container/postgres
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use lego from baseimage

Browse Source
This commit is contained in:
Sebastian Hugentobler 2017-09-05 11:52:24 +02:00
parent 51cc43c11d
commit c0e510acba
7 changed files with 9 additions and 79 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Dockerfile
View File

@ -1,13 +1,8 @@
FROM golang:alpine as builder FROM registry.gitlab.com/thallian/docker-confd-env:lego
RUN apk --no-cache add git
RUN go get -v -u github.com/xenolf/lego
FROM registry.gitlab.com/thallian/docker-confd-env:master
COPY --from=builder /go/bin/lego /bin/lego
ENV PGDATA /var/lib/postgresql/data ENV PGDATA /var/lib/postgresql/data
ENV CERT_HOME /var/lib/postgresql
ENV CERT_USER postgres
RUN apk add --no-cache postgresql postgresql-contrib ca-certificates RUN apk add --no-cache postgresql postgresql-contrib ca-certificates

17
README.md
View File

@ -2,6 +2,9 @@
tls certificates through [Let's Encrypt](https://letsencrypt.org/) with tls certificates through [Let's Encrypt](https://letsencrypt.org/) with
[lego](https://github.com/xenolf/lego). [lego](https://github.com/xenolf/lego).
Take a look at the [base image](https://gitlab.com/thallian/docker-confd-env/tree/lego)
for the certificate configuration.
# Volumes # Volumes
- `/var/lib/postgresql/data` - `/var/lib/postgresql/data`
- `/var/lib/postgresql/.lego`: certificates directory - `/var/lib/postgresql/.lego`: certificates directory
@ -11,19 +14,5 @@ tls certificates through [Let's Encrypt](https://letsencrypt.org/) with
Password for the postgre admin user. Password for the postgre admin user.
## POSTGRES_CA
- default: "https://acme-v01.api.letsencrypt.org/directory"
Which Acme Endpoint to use.
## POSTGRES_ACME_EMAIL
Email to use in the acme account.
## POSTGRES_DOMAIN
The domain the certificate uses.
## POSTGRES_DNS_PROVIDER
One of the list here: https://github.com/xenolf/lego/tree/master/providers/dns
# Ports # Ports
- 5432 - 5432

11
rootfs/bin/concat-sans
View File

@ -1,11 +0,0 @@
#!/usr/bin/with-contenv sh
SAN_DOMAINS=""
export IFS=";"
for SAN in ${POSTGRES_SAN}
do
SAN_DOMAINS="${SAN_DOMAINS} --domains=\"${SAN}\""
done
echo ${SAN_DOMAINS}

21
rootfs/bin/renew-certificates
View File

@ -1,21 +0,0 @@
#!/usr/bin/with-contenv sh
cd /var/lib/postgresql
SAN_DOMAINS=$(/bin/concat-sans)
OLD_MOD=$(stat -c %y /var/lib/postgresql/.lego/certificates/${POSTGRES_DOMAIN}.crt)
lego \
--accept-tos \
--server="${POSTGRES_CA}" \
--email="${POSTGRES_ACME_EMAIL}" \
--domains="${POSTGRES_DOMAIN}" ${SAN_DOMAINS} \
--dns="${POSTGRES_DNS_PROVIDER}" \
renew --days 30
NEW_MOD=$(stat -c %y /var/lib/postgresql/.lego/certificates/${POSTGRES_DOMAIN}.crt)
if [ "${OLD_MOD}" != "${NEW_MOD}" ]; then
kill -s TERM $(head -1 ${PGDATA}/postmaster.pid)
fi

3
rootfs/bin/restart-services Normal file
View File

@ -0,0 +1,3 @@
#!/usr/bin/with-contenv sh
kill -s TERM $(head -1 ${PGDATA}/postmaster.pid)

24
rootfs/etc/cont-init.d/02-certificates
View File

@ -1,24 +0,0 @@
#!/usr/bin/with-contenv sh
cd /var/lib/postgresql
SAN_DOMAINS=$(/bin/concat-sans)
if [ ! -f /var/lib/postgresql/.lego/certificates/${POSTGRES_DOMAIN}.crt ]; then
chown -R postgres /var/lib/postgresql/.lego
s6-setuidgid postgres lego \
--accept-tos \
--server="${POSTGRES_CA}" \
--email="${POSTGRES_ACME_EMAIL}" \
--domains="${POSTGRES_DOMAIN}" ${SAN_DOMAINS} \
--dns="${POSTGRES_DNS_PROVIDER}" \
run
else
s6-setuidgid postgres lego \
--accept-tos \
--server="${POSTGRES_CA}" \
--email="${POSTGRES_ACME_EMAIL}" \
--domains="${POSTGRES_DOMAIN}" ${SAN_DOMAINS} \
--dns="${POSTGRES_DNS_PROVIDER}" \
renew --days 30
fi

1
rootfs/var/spool/cron/crontab/postgres
View File

@ -1 +0,0 @@
0 3 * * * /bin/renew-certificates