Create v2-ui-ssl
This commit is contained in:
parent
51a3b03bfd
commit
1350716a62
|
@ -0,0 +1,60 @@
|
|||
# v2-ui-ssl
|
||||
|
||||
GitHub [stilleshan/dockerfiles](https://github.com/stilleshan/dockerfiles)
|
||||
Docker [stilleshan/v2-ui](https://hub.docker.com/r/stilleshan/v2-ui)
|
||||
> *docker image support for X86 and ARM*
|
||||
|
||||
## 简介
|
||||
整合 v2-ui 和 acme.sh 的 docker compose 一键部署方案
|
||||
- 支持全自动证书申请,定时每月续签证书.
|
||||
- 备份和迁移方便,仅需保存 v2-ui-ssl 一个目录,一条命令即可在其他服务器启动使用.
|
||||
|
||||
## 部署
|
||||
### 下载文件
|
||||
部署所需文件已打包,方便直接下载解压使用.
|
||||
```shell
|
||||
wget https://raw.githubusercontent.com/stilleshan/dockerfiles/main/v2-ui-ssl/v2-ui-ssl.tar
|
||||
tar -xvf v2-ui-ssl.tar
|
||||
cd v2-ui-ssl
|
||||
```
|
||||
|
||||
### 配置
|
||||
修改`conf/account.conf`文件,在`DOMAIN=`之后填写域名,并参考一下官方文档,填写其他对应的 API 信息.
|
||||
https://github.com/acmesh-official/acme.sh/wiki/dnsapi
|
||||
https://www.ioiox.com/archives/87.html
|
||||
|
||||
|
||||
### 启动
|
||||
执行以下命令启动,请确保`account.conf`填写正确,容器每次启动都会检测`account.conf`中的`DOMAIN`变量,以及`ssl`目录下是否存在该域名证书,如果没有将会自动申请证书,如已存在则不会申请.
|
||||
```shell
|
||||
docker-compose up -d
|
||||
```
|
||||
> 启动后稍等一分钟, **ssl** 目录下将会生成证书文件.
|
||||
|
||||
### 自动更新证书
|
||||
由于系统将在 GMT 时间每月`1`日`0`点,也就是北京时间`1`日早`8`点重新强制更新证书,并覆盖至`ssl`目录下.则需要同时为`v2-ui`服务设置一个定时重启计划任务:
|
||||
```shell
|
||||
crontab -e
|
||||
# 添加以下计划任务
|
||||
0 0 2 * * docker restart v2-ui
|
||||
# 为避免时区问题,将在每月 2 号 0 点执行
|
||||
```
|
||||
|
||||
### 手动更新证书
|
||||
也可以手动执行更新证书命令:
|
||||
```shell
|
||||
docker exec acme sh -c /conf/acme.sh
|
||||
```
|
||||
|
||||
## 使用
|
||||
访问`http://服务器IP:65432`使用账号`admin`密码`admin`登录.注意需开放相关端口防火墙,并及时修改账号密码.
|
||||
|
||||
### 证书使用
|
||||
**v2-ui** 中创建账户开启`tls`时所需用到的证书路径为
|
||||
> /ssl/yourdomain.cer
|
||||
/ssl/yourdomain.key
|
||||
|
||||
|
||||
## 参考
|
||||
GitHub [sprov065/v2-ui](https://github.com/sprov065/v2-ui)
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
export DP_Id=""
|
||||
export DP_Key=""
|
||||
export DOMAIN=
|
||||
export DNSAPI=
|
|
@ -0,0 +1,34 @@
|
|||
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
|
||||
export PATH
|
||||
|
||||
# fonts color
|
||||
Green="\033[32m"
|
||||
Red="\033[31m"
|
||||
Yellow="\033[33m"
|
||||
GreenBG="\033[42;37m"
|
||||
RedBG="\033[41;37m"
|
||||
Font="\033[0m"
|
||||
# fonts color
|
||||
|
||||
|
||||
DOMAIN=$(cat /conf/account.conf | awk -F= '{if($1~"DOMAIN")print $2}')
|
||||
DNSAPI=$(cat /conf/account.conf | awk -F= '{if($1~"DNSAPI")print $2}')
|
||||
|
||||
acme (){
|
||||
cat /conf/account.conf > /acme.sh/account.conf
|
||||
/root/.acme.sh/acme.sh --upgrade
|
||||
/root/.acme.sh/acme.sh --issue --server letsencrypt $* --dns ${DNSAPI} -d ${DOMAIN} -d \*.${DOMAIN}
|
||||
cp /acme.sh/${DOMAIN}/fullchain.cer /ssl/${DOMAIN}.cer
|
||||
cp /acme.sh/${DOMAIN}/${DOMAIN}.key /ssl/${DOMAIN}.key
|
||||
mv /acme.sh/${DOMAIN} /acme.sh/${DOMAIN}-$(date +%Y)-$(date +%m)-$(date +%d)-${RANDOM}
|
||||
}
|
||||
|
||||
if [ ! -n "${DOMAIN}" ] ; then
|
||||
echo "请检查 account.conf 信息是否正确"
|
||||
else
|
||||
acme $*
|
||||
fi
|
||||
|
||||
cat >/var/spool/cron/crontabs/root<<EOF
|
||||
0 0 1 * * /conf/acme.sh >/dev/null 2>&1
|
||||
EOF
|
|
@ -0,0 +1,24 @@
|
|||
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
|
||||
export PATH
|
||||
|
||||
# fonts color
|
||||
Green="\033[32m"
|
||||
Red="\033[31m"
|
||||
Yellow="\033[33m"
|
||||
GreenBG="\033[42;37m"
|
||||
RedBG="\033[41;37m"
|
||||
Font="\033[0m"
|
||||
# fonts color
|
||||
|
||||
DOMAIN=$(cat /conf/account.conf | awk -F= '{if($1~"DOMAIN")print $2}')
|
||||
DNSAPI=$(cat /conf/account.conf | awk -F= '{if($1~"DNSAPI")print $2}')
|
||||
|
||||
cat >/var/spool/cron/crontabs/root<<EOF
|
||||
0 0 1 * * /conf/acme.sh >/dev/null 2>&1
|
||||
EOF
|
||||
|
||||
if [ ! -f "/ssl/${DOMAIN}.cer" ] && [ -n "${DOMAIN}" ]; then
|
||||
/conf/acme.sh
|
||||
fi
|
||||
|
||||
/entry.sh daemon
|
Binary file not shown.
|
@ -0,0 +1,20 @@
|
|||
version: '3.7'
|
||||
services:
|
||||
v2-ui:
|
||||
image: stilleshan/v2-ui
|
||||
container_name: v2-ui
|
||||
volumes:
|
||||
- ./data/v2-ui.db:/etc/v2-ui/v2-ui.db
|
||||
- ./ssl:/ssl
|
||||
restart: always
|
||||
network_mode: host
|
||||
|
||||
acme:
|
||||
image: neilpang/acme.sh
|
||||
container_name: acme
|
||||
volumes:
|
||||
- ./conf:/conf
|
||||
- ./ssl:/ssl
|
||||
restart: always
|
||||
network_mode: host
|
||||
command: ["sh", "-c", "/conf/start.sh"]
|
Binary file not shown.
Loading…
Reference in New Issue