diff --git a/.gitignore b/.gitignore index a9e50fd..6fbd91e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,11 @@ !*.secret !build/builds.txt !build/plugins.txt -!conf/example.conf +!conf/_shared/example/caddy.conf +!conf/example/ .gitsecret/keys/random_seed -env/ -conf/ user/ build/ -/archive/ +caddy.conf +*credentials +temp/ \ No newline at end of file diff --git a/build/builds.txt b/build/builds.txt index a6339a4..b1e2bfc 100644 --- a/build/builds.txt +++ b/build/builds.txt @@ -1 +1,2 @@ linux arm64 +linux amd64 diff --git a/conf/_shared/aws/aws.env b/conf/_shared/aws/aws.env new file mode 100755 index 0000000..f9aec1b --- /dev/null +++ b/conf/_shared/aws/aws.env @@ -0,0 +1,4 @@ +echo setting AWS environment +export AWS_CONFIG_FILE=$CONF_SHARED_DIR/aws/profiles +export AWS_SHARED_CREDENTIALS_FILE=$CONF_SHARED_DIR/aws/credentials +env | grep AWS \ No newline at end of file diff --git a/conf/_shared/aws/credentials.example b/conf/_shared/aws/credentials.example new file mode 100644 index 0000000..bc66833 --- /dev/null +++ b/conf/_shared/aws/credentials.example @@ -0,0 +1,7 @@ +[profle1] +aws_access_key_id = AKIASOMEKEY +aws_secret_access_key = 9VAWosLSOMESECRET + +[profile2] +aws_access_key_id = +aws_secret_access_key = diff --git a/conf/_shared/aws/readme.md b/conf/_shared/aws/readme.md new file mode 100644 index 0000000..4ac53af --- /dev/null +++ b/conf/_shared/aws/readme.md @@ -0,0 +1,2 @@ +# AWS Route 53 DNS Challenge Plugin +### Using AWS Route53 Plugin with Caddy to authenticate subdomains for use with caddy/letsencrypt diff --git a/conf/example/script b/conf/example/script new file mode 100644 index 0000000..2fbf350 --- /dev/null +++ b/conf/example/script @@ -0,0 +1,4 @@ +#!/bin/bash +echo running custom script for $INSTANCE +source ${CONF_SHARED_DIR}/aws/aws.env + diff --git a/env/AWS.env.secret b/env/AWS.env.secret deleted file mode 100755 index b662d34..0000000 Binary files a/env/AWS.env.secret and /dev/null differ diff --git a/filter/GeoLite2-Country.mmdb b/filters/GeoLite2-Country.mmdb similarity index 100% rename from filter/GeoLite2-Country.mmdb rename to filters/GeoLite2-Country.mmdb diff --git a/scripts/caddy b/scripts/caddy index 9671ed5..d04bd65 100755 --- a/scripts/caddy +++ b/scripts/caddy @@ -1,16 +1,35 @@ #!/bin/bash SDIR=$(dirname "$(readlink -f "$0")") || exit DIR=$(dirname "$SDIR") || exit -echo Caddy Reposity Root: $DIR +INSTANCE=${1:-default} source $SDIR/library -CONF=$DIR/conf/${1:-caddy}.conf -CMD=${2:-run} +echo $SDIR get-caddy-bin # this sets $CADDY_BIN +CONF_DIR=$DIR/conf/$INSTANCE +CONF_SHARED_DIR=$DIR/conf/_shared +CONF=$CONF_DIR/caddy.conf +SCRIPT=$CONF_DIR/script BIN=$DIR/bin/$CADDY_BIN +echo running caddy $BIN [ ! -f "$BIN" ] && echo binary file $BIN does not exist && exit 1 [ ! -x "$BIN" ] && echo binary file $BIN is not executable && exit 1 [ ! -f "$CONF" ] && echo no configuration file $CONF && exit 1 -# source any need environment files in $DIR/env -for f in $DIR/env/*.env; do source $f; done -echo Running caddy binary $BIN with configuration $CONF and command $CMD as user $USER -$BIN $CMD --config $CONF --adapter caddyfile +if [ -f "$SCRIPT" ]; then + source $SCRIPT +fi +if [ ! $INVOCATION_ID ]; then + CAP="cap_net_bind_service+eip" + ISSET=$(getcap $BIN | grep $CAP ) + if [ ! "$ISSET" ]; then + echo binary $BIN not set for binding port 80 by non-root users, attempting to set + sudo setcap $CAP $BIN + ISSET=$(getcap $BIN | grep $CAP) + echo after $ISSET + [ ! "$ISSET" ] && echo unable to set port binding && exit 1 + fi + echo running caddy from commandline, enter caddy user password + su -c "$BIN run --config $CONF --adapter caddyfile" caddy +else + echo running caddy via systemd service + $BIN run --config $CONF --adapter caddyfile +fi \ No newline at end of file