Création d'un conteneur chargé de copier les certificats depuis traefik

161efbe5 · Roma · Rémy Huet · 37e5c02b · 161efbe5 · 161efbe5
Unverified Commit 161efbe5 authored 6 years ago by Roma Committed by Rémy Huet 6 years ago
--- a/docker-compose/mail.yml
+++ b/docker-compose/mail.yml
@@ -15,25 +15,38 @@ services:
      - /var/lib/docker/volumes/mail-mda-log/_data:/var/log
    
  mail-mta:
-    build: ../pica-mail-mta
-    image: pica-mail-mta
-    container_name: pica-mail-mta
-#    ports:
+   build: ../pica-mail-mta
+   image: pica-mail-mta
+   container_name: pica-mail-mta
+#  ports:
 #      - "25:25"
-    networks:
+   networks:
      - mail
-    volumes:
+   volumes:
      - /var/lib/docker/volumes/mail-mta-log/_data:/var/log
-#      - /DATA/docker/mail/opendkim/nov2018.private:/etc/dkimkeys/nov2018.picasoft.net.rsa:ro
-    environment:
-      - LMTP_LAN_HOSTNAME=pica-mail-mda.pica_mail
-#    labels:
-#      - "traefik.frontend.rule=Host:mail-test-picasoft.maliach.fr"
+      - /DATA/docker/mail/opendkim/nov2018.private:/etc/dkimkeys/nov2018.picasoft.net.rsa:ro
+   environment:
+     - LMTP_LAN_HOSTNAME=pica-mail-mda.pica_mail
+   labels:
+      - "traefik.frontend.rule=Host:mail-test-picasoft.maliach.fr"
 #      - "traefik.port=80"
-#      - "traefik.enable=true"
-#      - "traefik.docker.network=pica_mail"
+      - "traefik.enable=true"
+      - "traefik.docker.network=pica_mail"
+
+  mail-copy-certs:
+    build: ../pica-mail-copy-certs
+    image: pica-mail-copy-certs
+    container_name: pica-mail-copy-certs
+    volumes:
+#contient acme.json
+      - /DATA/docker/traefik/certs/:/DATA/docker/traefik/certs/
+#output
+      - /DATA/docker/mail/ssl/:/DATA/docker/mail/ssl/
+    environment:
+      - DOMAIN=mail-test-picasoft.maliach.fr
+

-#on demande à traefik de générer un certificat (qu'on va récupérer dans acme.json) mais on n'expose aucun service.
+   

 networks:
  mail:

--- a/pica-mail-copy-certs/Dockerfile
+++ b/pica-mail-copy-certs/Dockerfile
+From alpine
+COPY ./update-certs-pica-mail.sh /scripts/pica-mail-copy-certs.sh
+RUN apk add --no-cache jq
+ENTRYPOINT ["/scripts/pica-mail-copy-certs.sh"]
--- a/pica-mail-copy-certs/update-certs-pica-mail.sh
+++ b/pica-mail-copy-certs/update-certs-pica-mail.sh
+#!/bin/sh
+echo pica-copying certs for ${DOMAIN} from /DATA/docker/traefik/certs/acme.json to /DATA/docker/mail/ssl
+cat /DATA/docker/traefik/certs/acme.json | jq -r --arg domain ${DOMAIN} '.Certificates[] | if .Domain.Main == $domain then . else empty end | .Certificate' > /DATA/docker/mail/ssl/cert
+cat /DATA/docker/traefik/certs/acme.json | jq -r --arg domain ${DOMAIN} '.Certificates[] | if .Domain.Main == $domain then . else empty end | .Key' > /DATA/docker/mail/ssl/key