update
This commit is contained in:
@@ -1,8 +1,6 @@
|
||||
version: "3.7"
|
||||
|
||||
services:
|
||||
letsencrypt:
|
||||
image: harbor.colben.cn/general/letsencrypt
|
||||
image: harbor.boyachain.cn:20443/general/letsencrypt:latest
|
||||
container_name: letsencrypt
|
||||
restart: "no"
|
||||
stop_grace_period: 1m
|
||||
@@ -18,7 +16,7 @@ services:
|
||||
target: /var/log/letsencrypt
|
||||
|
||||
letsencrypt-wildcard:
|
||||
image: harbor.colben.cn/general/letsencrypt
|
||||
image: harbor.boyachain.cn:20443/general/letsencrypt:latest
|
||||
container_name: letsencrypt-wildcard
|
||||
restart: "no"
|
||||
stop_grace_period: 1m
|
||||
|
||||
@@ -1,30 +1,31 @@
|
||||
i#!/bin/bash
|
||||
#!/bin/bash
|
||||
#=========================================
|
||||
# Author : colben
|
||||
# Create : 2022-04-04 10:12
|
||||
# Author : Colben
|
||||
# Create : 2025-11-01 20:10
|
||||
#=========================================
|
||||
|
||||
set -euo pipefail
|
||||
umask 022
|
||||
export LANG=en_US.UTF-8
|
||||
trap Quit EXIT
|
||||
export TENCENTCLOUD_SECRET_ID='tencent secret id'
|
||||
export TENCENTCLOUD_SECRET_KEY='tencent secret key'
|
||||
|
||||
SECRET_ID='tencent secret id'
|
||||
SECRET_KEY='tencent secret key'
|
||||
DOMAIN=$CERTBOT_DOMAIN
|
||||
SUB_DOMAIN=_acme-challenge
|
||||
RECORD_ID=
|
||||
RECORD_VA=$CERTBOT_VALIDATION
|
||||
PID_FILE=/tmp/$(basename ${0%.sh}).pid
|
||||
|
||||
if [ -t 0 ]; then
|
||||
function Print { echo -e "\033[32;1m$(date +'[%F %T]') $*\033[0m"; }
|
||||
function Warn { echo -e "\033[33;1m$(date +'[%F %T]') $*\033[0m"; }
|
||||
function Error { echo -e "\033[31;1m$(date +'[%F %T]') $*\033[0m"; exit 1; }
|
||||
function Print { echo -e "\033[36;1m$(date +'[%F %T]')\033[32;1m $*\033[0m"; }
|
||||
function Warn { echo -e "\033[36;1m$(date +'[%F %T]')\033[33;1m $*\033[0m"; }
|
||||
function Error { echo -e "\033[36;1m$(date +'[%F %T]')\033[31;1m $*\033[0m"; exit 1; }
|
||||
function ErrorOnly { echo -e "\033[36;1m$(date +'[%F %T]')\033[31;1m $*\033[0m"; }
|
||||
else
|
||||
#exec &> ${0%.sh}.out
|
||||
function Print { echo -e "$(date +'[%F %T] INFO') $*"; }
|
||||
function Warn { echo -e "$(date +'[%F %T] WARN') $*"; }
|
||||
function Error { echo -e "$(date +'[%F %T] ERROR') $*"; exit 1; }
|
||||
#exec &> /var/log/$(basename ${0%.sh}).out
|
||||
function Print { echo -e "$(date +'[%F %T INFO]') $*"; }
|
||||
function Warn { echo -e "$(date +'[%F %T WARN]') $*"; }
|
||||
function Error { echo -e "$(date +'[%F %T ERROR]') $*"; exit 1; }
|
||||
function ErrorOnly { echo -e "$(date +'[%F %T ERROR]') $*"; }
|
||||
fi
|
||||
|
||||
function Quit {
|
||||
@@ -35,107 +36,70 @@ function Quit {
|
||||
sleep 30
|
||||
}
|
||||
|
||||
function GetSignature {
|
||||
local sha1Str=$(echo -n "GET$1" | openssl dgst -sha1 -hmac "$SECRET_KEY" -binary)
|
||||
echo -n "$sha1Str" | base64 | sed -e 's/=/%3D/g' -e 's/+/%2B/g'
|
||||
function GetTxtRecord {
|
||||
local record="txt record: $SUB_DOMAIN.$DOMAIN"
|
||||
local err=
|
||||
local resp=
|
||||
Warn Getting $record ...
|
||||
resp=$(tccli dnspod DescribeRecordList \
|
||||
--Domain $DOMAIN \
|
||||
--Subdomain $SUB_DOMAIN \
|
||||
--RecordType TXT) || err=$?
|
||||
[ '255' == "$err" ] \
|
||||
&& Warn Not found $record! \
|
||||
&& return 0
|
||||
[ -n "$err" ] \
|
||||
&& echo "$resp" \
|
||||
&& ErrorOnly Failed to get $record! \
|
||||
&& return $err
|
||||
RECORD_ID=$(echo $resp | jq -rM ".RecordList[0].RecordId")
|
||||
}
|
||||
|
||||
function ListRecord {
|
||||
Warn Get request url ...
