------- 2 files changed, 27 insertions(+), 25 deletions(-) diff --git a/app/entrypoint.sh b/app/entrypoint.sh index e8e5799d..2bd5bda8 100755 --- a/app/entrypoint.sh +++ b/app/entrypoint.sh @@ -23,14 +23,6 @@ EOT fi } -function get_nginx_gen_cid { - # Check if any container has been labelled as the nginx gen container. - local labeled_cid=$(docker_api "/containers/json" | jq -r '.[] | select( .Labels["com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_gen"] == "true")|.Id') - if [[ ! -z "${labeled_cid:-}" ]]; then - export NGINX_DOCKER_GEN_CONTAINER=$labeled_cid - fi -} - function get_nginx_proxy_cid { # Look for a NGINX_VERSION environment variable in containers that we have mount volumes from. local volumes_from=$(docker_api "/containers/$CONTAINER_ID/json" | jq -r '.HostConfig.VolumesFrom[]' 2>/dev/null) @@ -41,12 +33,7 @@ function get_nginx_proxy_cid { break fi done - # Check if any container has been labelled as the nginx proxy container. - local labeled_cid=$(docker_api "/containers/json" | jq -r '.[] | select( .Labels["com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"] == "true")|.Id') - if [[ ! -z "${labeled_cid:-}" ]]; then - export NGINX_PROXY_CONTAINER=$labeled_cid - fi - if [[ -z "${NGINX_PROXY_CONTAINER:-}" ]]; then + if [[ -z "$(nginx_proxy_cid)" ]]; then echo "Error: can't get nginx-proxy container id !" >&2 echo "Check that you use the --volumes-from option to mount volumes from the nginx-proxy or label the nginx proxy container to use with 'com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true'." >&2 exit 1 @@ -87,8 +74,7 @@ source /app/functions.sh if [[ "$*" == "/bin/bash /app/start.sh" ]]; then check_docker_socket - [[ -z "${NGINX_DOCKER_GEN_CONTAINER:-}" ]] && get_nginx_gen_cid - if [[ -z "${NGINX_DOCKER_GEN_CONTAINER:-}" ]]; then + if [[ -z "$(docker_gen_cid)" ]]; then [[ -z "${NGINX_PROXY_CONTAINER:-}" ]] && get_nginx_proxy_cid fi check_writable_directory '/etc/nginx/certs' diff --git a/app/functions.sh b/app/functions.sh index 4a24b12d..2099fcb5 100644 --- a/app/functions.sh +++ b/app/functions.sh @@ -67,21 +67,37 @@ function docker_kill { docker_api "/containers/$id/kill?signal=$signal" "POST" } +function labeled_cid { + docker_api "/containers/json" | jq -r '.[] | select( .Labels["'$1'"] == "true")|.Id' +} + +function docker_gen_container { + echo ${NGINX_DOCKER_GEN_CONTAINER:-labeled_cid com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen} +} + +function nginx_proxy_container { + echo ${NGINX_PROXY_CONTAINER:-labeled_cid com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy} +} + ## Nginx reload_nginx() { - if [[ -n "${NGINX_DOCKER_GEN_CONTAINER:-}" ]]; then + local _docker_gen_container=$(docker_gen_container) + local _nginx_proxy_container=$(nginx_proxy_container) + + if [[ -n "${_docker_gen_container:-}" ]]; then # Using docker-gen and nginx in separate container - echo "Reloading nginx docker-gen (using separate container ${NGINX_DOCKER_GEN_CONTAINER})..." - docker_kill "$NGINX_DOCKER_GEN_CONTAINER" SIGHUP - if [[ -n "${NGINX_PROXY_CONTAINER:-}" ]]; then + echo "Reloading nginx docker-gen (using separate container ${_docker_gen_container})..." + docker_kill "${_docker_gen_container}" SIGHUP + + if [[ -n "${_nginx_proxy_container:-}" ]]; then # Reloading nginx in case only certificates had been renewed - echo "Reloading nginx (using separate container ${NGINX_PROXY_CONTAINER})..." - docker_kill "$NGINX_PROXY_CONTAINER" SIGHUP + echo "Reloading nginx (using separate container ${_nginx_proxy_container})..." + docker_kill "${_nginx_proxy_container}" SIGHUP fi else - if [[ -n "${NGINX_PROXY_CONTAINER:-}" ]]; then - echo "Reloading nginx proxy..." - docker_exec "$NGINX_PROXY_CONTAINER" \ + if [[ -n "${_nginx_proxy_container:-}" ]]; then + echo "Reloading nginx proxy (${_nginx_proxy_container})..." + docker_exec "${_nginx_proxy_container}" \ '[ "sh", "-c", "/usr/local/bin/docker-gen -only-exposed /app/nginx.tmpl /etc/nginx/conf.d/default.conf; /usr/sbin/nginx -s reload" ]' fi fi From 690bc47146726ffcd43f5df169ce4f7e18350320 Mon Sep 17 00:00:00 2001 From: Helder Correia Date: Sat, 8 Jul 2017 11:03:13 +0000 Subject: [PATCH 3/6] Fix renamed commands --- app/entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/entrypoint.sh b/app/entrypoint.sh index 2bd5bda8..3ff7bf6b 100755 --- a/app/entrypoint.sh +++ b/app/entrypoint.sh @@ -33,7 +33,7 @@ function get_nginx_proxy_cid { break fi done - if [[ -z "$(nginx_proxy_cid)" ]]; then + if [[ -z "$(nginx_proxy_container)" ]]; then echo "Error: can't get nginx-proxy container id !" >&2 echo "Check that you use the --volumes-from option to mount volumes from the nginx-proxy or label the nginx proxy container to use with 'com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true'." >&2 exit 1 @@ -74,7 +74,7 @@ source /app/functions.sh if [[ "$*" == "/bin/bash /app/start.sh" ]]; then check_docker_socket - if [[ -z "$(docker_gen_cid)" ]]; then + if [[ -z "$(docker_gen_container)" ]]; then [[ -z "${NGINX_PROXY_CONTAINER:-}" ]] && get_nginx_proxy_cid fi check_writable_directory '/etc/nginx/certs' From 8f513e6950a4250afeac756ad53bb0f7068798bf Mon Sep 17 00:00:00 2001 From: Helder Correia Date: Sat, 8 Jul 2017 11:10:50 +0000 Subject: [PATCH 4/6] Fix commands --- app/functions.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/functions.sh b/app/functions.sh index 2099fcb5..89227a57 100644 --- a/app/functions.sh +++ b/app/functions.sh @@ -72,11 +72,11 @@ function labeled_cid { } function docker_gen_container { - echo ${NGINX_DOCKER_GEN_CONTAINER:-labeled_cid com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen} + echo ${NGINX_DOCKER_GEN_CONTAINER:-$(labeled_cid com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen)} } function nginx_proxy_container { - echo ${NGINX_PROXY_CONTAINER:-labeled_cid com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy} + echo ${NGINX_PROXY_CONTAINER:-$(labeled_cid com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy)} } ## Nginx From eb41e9fd9484886195c4a71fa63cfde1183a9d79 Mon Sep 17 00:00:00 2001 From: Helder Correia Date: Sat, 8 Jul 2017 12:28:51 +0000 Subject: [PATCH 5/6] Update docs --- README.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 91d1d248..620937c0 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ To run nginx proxy as a separate container you'll need: curl https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl > /path/to/nginx.tmpl ``` -2) Set the `NGINX_DOCKER_GEN_CONTAINER` environment variable to the name or id of the docker-gen container. +2) Use the `com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen=true` label on the docker-gen container, or explicitly set the `NGINX_DOCKER_GEN_CONTAINER` environment variable to the name or id of that container. Examples: @@ -86,23 +86,25 @@ $ docker run -d \ --volumes-from nginx \ -v /path/to/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro \ -v /var/run/docker.sock:/tmp/docker.sock:ro \ + --label com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen=true \ jwilder/docker-gen \ -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf ``` -* Then start this container (NGINX_DOCKER_GEN_CONTAINER variable must contain the docker-gen container name or id): +* Then start this container: ```bash $ docker run -d \ --name nginx-letsencrypt \ - -e "NGINX_DOCKER_GEN_CONTAINER=nginx-gen" \ --volumes-from nginx \ -v /path/to/certs:/etc/nginx/certs:rw \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ jrcs/letsencrypt-nginx-proxy-companion ``` -Then start any containers to be proxied as described previously. -* If for some reason you can't use the docker --volumes-from option, you can specify the name or id of the nginx container with `NGINX_PROXY_CONTAINER` variable. +* Then start any containers to be proxied as described previously. + +Note: If the docker-gen container name is static and you want to explicitly set it, use `-e NGINX_DOCKER_GEN_CONTAINER=nginx-gen`. The same thing is true with the nginx container (`-e NGINX_PROXY_CONTAINER=nginx`). + #### Let's Encrypt @@ -172,5 +174,5 @@ If you want other examples how to use this container, look at: * [Evert Ramos's Examples](https://github.com/evertramos/docker-compose-letsencrypt-nginx-proxy-companion) - using docker-compose version '3' * [Karl Fathi's Examples](https://github.com/fatk/docker-letsencrypt-nginx-proxy-companion-examples) * [More examples from Karl](https://github.com/pixelfordinner/pixelcloud-docker-apps/tree/master/nginx-proxy) -* [George Ilyes' Examples](https://github.com/gilyes/docker-nginx-letsencrypt-sample) +* [George Ilyes' Examples](https://github.com/gilyes/docker-nginx-letsencrypt-sample) * [Dmitry's simple docker-compose example](https://github.com/dmitrym0/simple-lets-encrypt-docker-compose-sample) From 92a50b658effacd031c3f81e7dcf54a192192817 Mon Sep 17 00:00:00 2001 From: Helder Correia Date: Sat, 8 Jul 2017 15:37:07 +0000 Subject: [PATCH 6/6] =?UTF-8?q?Disregard=20the=20label=E2=80=99s=20value?