diff --git a/backend/cmd/server/main.go b/backend/cmd/server/main.go index 6701dc99..0963fa6f 100644 --- a/backend/cmd/server/main.go +++ b/backend/cmd/server/main.go @@ -5,6 +5,7 @@ import ( "os/signal" "syscall" + "npm/internal/acme" "npm/internal/api" "npm/internal/config" "npm/internal/database" @@ -26,6 +27,7 @@ func main() { setting.ApplySettings() database.CheckSetup() go worker.StartCertificateWorker(appstate) + acme.WriteAcmeSh() api.StartServer() irqchan := make(chan os.Signal, 1) diff --git a/backend/embed/acme.sh b/backend/embed/acme.sh old mode 100644 new mode 100755 index d6ff2f9d..f0ff098f --- a/backend/embed/acme.sh +++ b/backend/embed/acme.sh @@ -1,6 +1,10 @@ #!/usr/bin/bash +VER=0.0.0 + +echo "Given Args: ${*}" +echo echo "This is a placeholder for the official acme.sh script" -echo "that will be embedded into the binary. If you are seeing" -echo "this message then something is not quite right." +echo "that will be embedded into the binary." +echo "If you are seeing this message then something is not quite right!" exit 1 diff --git a/backend/embed/main.go b/backend/embed/main.go index 3b6c8ad6..2b1db35e 100644 --- a/backend/embed/main.go +++ b/backend/embed/main.go @@ -16,4 +16,4 @@ var MigrationFiles embed.FS // AcmeSh script //go:embed acme.sh -var AcmeSh embed.FS +var AcmeSh string diff --git a/backend/internal/acme/acmesh.go b/backend/internal/acme/acmesh.go new file mode 100644 index 00000000..1c830363 --- /dev/null +++ b/backend/internal/acme/acmesh.go @@ -0,0 +1,63 @@ +package acme + +import ( + "fmt" + "io/ioutil" + "os" + "os/exec" + "path/filepath" + "strings" + + "npm/embed" + "npm/internal/config" + "npm/internal/logger" +) + +var acmeShFile string + +// GetAcmeShVersion will return the acme.sh script version +func GetAcmeShVersion() string { + if r, err := acmeShExec("--version"); err == nil { + // modify the output + r = strings.Trim(r, "\n") + v := strings.Split(r, "\n") + return v[len(v)-1] + } + return "" +} + +func acmeShExec(args ...string) (string, error) { + if _, err := os.Stat(acmeShFile); os.IsNotExist(err) { + e := fmt.Errorf("%s does not exist", acmeShFile) + logger.Error("AcmeShError", e) + return "", e + } + + // nolint: gosec + c := exec.Command(acmeShFile, args...) + b, e := c.Output() + + if e != nil { + logger.Error("AcmeShError", fmt.Errorf("Command error: %s -- %v\n%+v", acmeShFile, args, e)) + logger.Warn(string(b)) + } + + return string(b), e +} + +// WriteAcmeSh this will write our embedded acme.sh script to the data directory +// and give it write permissions +func WriteAcmeSh() { + if config.Configuration.DataFolder == "" { + logger.Error("AcmeShWriteError", fmt.Errorf("Configuration folder location is not set")) + return + } + + acmeShFile = filepath.Clean(fmt.Sprintf("%s/acme.sh", config.Configuration.DataFolder)) + // nolint: gosec + if err := ioutil.WriteFile(acmeShFile, []byte(embed.AcmeSh), 0755); err != nil { + logger.Error("AcmeShWriteError", err) + } else { + logger.Info("Wrote %s", acmeShFile) + } +} diff --git a/backend/internal/api/handler/health.go b/backend/internal/api/handler/health.go index 6e128112..b4df7a09 100644 --- a/backend/internal/api/handler/health.go +++ b/backend/internal/api/handler/health.go @@ -2,6 +2,7 @@ package handler import ( "net/http" + "npm/internal/acme" h "npm/internal/api/http" "npm/internal/config" ) @@ -9,6 +10,7 @@ import ( type healthCheckResponse struct { Version string `json:"version"` Commit string `json:"commit"` + AcmeShVersion string `json:"acme.sh"` Healthy bool `json:"healthy"` IsSetup bool `json:"setup"` ErrorReporting bool `json:"error_reporting"` @@ -23,6 +25,7 @@ func Health() func(http.ResponseWriter, *http.Request) { Commit: config.Commit, Healthy: true, IsSetup: config.IsSetup, + AcmeShVersion: acme.GetAcmeShVersion(), ErrorReporting: config.ErrorReporting, } diff --git a/docker/Dockerfile b/docker/Dockerfile index d8f12e8c..d016681a 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -63,8 +63,6 @@ RUN rm -rf /etc/services.d/frontend \ VOLUME /data CMD [ "/init" ] -# TODO: remove healthchecks -HEALTHCHECK --interval=15s --timeout=3s CMD curl -f http://127.0.0.1:81/api || exit 1 ARG NOW ARG BUILD_VERSION diff --git a/docker/rootfs/etc/cont-init.d/10-nginx b/docker/rootfs/etc/cont-init.d/10-nginx index 4a3b38be..edfdaf26 100755 --- a/docker/rootfs/etc/cont-init.d/10-nginx +++ b/docker/rootfs/etc/cont-init.d/10-nginx @@ -18,7 +18,7 @@ mkdir -p /tmp/nginx/body \ /var/lib/nginx/cache/public \ /var/lib/nginx/cache/private \ /var/cache/nginx/proxy_temp \ - /data/acme.sh + /data/acme touch /var/log/nginx/error.log && chmod 777 /var/log/nginx/error.log && chmod -R 777 /var/cache/nginx diff --git a/scripts/ci/build-backend b/scripts/ci/build-backend index 7f39085e..c73bfd85 100755 --- a/scripts/ci/build-backend +++ b/scripts/ci/build-backend @@ -10,6 +10,7 @@ BUILD_DATE=$(date '+%Y-%m-%d %T %Z') NOW=$(date --rfc-3339=s) cd $DIR/../.. +BACKEND=$(realpath "${DIR}/../../backend") if [ "$BUILD_COMMIT" = "" ]; then BUILD_COMMIT=$(git log -n 1 --format=%h) @@ -59,7 +60,16 @@ build_backend() { ./cmd/server } +get_acmesh() { + ACME_FILE="${BACKEND}/embed/acme.sh" + echo -e "${BLUE}❯ ${CYAN}Fetching latest acme.sh ...${RESET}" + curl -o "${ACME_FILE}" 'https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh' + chmod +x "${ACME_FILE}" + echo -e "${BLUE}❯ ${CYAN}Saved as ${YELLOW}${ACME_FILE}${RESET}" +} + docker pull "${IMAGE}" +get_acmesh build_backend "darwin" "amd64" build_backend "darwin" "arm64"