refactor of caddy script

- put commandline option back int - supports instance folder in conf/ - supports _shared conf folder -- supports instance script moved instance specific conf to branches moved things around and updated gitigonre in support of refactored script
2021-10-10 12:36:03 -07:00 · 2021-10-10 12:36:03 -07:00 · 6567658636
parent ab4684c28f
commit 6567658636
9 changed files with 49 additions and 11 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,10 +1,11 @@
 !*.secret
 !build/builds.txt
 !build/plugins.txt
-!conf/example.conf
+!conf/_shared/example/caddy.conf
+!conf/example/
 .gitsecret/keys/random_seed
-env/
-conf/
 user/
 build/
-/archive/
+caddy.conf
+*credentials
+temp/
--- a/build/builds.txt
+++ b/build/builds.txt
@ -1 +1,2 @@
 linux arm64
+linux amd64
--- a/conf/_shared/aws/aws.env
+++ b/conf/_shared/aws/aws.env
@ -0,0 +1,4 @@
+echo setting AWS environment
+export AWS_CONFIG_FILE=$CONF_SHARED_DIR/aws/profiles
+export AWS_SHARED_CREDENTIALS_FILE=$CONF_SHARED_DIR/aws/credentials
+env | grep AWS
--- a/conf/_shared/aws/credentials.example
+++ b/conf/_shared/aws/credentials.example
@ -0,0 +1,7 @@
+[profle1]
+aws_access_key_id = AKIASOMEKEY
+aws_secret_access_key = 9VAWosLSOMESECRET
+
+[profile2]
+aws_access_key_id = 
+aws_secret_access_key = 
--- a/conf/_shared/aws/readme.md
+++ b/conf/_shared/aws/readme.md
@ -0,0 +1,2 @@
+# AWS Route 53 DNS Challenge Plugin
+### Using AWS Route53 Plugin with Caddy to authenticate subdomains for use with caddy/letsencrypt
--- a/conf/example/script
+++ b/conf/example/script
@ -0,0 +1,4 @@
+#!/bin/bash
+echo running custom script for $INSTANCE
+source ${CONF_SHARED_DIR}/aws/aws.env
+
--- a/env/AWS.env.secret
+++ b/env/AWS.env.secret
--- a/filters/GeoLite2-Country.mmdb
+++ b/filters/GeoLite2-Country.mmdb
--- a/scripts/caddy
+++ b/scripts/caddy
@ -1,16 +1,35 @@
 #!/bin/bash
 SDIR=$(dirname "$(readlink -f "$0")") || exit
 DIR=$(dirname "$SDIR") || exit
-echo Caddy Reposity Root: $DIR
+INSTANCE=${1:-default}
 source $SDIR/library
-CONF=$DIR/conf/${1:-caddy}.conf
-CMD=${2:-run}
+echo $SDIR
 get-caddy-bin # this sets $CADDY_BIN
+CONF_DIR=$DIR/conf/$INSTANCE
+CONF_SHARED_DIR=$DIR/conf/_shared
+CONF=$CONF_DIR/caddy.conf
+SCRIPT=$CONF_DIR/script
 BIN=$DIR/bin/$CADDY_BIN
+echo running caddy $BIN
 [ ! -f "$BIN" ] && echo binary file $BIN does not exist && exit 1
 [ ! -x "$BIN" ] && echo binary file $BIN is not executable && exit 1
 [ ! -f "$CONF" ] && echo no configuration file $CONF && exit 1
-# source any need environment files in $DIR/env
-for f in $DIR/env/*.env; do source $f; done
-echo Running caddy binary $BIN with configuration $CONF and command $CMD as user $USER
-$BIN $CMD --config $CONF --adapter caddyfile
+if [ -f "$SCRIPT" ]; then
+   source $SCRIPT
+fi
+if [ ! $INVOCATION_ID ]; then
+  CAP="cap_net_bind_service+eip"
+  ISSET=$(getcap $BIN | grep $CAP )
+  if [ ! "$ISSET" ]; then
+    echo binary $BIN not set for binding port 80 by non-root users, attempting to set
+    sudo setcap $CAP $BIN
+    ISSET=$(getcap $BIN | grep $CAP)
+    echo after $ISSET
+    [ ! "$ISSET" ] && echo unable to set port binding && exit 1
+  fi
+  echo running caddy from commandline, enter caddy user password
+  su -c "$BIN run --config $CONF --adapter caddyfile" caddy
+else
+  echo running caddy via systemd service
+  $BIN run --config $CONF --adapter caddyfile
+fi