ervin/acme.sh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rewrote dockerfile for running as acmesh user and not root

Browse Source
This commit is contained in:
fra 2021-01-19 15:08:49 +01:00
parent b7a3fe05a4
commit 16284904eb
1 changed files with 31 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
Dockerfile
View File

@ -16,19 +16,37 @@ RUN apk update -f \
&& rm -rf /var/cache/apk/* && rm -rf /var/cache/apk/*
ENV LE_CONFIG_HOME /acme.sh ENV LE_CONFIG_HOME /acme.sh
ENV UID 1000
ENV GID 1000
ARG AUTO_UPGRADE=1 ARG AUTO_UPGRADE=1
ENV AUTO_UPGRADE $AUTO_UPGRADE ENV AUTO_UPGRADE $AUTO_UPGRADE
ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.1.12/supercronic-linux-amd64 \
SUPERCRONIC=supercronic-linux-amd64 \
SUPERCRONIC_SHA1SUM=048b95b48b708983effb2e5c935a1ef8483d9e3e
#Install #Install
ADD ./ /install_acme.sh/ ADD ./ /home/acmesh/install_acme.sh/
RUN cd /install_acme.sh && ([ -f /install_acme.sh/acme.sh ] && /install_acme.sh/acme.sh --install || curl https://get.acme.sh | sh) && rm -rf /install_acme.sh/ RUN curl -fsSLO "$SUPERCRONIC_URL" \
&& echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - \
&& chmod +x "$SUPERCRONIC" \
&& mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
&& ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic
RUN addgroup -S -g $GID acmesh && \
adduser -S -u $UID -G acmesh -s /bin/sh acmesh && \
mkdir /acme.sh && chown acmesh /acme.sh && \
chown -R acmesh /home/acmesh/install_acme.sh
RUN ln -s /root/.acme.sh/acme.sh /usr/local/bin/acme.sh && crontab -l | grep acme.sh | sed 's#> /dev/null##' | crontab - USER acmesh
RUN cd /home/acmesh/install_acme.sh && \
/bin/sh /home/acmesh/install_acme.sh/acme.sh --install --nocron \
&& rm -rf /home/acmesh/install_acme.sh/
RUN for verb in help \ USER root
RUN ln -s /home/acmesh/.acme.sh/acme.sh /usr/local/bin/acme.sh && \
for verb in help \
version \ version \
install \ install \
uninstall \ uninstall \
@ -58,17 +76,21 @@ RUN for verb in help \
set-notify \ set-notify \
set-default-ca \ set-default-ca \
; do \ ; do \
printf -- "%b" "#!/usr/bin/env sh\n/root/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \ printf -- "%b" "#!/usr/bin/env sh\n/home/acmesh/.acme.sh/acme.sh --${verb} --config-home /acme.sh \"\$@\"" >/usr/local/bin/--${verb} && chmod +x /usr/local/bin/--${verb} \
; done ; done
RUN printf "%b" "$((1 + $RANDOM % 60)) 0 * * * /bin/sh /home/acmesh/.acme.sh/acme.sh --cron --config-home /acme.sh \n" > /acme_crontab && chmod a+r /acme_crontab
RUN printf "%b" '#!'"/usr/bin/env sh\n \ RUN printf "%b" '#!'"/usr/bin/env sh\n \
if [ \"\$1\" = \"daemon\" ]; then \n \ if [ \"\$1\" = \"daemon\" ]; then \n \
trap \"echo stop && killall crond && exit 0\" SIGTERM SIGINT \n \ trap \"pkill supercronic\" SIGTERM SIGINT \n \
crond && while true; do sleep 1; done;\n \ exec supercronic /acme_cron.tab \n \
else \n \ else \n \
exec -- \"\$@\"\n \ exec -- \"\$@\"\n \
fi" >/entry.sh && chmod +x /entry.sh fi" >/entry.sh && chmod a+x /entry.sh
USER acmesh
VOLUME /acme.sh VOLUME /acme.sh
ENTRYPOINT ["/entry.sh"] ENTRYPOINT ["/entry.sh"]