add code to extract all resolving domains from the containers
This commit is contained in:
parent
a57fa08340
commit
27ba704ee6
@ -9,13 +9,15 @@ RUN apt-get update; \
|
|||||||
git clone https://github.com/letsencrypt/letsencrypt ;\
|
git clone https://github.com/letsencrypt/letsencrypt ;\
|
||||||
cd /letsencrypt ;\
|
cd /letsencrypt ;\
|
||||||
./letsencrypt-auto --help
|
./letsencrypt-auto --help
|
||||||
|
RUN pip3 install docker-py
|
||||||
|
|
||||||
ADD haproxy_ssl.conf /haproxy_ssl.conf
|
ADD haproxy_ssl.conf /haproxy_ssl.conf
|
||||||
ADD haproxy.conf /haproxy.conf
|
ADD haproxy.conf /haproxy.conf
|
||||||
ADD letencrypt.conf /letencrypt.conf
|
ADD letencrypt.conf /letencrypt.conf
|
||||||
|
|
||||||
ADD start.py /start.py
|
ADD start.py /start.py
|
||||||
RUN chmod +x /start.py
|
ADD list_domains.py /list_domains.py
|
||||||
|
RUN chmod +x /*.py
|
||||||
|
|
||||||
VOLUME ["/data"]
|
VOLUME ["/data"]
|
||||||
|
|
||||||
|
|||||||
6
NOTES
6
NOTES
@ -1,12 +1,14 @@
|
|||||||
|
|
||||||
# Nach start von haproxy ohne ssl:
|
# Nach start von haproxy ohne ssl:
|
||||||
/letsencrypt/letsencrypt-auto --config letencrypt.conf certonly -d lusiardi.de
|
/letsencrypt/letsencrypt-auto --config letencrypt.conf certonly -d lusiardi.de
|
||||||
cat /data/config/live/lusiardi.de/fullchain.pem /data/config/live/lusiardi.de/privkey.pem > /data/haproxy/cert.pem
|
DIR=`ls -td /data/config/live/*/ | head -1`
|
||||||
|
cat ${DIR}/fullchain.pem ${DIR}/privkey.pem > /data/haproxy/cert.pem
|
||||||
|
|
||||||
|
|
||||||
# Nach start von haproxy mit ssl:
|
# Nach start von haproxy mit ssl:
|
||||||
/letsencrypt/letsencrypt-auto --config letencrypt.conf certonly --standalone-supported-challenges http-01 --http-01-port 54321 --expand -d lusiardi.de -d ps.lusiardi.de
|
/letsencrypt/letsencrypt-auto --config letencrypt.conf certonly --standalone-supported-challenges http-01 --http-01-port 54321 --expand -d lusiardi.de -d ps.lusiardi.de
|
||||||
cat /data/config/live/lusiardi.de/fullchain.pem /data/config/live/lusiardi.de/privkey.pem > /data/haproxy/cert.pem
|
DIR=`ls -td /data/config/live/*/ | head -1`
|
||||||
|
cat ${DIR}/fullchain.pem ${DIR}/privkey.pem > /data/haproxy/cert.pem
|
||||||
|
|
||||||
# aufräumen
|
# aufräumen
|
||||||
rm -rf /data/*
|
rm -rf /data/*
|
||||||
|
|||||||
71
list_domains.py
Normal file
71
list_domains.py
Normal file
@ -0,0 +1,71 @@
|
|||||||
|
#!/usr/bin/python3.4
|
||||||
|
|
||||||
|
from docker import Client
|
||||||
|
from docker.errors import APIError
|
||||||
|
from string import Template
|
||||||
|
import json
|
||||||
|
import signal
|
||||||
|
import os
|
||||||
|
from socket import getaddrinfo
|
||||||
|
|
||||||
|
def get_if_available(dict, key, defValue):
|
||||||
|
if key in dict:
|
||||||
|
return dict[key]
|
||||||
|
else:
|
||||||
|
return defValue
|
||||||
|
|
||||||
|
def analyse_proxy_data(data):
|
||||||
|
"""Extracts the data for the proxy configuration (envrionment variable
|
||||||
|
'PROXY_DATA' and converts it to a dictionary."""
