From ac7424d53917158f8e303a8e738983aa46b1b64a Mon Sep 17 00:00:00 2001 From: Adam Dowling Date: Wed, 3 Apr 2019 00:52:09 +0100 Subject: [PATCH 1/5] Reog of scripts and addition of status targets --- Makefile | 14 +++++++++++--- logs.sh | 6 ------ genlocalcrt.sh => scripts/genlocalcrt.sh | 2 +- scripts/logs.sh | 5 +++++ start.sh => scripts/start.sh | 4 ++-- scripts/status.sh | 10 ++++++++++ stop.sh => scripts/stop.sh | 2 +- 7 files changed, 30 insertions(+), 13 deletions(-) delete mode 100755 logs.sh rename genlocalcrt.sh => scripts/genlocalcrt.sh (90%) create mode 100755 scripts/logs.sh rename start.sh => scripts/start.sh (79%) create mode 100755 scripts/status.sh rename stop.sh => scripts/stop.sh (76%) diff --git a/Makefile b/Makefile index 3ad5e3c..575c3ea 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,16 @@ +default: start + start: - ./start.sh + ./scripts/start.sh stop: - ./stop.sh + ./scripts/stop.sh + +status: + ./scripts/status.sh + +status-watch: + watch -n 300 ./scripts/status.sh view-logs: - ./logs.sh + ./scripts/logs.sh diff --git a/logs.sh b/logs.sh deleted file mode 100755 index 9568323..0000000 --- a/logs.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash - -script_path=$(dirname $0) -cd $script_path - -docker-compose logs -f traefik diff --git a/genlocalcrt.sh b/scripts/genlocalcrt.sh similarity index 90% rename from genlocalcrt.sh rename to scripts/genlocalcrt.sh index 45944d9..0ede378 100755 --- a/genlocalcrt.sh +++ b/scripts/genlocalcrt.sh @@ -5,7 +5,7 @@ openssl=`which openssl` openssldir=`${openssl} version -a | grep OPENSSLDIR | awk '{gsub(/"/, "", $2); print $2}'` opensslconf="${openssldir:-/System/Library/OpenSSL}/openssl.cnf" -if [ -f ${dir}/local.key ] && [ -f ${dir}/local.crt ] ; then +if [ -f "${dir}/local.key" ] && [ -f "${dir}/local.crt" ] ; then echo 'Certificate exists' exit fi diff --git a/scripts/logs.sh b/scripts/logs.sh new file mode 100755 index 0000000..9f0a6f5 --- /dev/null +++ b/scripts/logs.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +script_path=$(dirname $0) +cd "$script_path/.." \ + && docker-compose logs -f traefik diff --git a/start.sh b/scripts/start.sh similarity index 79% rename from start.sh rename to scripts/start.sh index d6193d8..9f02423 100755 --- a/start.sh +++ b/scripts/start.sh @@ -1,13 +1,13 @@ #!/usr/bin/env bash script_path=$(dirname $0) -cd $script_path +cd "$script_path/.." if [ ! -e ./.certs ]; then mkdir ./.certs fi -./genlocalcrt.sh ./.certs +./scripts/genlocalcrt.sh ./.certs if [ -z "$(docker network ls | fgrep -i proxy)" ]; then docker network create proxy diff --git a/scripts/status.sh b/scripts/status.sh new file mode 100755 index 0000000..b76e28d --- /dev/null +++ b/scripts/status.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +script_path=$(dirname $0) +cd "$script_path/.." + +docker ps +echo -e +df -h +echo -e +uptime diff --git a/stop.sh b/scripts/stop.sh similarity index 76% rename from stop.sh rename to scripts/stop.sh index 6a5716d..a983309 100755 --- a/stop.sh +++ b/scripts/stop.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash script_path=$(dirname $0) -cd $script_path +cd "$script_path/.." docker-compose down From 5dc40966398dc88bb5e72ee72358812c16f41622 Mon Sep 17 00:00:00 2001 From: Adam Dowling Date: Wed, 3 Apr 2019 01:26:01 +0100 Subject: [PATCH 2/5] Better self-signed certificate generation --- Makefile | 3 ++ scripts/defaults/cert.cnf | 22 +++++++++++ scripts/defaults/cert.cnf.dns | 1 + scripts/genlocalcrt.sh | 70 ++++++++++++++++++++++++++--------- scripts/logs.sh | 2 + scripts/start.sh | 4 +- scripts/status.sh | 2 + scripts/stop.sh | 3 +- 8 files changed, 87 insertions(+), 