From ba261ff132dd0542000d8abaaa8a28a19b41a06d Mon Sep 17 00:00:00 2001 From: vnkmpf Date: Tue, 9 Jan 2018 20:15:46 +0100 Subject: [PATCH 1/2] fix typo --- app/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/app.py b/app/app.py index 36c0c5d..37b321e 100644 --- a/app/app.py +++ b/app/app.py @@ -64,7 +64,7 @@ def reconfigure(version): logger.info('request for service: {}'.format(args.get('serviceName'))) - # Check if the newly registered service is usign letsencrypt companion. + # Check if the newly registered service is using letsencrypt companion. # Labels required: # * com.df.letsencrypt.host # * com.df.letsencrypt.email From 9638e2d64deebbd567f347005b36b9e26c333758 Mon Sep 17 00:00:00 2001 From: vnkmpf Date: Mon, 15 Jan 2018 18:01:26 +0100 Subject: [PATCH 2/2] Extract hosts from serviceDomain This make 'letsencrypt.host' unnecessary for simple usages. --- app/app.py | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/app/app.py b/app/app.py index 37b321e..2a49388 100644 --- a/app/app.py +++ b/app/app.py @@ -47,11 +47,13 @@ app = Flask(__name__) + @app.route("/.well-known/acme-challenge/") def acme_challenge(path): return send_from_directory(CERTBOT_WEBROOT_PATH, ".well-known/acme-challenge/{}".format(path)) + @app.route("/v/docker-flow-proxy-letsencrypt/reconfigure") def reconfigure(version): @@ -66,9 +68,31 @@ def reconfigure(version): # Check if the newly registered service is using letsencrypt companion. # Labels required: - # * com.df.letsencrypt.host # * com.df.letsencrypt.email - required_labels = ('letsencrypt.host', 'letsencrypt.email') + + # explicitly make it a tuple + required_labels = ('letsencrypt.email', ) + + # v1: com.df.serviceDomain=example.com + # v2: com.df.serviceDomain=example.com,foo.bar + # v3: com.df.serviceDomain.1=example.com com.df.serviceDomain.2=foo.bar + # v4.1: 2+ domains are specified in serviceDomain and only one is in letsencrypt.host ? + # v4.2 ... the the other way around + # => we don't need to solve it - it's user's problem and / or user only wants 1 url behind HTTPS, the other not + le_hosts = [] + extract_hosts_from_service_domain = False + + if 'letsencrypt.host' in args: + le_hosts = args['letsencrypt.host'].split(',') + else: + extract_hosts_from_service_domain = True + + if extract_hosts_from_service_domain: + + for key, value in args.iteritems(): + if 0 == key.find('serviceDomain'): + le_hosts += value.split(',') + if all([label in args.keys() for label in required_labels]): logger.info('letsencrypt support enabled.') @@ -78,7 +102,7 @@ def reconfigure(version): if isinstance(testing, basestring): testing = True if testing.lower() == 'true' else False - client.process(args['letsencrypt.host'].split(','), args['letsencrypt.email'], testing=testing) + client.process(le_hosts, args['letsencrypt.email'], testing=testing) # proxy requests to docker-flow-proxy # sometimes we can get an error back from DFP, this can happen when DFP is not fully loaded. @@ -100,5 +124,6 @@ def reconfigure(version): return "OK" + if __name__ == "__main__": app.run(host='0.0.0.0', port=8080, debug=True, threaded=True) \ No newline at end of file