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The mere existence of the label is enough. --- README.md | 14 ++++++++------ app/functions.sh | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 620937c0..7ed2f08b 100644 --- a/README.md +++ b/README.md @@ -30,10 +30,10 @@ $ docker run -d -p 80:80 -p 443:443 \ -v /etc/nginx/vhost.d \ -v /usr/share/nginx/html \ -v /var/run/docker.sock:/tmp/docker.sock:ro \ - --label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true \ + --label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy \ jwilder/nginx-proxy ``` -The "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true" label is needed so that the letsencrypt container knows which nginx proxy container to use. +The "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy" label is needed so that the letsencrypt container knows which nginx proxy container to use. * Second start this container: ```bash @@ -63,7 +63,7 @@ To run nginx proxy as a separate container you'll need: curl https://raw.githubusercontent.com/jwilder/nginx-proxy/master/nginx.tmpl > /path/to/nginx.tmpl ``` -2) Use the `com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen=true` label on the docker-gen container, or explicitly set the `NGINX_DOCKER_GEN_CONTAINER` environment variable to the name or id of that container. +2) Use the `com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen` label on the docker-gen container, or explicitly set the `NGINX_DOCKER_GEN_CONTAINER` environment variable to the name or id of that container. Examples: @@ -75,7 +75,7 @@ $ docker run -d -p 80:80 -p 443:443 \ -v /etc/nginx/vhost.d \ -v /usr/share/nginx/html \ -v /path/to/certs:/etc/nginx/certs:ro \ - --label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true \ + --label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy \ nginx ``` @@ -86,7 +86,7 @@ $ docker run -d \ --volumes-from nginx \ -v /path/to/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro \ -v /var/run/docker.sock:/tmp/docker.sock:ro \ - --label com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen=true \ + --label com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen \ jwilder/docker-gen \ -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf ``` @@ -163,7 +163,9 @@ $ docker run -d \ * `REUSE_KEY` - Set it to `true` to make simp_le reuse previously generated private key instead of creating a new one on certificate renewal. Recommended if you intend to use HPKP. -* The "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true" label - set this label on the nginx-proxy container to tell the docker-letsencrypt-nginx-proxy-companion container to use it as the proxy. +* The "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy" label - set this label on the nginx-proxy container to tell the docker-letsencrypt-nginx-proxy-companion container to use it as the proxy. + +* The "com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen" label - set this label on the docker-gen container to tell the docker-letsencrypt-nginx-proxy-companion container to use it as the docker-gen when it's split from nginx (separate containers). * `ACME_TOS_HASH` - Let´s you pass an alternative TOS hash to simp_le, to support other CA´s ACME implentation. diff --git a/app/functions.sh b/app/functions.sh index 89227a57..68c4b9cf 100644 --- a/app/functions.sh +++ b/app/functions.sh @@ -68,7 +68,7 @@ function docker_kill { } function labeled_cid { - docker_api "/containers/json" | jq -r '.[] | select( .Labels["'$1'"] == "true")|.Id' + docker_api "/containers/json" | jq -r '.[] | select(.Labels["'$1'"])|.Id' } function docker_gen_container {