20 deletions(-) create mode 100644 scripts/defaults/cert.cnf create mode 100644 scripts/defaults/cert.cnf.dns diff --git a/Makefile b/Makefile index 575c3ea..414a59c 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,8 @@ default: start +certificate: + ./scripts/genlocalcrt.sh clean + start: ./scripts/start.sh diff --git a/scripts/defaults/cert.cnf b/scripts/defaults/cert.cnf new file mode 100644 index 0000000..e1ff0c8 --- /dev/null +++ b/scripts/defaults/cert.cnf @@ -0,0 +1,22 @@ +[req] +default_bits = 2048 +prompt = no +default_md = sha256 +x509_extensions = v3_req +distinguished_name = dn + +[dn] +C = GB +ST = Kent +L = Canterbury +O = Deeson +emailAddress = adamd@deeson.co.uk +CN = localhost + +[v3_req] +subjectAltName = @alt_names + +[alt_names] +DNS.1 = localhost +DNS.2 = *.localhost +DNS.3 = docker.local diff --git a/scripts/defaults/cert.cnf.dns b/scripts/defaults/cert.cnf.dns new file mode 100644 index 0000000..6e046c4 --- /dev/null +++ b/scripts/defaults/cert.cnf.dns @@ -0,0 +1 @@ +#DNS.4 = example.com diff --git a/scripts/genlocalcrt.sh b/scripts/genlocalcrt.sh index 0ede378..038cdbd 100755 --- a/scripts/genlocalcrt.sh +++ b/scripts/genlocalcrt.sh @@ -1,25 +1,59 @@ #!/usr/bin/env bash -dir=${1-.} -openssl=`which openssl` -openssldir=`${openssl} version -a | grep OPENSSLDIR | awk '{gsub(/"/, "", $2); print $2}'` -opensslconf="${openssldir:-/System/Library/OpenSSL}/openssl.cnf" +set -e + +script_path=$(dirname $0) +working_dir=$(pwd) +cd "$script_path/.." +repo_root=$(pwd) + +clean=0 +if [ "$1" == "clean" ]; then + clean=1 +fi + +defaults="${script_path}/defaults" +cert_dir=.certs +if [ ! -e "${cert_dir}" ]; then + mkdir -p "${cert_dir}" +fi + +if [ ! -f "${cert_dir}/cert.cnf" ]; then + cp "${defaults}/cert.cnf" "${cert_dir}/cert.cnf" +fi + +if [ ! -f "${cert_dir}/cert.cnf.dns" ]; then + cp "${defaults}/cert.cnf.dns" "${cert_dir}/cert.cnf.dns" +fi + +local_cert="${cert_dir}/local.crt" +local_key="${cert_dir}/local.key" -if [ -f "${dir}/local.key" ] && [ -f "${dir}/local.crt" ] ; then +if [ "${clean}" -eq 1 ]; then + if [ -f "${local_cert}" ]; then + unlink "${local_cert}" + fi + if [ -f "${local_key}" ]; then + unlink "${local_key}" + fi +fi + +if [ -f "${local_cert}" ] && [ -f "${local_key}" ] ; then echo 'Certificate exists' exit fi -$openssl req -new \ - -x509 \ - -nodes \ - -sha1 \ - -days 3650 \ - -newkey rsa:2048 \ - -keyout ${dir}/local.key \ - -out ${dir}/local.crt \ - -subj "/C=GB/ST=Local/L=Local/O=Local/CN=localhost" \ - -reqexts SAN \ - -extensions SAN \ - -config <(cat ${opensslconf} \ - <(printf '[SAN]\nsubjectAltName=DNS:localhost,DNS:*.localhost,DNS:docker.local')) +# Generate a self-signed certificate if one is missing. +# Certificate generation steps from https://somoit.net/security/security-create-self-signed-san-certificate-openssl. +openssl=`which openssl` +$openssl req \ + -new \ + -x509 \ + -nodes \ + -sha256 \ + -days 3650 \ + -newkey rsa:2048 \ + -keyout "${local_cert}" \ + -out "${local_key}" \ + -config <(cat "${cert_dir}/cert.cnf" \ + <(cat "${cert_dir}/cert.cnf.dns")) diff --git a/scripts/logs.sh b/scripts/logs.sh index 9f0a6f5..7dd0673 100755 --- a/scripts/logs.sh +++ b/scripts/logs.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash +set -e + script_path=$(dirname $0) cd "$script_path/.." \ && docker-compose logs -f traefik diff --git a/scripts/start.sh b/scripts/start.sh index 9f02423..185aa33 100755 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash +set -e + script_path=$(dirname $0) cd "$script_path/.." @@ -7,7 +9,7 @@ if [ ! -e ./.certs ]; then mkdir ./.certs fi -./scripts/genlocalcrt.sh ./.certs +./scripts/genlocalcrt.sh if [ -z "$(docker network ls | fgrep -i proxy)" ]; then docker network create proxy diff --git a/scripts/status.sh b/scripts/status.sh index b76e28d..1ee13c7 100755 --- a/scripts/status.sh +++ b/scripts/status.