build everything inside dockerfile/add some scripts

Signed-off-by: Zoey <zoey@z0ey.de>
2025-08-03 07:53:39 +00:00 · 2023-03-16 21:52:41 +01:00
parent 437144211a
commit 4af50b7ef5
10 changed files with 307 additions and 206 deletions
--- a/rootfs/bin/certbot-cleaner.sh
+++ b/rootfs/bin/certbot-cleaner.sh
@@ -0,0 +1,90 @@
+#!/bin/sh
+
+# based on https://github.com/jlesage/docker-nginx-proxy-manager/blob/796734a/rootfs/opt/nginx-proxy-manager/bin/lecleaner
+
+BASE="/data/tls/certbot"
+live_dir="$BASE/live"
+archive_dir="$BASE/archive"
+csr_dir="$BASE/csr"
+key_dir="$BASE/keys"
+
+# Set of certificate paths actively used.
+in_use=""
+
+keep_count=0
+delete_count=0
+error_count=0
+
+remove_file() {
+    f="$1"
+    if rm -f "$f"; then
+        return 0
+    else
+        echo "ERROR: Could not remove $f." >&2
+        return 1
+    fi
+}
+
+# Build the set of certificates in use.
+for domain_dir in "$live_dir"/*; do
+    [ -e "$domain_dir" ] || continue
+    if [ ! -d "$domain_dir" ]; then
+        continue
+    fi
+    for certlink in "$domain_dir"/*; do
+        [ -e "$certlink" ] || continue
+        if [ ! -L "$certlink" ]; then
+            continue
+        fi
+        target=$(readlink -f "$certlink")
+        in_use="$in_use $target"
+    done
+done
+
+echo "----------------------------------------------------------"
+echo "Let's Encrypt certificates cleanup - $(date +"%Y/%m/%d %H:%M:%S")"
+echo "----------------------------------------------------------"
+
+# Remove all unused certificates from the archive directory.
+for domain_dir in "$archive_dir"/*; do
+    [ -e "$domain_dir" ] || continue
+    if [ ! -d "$domain_dir" ]; then
+        continue
+    fi
+    for certfile in "$domain_dir"/*; do
+        [ -e "$certlink" ] || continue
+        if echo "$in_use" | grep -q "$certfile"; then
+            echo "Keeping $certfile."
+            keep_count=$((keep_count+1))
+        else
+            echo "Deleting $certfile."
+            if remove_file "$certfile"; then
+                delete_count=$((delete_count+1))
+            else
+                error_count=$((error_count+1))
+            fi
+        fi
+    done
+done
+
+# Remove all files from the csr and key directories.
+for dir in "$csr_dir" "$key_dir"; do
+    for file in "$dir"/*; do
+        [ -e "$file" ] || continue
+        if [ ! -f "$file" ]; then
+            continue
+        fi
+        echo "Deleting $file."
+        if remove_file "$file"; then
+            delete_count=$((delete_count+1))
+        else
+            error_count=$((error_count+1))
+        fi
+    done
+done
+
+echo "$keep_count file(s) kept."
+echo "$delete_count file(s) deleted."
+if [ "$error_count" -gt 0 ]; then
+    echo "$error_count file(s) failed to be deleted."
+fi
--- a/rootfs/bin/start.sh
+++ b/rootfs/bin/start.sh
@@ -174,12 +174,15 @@ if [ -n "$FULLCLEAN" ]; then
 fi

 if [ "$FULLCLEAN" = true ]; then
-    find /data/tls/certbot/csr -mtime +90 -name "*.pem" -delete
-    find /data/tls/certbot/keys -mtime +90 -name "*.pem" -delete
-    find /data/tls/certbot/archive -mtime +90 -name "*.pem" -delete
    if [ "$PHP81" != true ] && [ "$PHP82" != true ]; then
        rm -vrf /data/php
    fi
+    
+    if [ -f "$DB_SQLITE_FILE" ]; then
+        sqlite-vaccum.js || exit 1
+    fi
+    
+    certbot-cleaner.sh
 fi

 find /data/nginx -type f -name '*.conf' -exec sed -i "s|listen 80 http2|listen 80|g" {} \; || sleep inf
@@ -313,7 +316,7 @@ else
    fi
 fi

-ns="$(< /etc/resolv.conf grep -P "^nameserver [0-9\[\].:]+$" | sed "s|nameserver ||g" | tr "\n" " " | sed "s/\(.*\) /\1/" | head -1)" || sleep inf
+ns="$(< /etc/resolv.conf grep -P "^nameserver ((?:[0-9.]+)|(?:\[[0-9a-fA-F:]+\]))$" | sed "s|nameserver ||g" | tr "\n" " " | sed "s/\(.*\) /\1/" | head -1)" || sleep inf
 export ns
 sed -i "s|resolver localhost;|resolver $ns;|g" /usr/local/nginx/conf/nginx.conf || sleep inf
 echo "using this nameservers: \"$ns\"" || sleep inf