Baked acme.sh into binary and use it when required, removed docker healthcheck

backend/cmd/server/main.go

@@ -5,6 +5,7 @@ import (
 	"os/signal"
 	"syscall"
 
+	"npm/internal/acme"
 	"npm/internal/api"
 	"npm/internal/config"
 	"npm/internal/database"
@@ -26,6 +27,7 @@ func main() {
 		setting.ApplySettings()
 		database.CheckSetup()
 		go worker.StartCertificateWorker(appstate)
+		acme.WriteAcmeSh()
 
 		api.StartServer()
 		irqchan := make(chan os.Signal, 1)

backend/embed/acme.sh

@@ -1,6 +1,10 @@
 #!/usr/bin/bash
 
+VER=0.0.0
+
+echo "Given Args: ${*}"
+echo
 echo "This is a placeholder for the official acme.sh script"
-echo "that will be embedded into the binary. If you are seeing"
+echo "that will be embedded into the binary."
-echo "this message then something is not quite right."
+echo "If you are seeing this message then something is not quite right!"
 exit 1

backend/embed/main.go

@@ -16,4 +16,4 @@ var MigrationFiles embed.FS
 
 // AcmeSh script
 //go:embed acme.sh
-var AcmeSh embed.FS
+var AcmeSh string

backend/internal/acme/acmesh.go

@@ -0,0 +1,63 @@
+package acme
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"npm/embed"
+	"npm/internal/config"
+	"npm/internal/logger"
+)
+
+var acmeShFile string
+
+// GetAcmeShVersion will return the acme.sh script version
+func GetAcmeShVersion() string {
+	if r, err := acmeShExec("--version"); err == nil {
+		// modify the output
+		r = strings.Trim(r, "\n")
+		v := strings.Split(r, "\n")
+		return v[len(v)-1]
+	}
+	return ""
+}
+
+func acmeShExec(args ...string) (string, error) {
+	if _, err := os.Stat(acmeShFile); os.IsNotExist(err) {
+		e := fmt.Errorf("%s does not exist", acmeShFile)
+		logger.Error("AcmeShError", e)
+		return "", e
+	}
+
+	// nolint: gosec
+	c := exec.Command(acmeShFile, args...)
+	b, e := c.Output()
+
+	if e != nil {
+		logger.Error("AcmeShError", fmt.Errorf("Command error: %s -- %v\n%+v", acmeShFile, args, e))
+		logger.Warn(string(b))
+	}
+
+	return string(b), e
+}
+
+// WriteAcmeSh this will write our embedded acme.sh script to the data directory
+// and give it write permissions
+func WriteAcmeSh() {
+	if config.Configuration.DataFolder == "" {
+		logger.Error("AcmeShWriteError", fmt.Errorf("Configuration folder location is not set"))
+		return
+	}
+
+	acmeShFile = filepath.Clean(fmt.Sprintf("%s/acme.sh", config.Configuration.DataFolder))
+	// nolint: gosec
+	if err := ioutil.WriteFile(acmeShFile, []byte(embed.AcmeSh), 0755); err != nil {
+		logger.Error("AcmeShWriteError", err)
+	} else {
+		logger.Info("Wrote %s", acmeShFile)
+	}
+}

backend/internal/api/handler/health.go

@@ -2,6 +2,7 @@ package handler
 
 import (
 	"net/http"
+	"npm/internal/acme"
 	h "npm/internal/api/http"
 	"npm/internal/config"
 )
@@ -9,6 +10,7 @@ import (
 type healthCheckResponse struct {
 	Version        string `json:"version"`
 	Commit         string `json:"commit"`
+	AcmeShVersion  string `json:"acme.sh"`
 	Healthy        bool   `json:"healthy"`
 	IsSetup        bool   `json:"setup"`
 	ErrorReporting bool   `json:"error_reporting"`
@@ -23,6 +25,7 @@ func Health() func(http.ResponseWriter, *http.Request) {
 			Commit:         config.Commit,
 			Healthy:        true,
 			IsSetup:        config.IsSetup,
+			AcmeShVersion:  acme.GetAcmeShVersion(),
 			ErrorReporting: config.ErrorReporting,
 		}
 

docker/Dockerfile

@@ -63,8 +63,6 @@ RUN rm -rf /etc/services.d/frontend \
 VOLUME /data
 
 CMD [ "/init" ]
-# TODO: remove healthchecks
-HEALTHCHECK --interval=15s --timeout=3s CMD curl -f http://127.0.0.1:81/api || exit 1
 
 ARG NOW
 ARG BUILD_VERSION

docker/rootfs/etc/cont-init.d/10-nginx

@@ -18,7 +18,7 @@ mkdir -p /tmp/nginx/body \
 	/var/lib/nginx/cache/public \
 	/var/lib/nginx/cache/private \
 	/var/cache/nginx/proxy_temp \
-	/data/acme.sh
+	/data/acme
 
 touch /var/log/nginx/error.log && chmod 777 /var/log/nginx/error.log && chmod -R 777 /var/cache/nginx
 

scripts/ci/build-backend

@@ -10,6 +10,7 @@ BUILD_DATE=$(date '+%Y-%m-%d %T %Z')
 NOW=$(date --rfc-3339=s)
 
 cd $DIR/../..
+BACKEND=$(realpath "${DIR}/../../backend")
 
 if [ "$BUILD_COMMIT" = "" ]; then
 	BUILD_COMMIT=$(git log -n 1 --format=%h)
@@ -59,7 +60,16 @@ build_backend() {
 			./cmd/server
 }
 
+get_acmesh() {
+	ACME_FILE="${BACKEND}/embed/acme.sh"
+	echo -e "${BLUE}❯ ${CYAN}Fetching latest acme.sh ...${RESET}"
+	curl -o "${ACME_FILE}" 'https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh'
+	chmod +x "${ACME_FILE}"
+	echo -e "${BLUE}❯ ${CYAN}Saved as ${YELLOW}${ACME_FILE}${RESET}"
+}
+
 docker pull "${IMAGE}"
+get_acmesh
 
 build_backend "darwin" "amd64"
 build_backend "darwin" "arm64"