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash +set -e + script_path=$(dirname $0) cd "$script_path/.." diff --git a/scripts/stop.sh b/scripts/stop.sh index a983309..5d9c8fa 100755 --- a/scripts/stop.sh +++ b/scripts/stop.sh @@ -1,7 +1,8 @@ #!/usr/bin/env bash +set -e + script_path=$(dirname $0) cd "$script_path/.." docker-compose down - From ee6c64b06edb308a6acdc6347230b521df712371 Mon Sep 17 00:00:00 2001 From: Adam Dowling Date: Wed, 3 Apr 2019 01:34:01 +0100 Subject: [PATCH 3/5] Make sure we place key and cert in the correct files --- scripts/genlocalcrt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/genlocalcrt.sh b/scripts/genlocalcrt.sh index 038cdbd..d0c07cd 100755 --- a/scripts/genlocalcrt.sh +++ b/scripts/genlocalcrt.sh @@ -53,7 +53,7 @@ $openssl req \ -sha256 \ -days 3650 \ -newkey rsa:2048 \ - -keyout "${local_cert}" \ - -out "${local_key}" \ + -keyout "${local_key}" \ + -out "${local_cert}" \ -config <(cat "${cert_dir}/cert.cnf" \ <(cat "${cert_dir}/cert.cnf.dns")) From f47595394e51fbf02237dc0e55f1ab7363bdec75 Mon Sep 17 00:00:00 2001 From: Adam Dowling Date: Wed, 3 Apr 2019 01:38:58 +0100 Subject: [PATCH 4/5] Allow changing container name prefixes and base domain of Traefik rules for those times when you just want to run more than one instance of our Docker Traefik proxy --- .gitignore | 3 ++- docker-compose.yml | 6 +++--- scripts/defaults/.env | 2 ++ scripts/start.sh | 4 ++++ 4 files changed, 11 insertions(+), 4 deletions(-) create mode 100644 scripts/defaults/.env diff --git a/.gitignore b/.gitignore index 2126636..fad2f25 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -.certs +/.certs +/.env diff --git a/docker-compose.yml b/docker-compose.yml index a3e1699..bd2788a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '3' services: traefik: image: traefik:1.6.6-alpine - container_name: traefik + container_name: "${NAME}_traefik" command: --docker ports: - '80:80' @@ -15,9 +15,9 @@ services: networks: - proxy labels: - - 'traefik.frontend.rule=Host:monitor.localhost' + - 'traefik.frontend.rule=Host:monitor.${BASE_DOMAIN}' - 'traefik.port=8080' networks: proxy: - external: true + external: true diff --git a/scripts/defaults/.env b/scripts/defaults/.env new file mode 100644 index 0000000..1b00337 --- /dev/null +++ b/scripts/defaults/.env @@ -0,0 +1,2 @@ +NAME=dtp +BASE_DOMAIN=localhost diff --git a/scripts/start.sh b/scripts/start.sh index 185aa33..57b1018 100755 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -5,6 +5,10 @@ set -e script_path=$(dirname $0) cd "$script_path/.." +if [ ! -f .env ]; then + cp "${script_path}/defaults/.env" .env +fi + if [ ! -e ./.certs ]; then mkdir ./.certs fi From 74172f7e4ed13ef8963e5145e8cb3d418e6f35f7 Mon Sep 17 00:00:00 2001 From: Adam Dowling Date: Wed, 3 Apr 2019 01:43:41 +0100 Subject: [PATCH 5/5] Portainer! --- docker-compose.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index bd2788a..0cd5cfa 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,6 +18,20 @@ services: - 'traefik.frontend.rule=Host:monitor.${BASE_DOMAIN}' - 'traefik.port=8080' + portainer: + depends_on: + - traefik + image: portainer/portainer + container_name: "${NAME}_portainer" + command: --no-auth -H unix:///var/run/docker.sock + volumes: + - /var/run/docker.sock:/var/run/docker.sock + networks: + - proxy + labels: + - 'traefik.port=9000' + - 'traefik.frontend.rule=Host:portainer.${BASE_DOMAIN}' + networks: proxy: external: true