|
||||
local sign=
|
||||
local resp=
|
||||
local url='cns.api.qcloud.com/v2/index.php'
|
||||
url="${url}?Action=RecordList"
|
||||
url="${url}&Nonce=$RANDOM"
|
||||
url="${url}&SecretId=$SECRET_ID"
|
||||
url="${url}&Timestamp=$(date +%s)"
|
||||
url="${url}&Version=2018-08-08"
|
||||
url="${url}&domain=$DOMAIN"
|
||||
sign=$(GetSignature "$url")
|
||||
Warn List record ...
|
||||
resp=$(curl -sSL -XGET "https://$url&Signature=$sign" | jq -eM .)
|
||||
[ '0' != "$(echo $resp | jq -crM .code)" ] && echo "$resp" && exit 1
|
||||
RECORD_ID=$(echo $resp | jq -crM ".data.records[] | select(.name == \"$SUB_DOMAIN\") | .id")
|
||||
function CreateTxtRecord {
|
||||
local record="txt record: $SUB_DOMAIN.$DOMAIN"
|
||||
Warn Creating $record ...
|
||||
tccli dnspod CreateTXTRecord \
|
||||
--Domain $DOMAIN \
|
||||
--SubDomain $SUB_DOMAIN \
|
||||
--RecordLine '默认' \
|
||||
--Value $RECORD_VA \
|
||||
&& Print Succeeded to create $record. \
|
||||
&& return 0
|
||||
ErrorOnly Failed to create $record!
|
||||
}
|
||||
|
||||
function CreateRecord {
|
||||
Warn Get request url ...
|
||||
local sign=
|
||||
local resp=
|
||||
local url='cns.api.qcloud.com/v2/index.php'
|
||||
url="${url}?Action=RecordCreate"
|
||||
url="${url}&Nonce=$RANDOM"
|
||||
url="${url}&SecretId=$SECRET_ID"
|
||||
url="${url}&Timestamp=$(date +%s)"
|
||||
url="${url}&Version=2018-08-08"
|
||||
url="${url}&domain=$DOMAIN"
|
||||
url="${url}&recordLine=默认"
|
||||
url="${url}&recordType=TXT"
|
||||
url="${url}&subDomain=$SUB_DOMAIN"
|
||||
url="${url}&value=$RECORD_VA"
|
||||
sign=$(GetSignature "$url")
|
||||
Warn Create sub_domain: $SUB_DOMAIN with value: $RECORD_VA ...
|
||||
resp=$(curl -sSL -XGET "https://$url&Signature=$sign" | jq -eM .)
|
||||
[ '0' != "$(echo $resp | jq -crM .code)" ] && echo "$resp" && exit 1
|
||||
return 0
|
||||
}
|
||||
|
||||
function ModifyRecord {
|
||||
Warn Get request url ...
|
||||
local sign=
|
||||
local resp=
|
||||
local url='cns.api.qcloud.com/v2/index.php'
|
||||
url="${url}?Action=RecordModify"
|
||||
url="${url}&Nonce=$RANDOM"
|
||||
url="${url}&SecretId=$SECRET_ID"
|
||||
url="${url}&Timestamp=$(date +%s)"
|
||||
url="${url}&Version=2018-08-08"
|
||||
url="${url}&domain=$CERTBOT_DOMAIN"
|
||||
url="${url}&recordId=$RECORD_ID"
|
||||
url="${url}&recordLine=默认"
|
||||
url="${url}&recordType=TXT"
|
||||
url="${url}&subDomain=$SUB_DOMAIN"
|
||||
url="${url}&value=$RECORD_VA"
|
||||
sign=$(GetSignature "$url")
|
||||
Warn Modify record: $RECORD_ID with value: $RECORD_VA ...
|
||||
resp=$(curl -sSL -XGET "https://$url&Signature=$sign" | jq -eM .)
|
||||
[ '0' != "$(echo $resp | jq -crM .code)" ] && echo "$resp" && exit 1
|
||||
return 0
|
||||
function ModifyTxtRecord {
|
||||
local record="txt record: $SUB_DOMAIN.$DOMAIN"
|
||||
Warn Modifying $record ...
|
||||
tccli dnspod ModifyTXTRecord \
|
||||
--Domain $DOMAIN \
|
||||
--SubDomain $SUB_DOMAIN \
|
||||
--RecordId $RECORD_ID \
|
||||
--RecordLine '默认' \
|
||||
--Value $RECORD_VA \
|
||||
&& Print Succeeded to modify $record. \
|
||||
&& return 0
|
||||
ErrorOnly Failed to modify $record!
|
||||
}
|
||||
|
||||
function DeleteRecord {
|
||||
Warn Get request url ...
