Writes configuration files for nginx based on running services and certificates
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.

generate.py 2.2KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647
  1. #!/usr/bin/env python3
  2. import argparse
  3. import etcdlib
  4. import jinja2
  5. import os
  6. parser = argparse.ArgumentParser()
  7. parser.add_argument('--name', help='Name of the docker host to request certificates for', default='unknown')
  8. parser.add_argument('--etcd-port', type=int, help='Port to connect to etcd on', default=2379)
  9. parser.add_argument('--etcd-host', help='Host to connect to etcd on', default='etcd')
  10. parser.add_argument('--etcd-prefix', help='Prefix to use when retrieving keys from etcd', default='/docker')
  11. parser.add_argument('--trusted-cert-path', help='Path to use for trusted CA certificate. Use "%s" for hostname', default='/letsencrypt/certs/%s/chain.pem')
  12. parser.add_argument('--cert-path', help='Path to use for certificates. Use "%s" for hostname', default='/letsencrypt/certs/%s/fullchain.pem')
  13. parser.add_argument('--cert-key-path', help='Path to use for certificate private keys. Use "%s" for hostname', default='/letsencrypt/certs/%s/privkey.pem')
  14. args = parser.parse_args()
  15. jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader('/'))
  16. template = jinja_env.get_template('nginx.tpl')
  17. fetcher = etcdlib.Connection(args.etcd_host, args.etcd_port, args.etcd_prefix)
  18. while True:
  19. services = []
  20. domains = {k: v.split(',') for k, v in fetcher.get_label('com.chameth.vhost').items()}
  21. protocols = fetcher.get_label('com.chameth.proxy.protocol')
  22. defaults = fetcher.get_label('com.chameth.proxy.default')
  23. for container, values in fetcher.get_label('com.chameth.proxy').items():
  24. networks = fetcher.get_networks(container)
  25. services.append({
  26. 'protocol': protocols[container] if container in protocols else 'http',
  27. 'vhosts': domains[container],
  28. 'host': next(iter(networks.values())), # TODO: Pick a bridge sensibly?
  29. 'port': values,
  30. 'certificate': args.cert_path % domains[container][0],
  31. 'trusted_certificate': args.trusted_cert_path % domains[container][0],
  32. 'certificate_key': args.cert_key_path % domains[container][0],
  33. 'default': container in defaults,
  34. })
  35. with open('/nginx-config/vhosts.conf', 'w') as f:
  36. print('Writing vhosts.conf...', flush=True)
  37. f.write(template.render(services=services))
  38. print('Done writing config.', flush=True)
  39. fetcher.wait_for_update()