|
||||||
|
proxy_data = {}
|
||||||
|
for proxy_var in data['PROXY_DATA'].split(','):
|
||||||
|
t = proxy_var.split(":",1)
|
||||||
|
proxy_data[t[0]] = t[1]
|
||||||
|
return proxy_data
|
||||||
|
|
||||||
|
def analyse_env_vars(inspect_data):
|
||||||
|
"""Extracts the environment variables from the given result of an 'inspect
|
||||||
|
container' call."""
|
||||||
|
env_data = {}
|
||||||
|
if not 'Env' in inspect_data['Config'] or inspect_data['Config']['Env'] is None:
|
||||||
|
return env_data
|
||||||
|
for env_var in inspect_data['Config']['Env']:
|
||||||
|
t = env_var.split("=")
|
||||||
|
env_data[t[0]] = t[1]
|
||||||
|
return env_data
|
||||||
|
|
||||||
|
def handle_container(id):
|
||||||
|
"""This function take a container's id and collects all data required
|
||||||
|
to create a proper proxy configuration. The configuration is then
|
||||||
|
written to the directory of temporary nginx files"""
|
||||||
|
inspect_data = client.inspect_container(id)
|
||||||
|
env_vars = analyse_env_vars(inspect_data)
|
||||||
|
if 'PROXY_DATA' in env_vars:
|
||||||
|
proxy_data = analyse_proxy_data(env_vars)
|
||||||
|
names = get_if_available(proxy_data, 'server_names', '').split(';')
|
||||||
|
return names
|
||||||
|
return []
|
||||||
|
|
||||||
|
def get_resolving_domains_from_containers(docker_client):
|
||||||
|
container_ids = client.containers(quiet=True)
|
||||||
|
domains = []
|
||||||
|
for container_id in container_ids:
|
||||||
|
domains.extend(handle_container(container_id['Id']))
|
||||||
|
|
||||||
|
resolved_domains = []
|
||||||
|
for domain in domains:
|
||||||
|
try:
|
||||||
|
getaddrinfo(domain, None)
|
||||||
|
resolved_domains.append(domain)
|
||||||
|
except Exception:
|
||||||
|
pass
|
||||||
|
|
||||||
|
return resolved_domains
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
|
||||||
|
client = Client(base_url='unix://var/run/docker.sock', version='1.15')
|
||||||
|
|
||||||
|
resolved_domains = get_resolving_domains_from_containers(client)
|
||||||
|
|
||||||
|
print(str(resolved_domains))
|
||||||
5
start.py
5
start.py
@ -12,6 +12,9 @@ pid_file='/haproxy.pid'
|
|||||||
|
|
||||||
|
|
||||||
def hash_cert_file():
|
def hash_cert_file():
|
||||||
|
"""Creates the sha256 hash of the certifcate file for haproxy. If the file
|
||||||
|
does not exist, an empty string is returned.
|
||||||
|
"""
|
||||||
if not os.path.isfile(cert_file):
|
if not os.path.isfile(cert_file):
|
||||||
return ''
|
return ''
|
||||||
aFile = open(cert_file, 'rb')
|
aFile = open(cert_file, 'rb')
|
||||||
@ -109,5 +112,3 @@ if __name__ == '__main__':
|
|||||||
start_haproxy()
|
start_haproxy()
|
||||||
logging.info('SSL -> NON SSL')
|
logging.info('SSL -> NON SSL')
|
||||||
SSL_RUNNING=False
|
SSL_RUNNING=False
|
||||||
# logging.info('haproxy is running: %s', str(is_haproxy_running()))
|
|
||||||
# logging.info('haproxy is running with SSL: %s', str(SSL_RUNNING))
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user