From d186d5a2cf1ba29ac9f95c9840db46f16c1d047d Mon Sep 17 00:00:00 2001 From: hoostine Date: Thu, 23 May 2024 03:21:50 +0000 Subject: [PATCH] first --- Caddyfile | 13 +++++ Dockerfile | 12 +++++ docker-compose.yml | 49 +++++++++++++++++++ .../.env-from-docker-secrets | 45 +++++++++++++++++ docker/entrypoint/docker-entrypoint.sh | 32 ++++++++++++ 5 files changed, 151 insertions(+) create mode 100644 Caddyfile create mode 100644 Dockerfile create mode 100644 docker-compose.yml create mode 100755 docker/entrypoint/docker-entrypoint.d/.env-from-docker-secrets create mode 100755 docker/entrypoint/docker-entrypoint.sh diff --git a/Caddyfile b/Caddyfile new file mode 100644 index 0000000..ee88e45 --- /dev/null +++ b/Caddyfile @@ -0,0 +1,13 @@ +{ + email hoostine@gmail.com + acme_ca https://acme-staging-v02.api.letsencrypt.org/directory + acme_dns route53 { + max_retries 10 + region "us-east-1" + } + key_type p384 +} + +gitea.nopants.ctop.us { + reverse_proxy gitea:3000 +} diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..a4c42b4 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,12 @@ +FROM caddy:2.7.6-builder AS builder + +RUN xcaddy build \ + --with github.com/caddy-dns/route53@v1.3.3 \ + --with github.com/lucaslorentz/caddy-docker-proxy/v2@v2.8.11 + +FROM caddy:2.7.6 + +COPY --from=builder /usr/bin/caddy /usr/bin/caddy +COPY ./docker/entrypoint / +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["caddy", "run", "--config", "/etc/caddy/Caddyfile", "--adapter", "caddyfile"] diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..e670483 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,49 @@ +services: + caddy: + image: octopus/caddy:v2.7.6 + restart: unless-stopped + environment: + - AWS_ACCESS_KEY_ID=DOCKER-SECRET->r53-aws-access-key + - AWS_SECRET_ACCESS_KEY=DOCKER-SECRET->r53-aws-secret-access-key + networks: + - caddy + ports: + - "80:80" + - "443:443" + - "3001:3001" + volumes: + - caddy_data:/data + - caddy_config:/config + deploy: + placement: + constraints: + - node.role == manager + replicas: 1 + update_config: + parallelism: 2 + delay: 10s + secrets: + - r53-aws-access-key + - r53-aws-secret-access-key + configs: + - source: caddyfile.v0 + target: /etc/caddy/Caddyfile + + +networks: + caddy: + attachable: true + +volumes: + caddy_data: + caddy_config: + +configs: + caddyfile.v0: + external: true + +secrets: + r53-aws-access-key: + external: true + r53-aws-secret-access-key: + external: true diff --git a/docker/entrypoint/docker-entrypoint.d/.env-from-docker-secrets b/docker/entrypoint/docker-entrypoint.d/.env-from-docker-secrets new file mode 100755 index 0000000..b141ce6 --- /dev/null +++ b/docker/entrypoint/docker-entrypoint.d/.env-from-docker-secrets @@ -0,0 +1,45 @@ +# EXPANDING VARIABLES FROM DOCKER SECRETS +: ${ENV_SECRETS_DIR:=/run/secrets} + +env_secret_debug() +{ + if [ ! -z "$ENV_SECRETS_DEBUG" ]; then + echo -e "\033[1m$@\033[0m" + fi +} + +# usage: env_secret_expand VAR +# ie: env_secret_expand 'XYZ_DB_PASSWORD' +# (will check for "$XYZ_DB_PASSWORD" variable value for a placeholder that defines the +# name of the docker secret to use instead of the original value. For example: +# XYZ_DB_PASSWORD="DOCKER-SECRET->:my-db_secret" +env_secret_expand() { + var="$1" + eval val=\$$var + if secret_name=$(expr match "$val" "DOCKER-SECRET->\([^}]\+\)$"); then + secret="${ENV_SECRETS_DIR}/${secret_name}" + env_secret_debug "Secret file for $var: $secret" + if [ -f "$secret" ]; then + val=$(cat "${secret}") + export "$var"="$val" + env_secret_debug "Expanded variable: $var=$val" + else + env_secret_debug "Secret file does not exist! $secret" + fi + fi +} + +env_secrets_expand() { + for env_var in $(printenv | cut -f1 -d"=") + do + env_secret_expand $env_var + done + + if [ ! -z "$ENV_SECRETS_DEBUG" ]; then + echo -e "\n\033[1mExpanded environment variables\033[0m" + printenv + fi +} + +env_secrets_expand + diff --git a/docker/entrypoint/docker-entrypoint.sh b/docker/entrypoint/docker-entrypoint.sh new file mode 100755 index 0000000..c0abbd7 --- /dev/null +++ b/docker/entrypoint/docker-entrypoint.sh @@ -0,0 +1,32 @@ +#!/bin/sh +# vim:sw=4:ts=4:et + +set -e + +. /docker-entrypoint.d/.env-from-docker-secrets + +if /usr/bin/find "/docker-entrypoint.d/" -mindepth 1 -maxdepth 1 -type f -print -quit 2>/dev/null | read v; then + echo "$0: /docker-entrypoint.d/ is not empty, will attempt to perform configuration" + + echo "$0: Looking for shell scripts in /docker-entrypoint.d/" + find "/docker-entrypoint.d/" -follow -type f -print | sort -V | while read -r f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + echo "$0: Launching $f"; + "$f" + else + # warn on shell scripts without exec bit + echo "$0: Ignoring $f, not executable"; + fi + ;; + *) echo "$0: Ignoring $f";; + esac +done + +echo "$0: Configuration complete; ready for start up" +else + echo "$0: No files found in /docker-entrypoint.d/, skipping configuration" +fi + +exec "$@"