|
||||
local sign=
|
||||
local resp=
|
||||
local url='cns.api.qcloud.com/v2/index.php'
|
||||
url="${url}?Action=RecordDelete"
|
||||
url="${url}&Nonce=$RANDOM"
|
||||
url="${url}&SecretId=$SECRET_ID"
|
||||
url="${url}&Timestamp=$(date +%s)"
|
||||
url="${url}&Version=2018-08-08"
|
||||
url="${url}&domain=$DOMAIN"
|
||||
url="${url}&recordId=$RECORD_ID"
|
||||
sign=$(GetSignature "$url")
|
||||
Warn Delete record $RECORD_ID ...
|
||||
resp=$(curl -sSL -XGET "https://$url&Signature=$sign" | jq -eM .)
|
||||
[ '0' != "$(echo $resp | jq -crM .code)" ] && echo "$resp" && exit 1
|
||||
return 0
|
||||
local record="record: $SUB_DOMAIN.$DOMAIN"
|
||||
Warn Deleting $record ...
|
||||
tccli dnspod DeleteRecord \
|
||||
--Domain $DOMAIN \
|
||||
--RecordId $RECORD_ID \
|
||||
&& Print Succeeded to delete $record. \
|
||||
&& return 0
|
||||
ErrorOnly Failed to delete $record!
|
||||
}
|
||||
|
||||
function Main {
|
||||
[ -e "$PID_FILE" ] && Error Pid file $PID_FILE already exists, quit!
|
||||
echo $$ > $PID_FILE
|
||||
for _ in {1..5}; do
|
||||
ListRecord || continue
|
||||
if [ -z "$RECORD_ID" ]; then
|
||||
CreateRecord || continue
|
||||
else
|
||||
ModifyRecord || continue
|
||||
fi
|
||||
END=1
|
||||
return 0
|
||||
done
|
||||
return 1
|
||||
trap Quit EXIT
|
||||
GetTxtRecord
|
||||
[ -z "$RECORD_ID" ] && CreateTxtRecord
|
||||
[ -z "$RECORD_ID" ] || ModifyTxtRecord
|
||||
END=1
|
||||
return 0
|
||||
}
|
||||
|
||||
# Start here
|
||||
|
||||
@@ -1,10 +1,19 @@
|
||||
ARG ARCH
|
||||
FROM harbor.colben.cn/general/alpine$ARCH
|
||||
FROM harbor.colben.cn/general/alpine-python$ARCH:latest
|
||||
MAINTAINER Colben colbenlee@gmail.com
|
||||
ARG ALI
|
||||
ADD --chown=root:root /ADD/ /opt/
|
||||
RUN apk update \
|
||||
&& apk add --no-cache certbot openssl jq \
|
||||
&& apk add --no-cache certbot openssl jq bind-tools \
|
||||
&& mkdir -p /etc/letsencrypt /var/log/letsencrypt \
|
||||
&& rm -rf /var/cache/apk/*
|
||||
&& curl -LO https://aliyuncli.alicdn.com/$ALI \
|
||||
&& tar zxf $ALI \
|
||||
&& mv aliyun /usr/bin/ \
|
||||
&& pip3 install \
|
||||
-i https://pypi.tuna.tsinghua.edu.cn/simple \
|
||||
--trusted-host pypi.tuna.tsinghua.edu.cn \
|
||||
--break-system-packages \
|
||||
tccli \
|
||||
&& rm -rf $ALI /root/.cache/pip /var/cache/apk/*
|
||||
CMD ["/opt/ccmd"]
|
||||
|
||||
|
||||
@@ -10,6 +10,7 @@ export LANG=en_US.UTF-8
|
||||
[ 'x86_64' == "$(uname -m)" ] && ARCH='' || ARCH="-$(uname -m)"
|
||||
ROOT_DIR="$(cd $(dirname $0) && pwd)"
|
||||
IMAGE="harbor.colben.cn/general/$(basename ${0%.sh})$ARCH:latest"
|
||||
ALI=
|
||||
|
||||
if [ -t 0 ]; then
|
||||
function Print { echo -e "\033[36;1m$(date +'[%F %T]')\033[32;1m $*\033[0m"; }
|
||||
@@ -41,7 +42,7 @@ function YesOrNo {
|
||||
}
|
||||
|
||||
function Update {
|
||||
:
|
||||
[ -z "$ARCH" ] && ALI=aliyun-cli-linux-latest-amd64.tgz || ALI=aliyun-cli-linux-latest-arm64.tgz
|
||||
}
|
||||
|
||||
function Build {
|
||||
@@ -51,7 +52,7 @@ function Build {
|
||||
&& Warn Removing image $IMAGE ... \
|
||||
&& docker rmi $IMAGE
|
||||
Warn Building image: $IMAGE ...
|
||||
docker build --force-rm --build-arg ARCH="$ARCH" -t $IMAGE .
|
||||
docker build --force-rm --build-arg ARCH="$ARCH" --build-arg ALI="$ALI" -t $IMAGE .
|
||||
YesOrNo Push image: $IMAGE? && docker push $IMAGE
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user