From c7572ee3bf72a22c5d127019601fbfac221770dd Mon Sep 17 00:00:00 2001 From: Shaun Berryman Date: Mon, 10 Apr 2017 19:34:22 -0700 Subject: [PATCH 1/6] Use SERVICE_NAME to make it possible to run several nginx servers on a single consul cluster --- etc/acme/dehydrated/hook.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/etc/acme/dehydrated/hook.sh b/etc/acme/dehydrated/hook.sh index 962f859..b326bf4 100755 --- a/etc/acme/dehydrated/hook.sh +++ b/etc/acme/dehydrated/hook.sh @@ -1,13 +1,14 @@ #!/usr/bin/env bash set -o pipefail +SERVICE_NAME=${SERVICE_NAME:-nginx} CONSUL_HOST_DEFAULT=${CONSUL:-consul} if [ "${CONSUL_AGENT}" != "" ]; then CONSUL_HOST_DEFAULT="localhost" fi CONSUL_HOST=${CONSUL_HOST:-$CONSUL_HOST_DEFAULT} CONSUL_ROOT="http://${CONSUL_HOST}:8500/v1" -CONSUL_KEY_ROOT="${CONSUL_ROOT}/kv/nginx" +CONSUL_KEY_ROOT="${CONSUL_ROOT}/kv/${SERVICE_NAME}" CHALLENGE_PATH="/.well-known/acme-challenge" function deploy_challenge { From 37f720ea0a762d62c822e8e441f3811d4a51561f Mon Sep 17 00:00:00 2001 From: Shaun Berryman Date: Mon, 10 Apr 2017 20:02:50 -0700 Subject: [PATCH 2/6] Need service name in 1 more location! --- bin/acme | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/bin/acme b/bin/acme index d57fead..b7a0ff9 100755 --- a/bin/acme +++ b/bin/acme @@ -4,13 +4,14 @@ pushd `dirname $0` > /dev/null SCRIPTPATH=`pwd -P` popd > /dev/null +SERVICE_NAME=${SERVICE_NAME:-nginx} CONSUL_HOST_DEFAULT=${CONSUL:-consul} if [ "${CONSUL_AGENT}" != "" ]; then CONSUL_HOST_DEFAULT="localhost" fi CONSUL_HOST=${CONSUL_HOST:-$CONSUL_HOST_DEFAULT} CONSUL_ROOT="http://${CONSUL_HOST}:8500/v1" -CONSUL_KEY_ROOT="${CONSUL_ROOT}/kv/nginx" +CONSUL_KEY_ROOT="${CONSUL_ROOT}/kv/${SERVICE_NAME}" SESSION_DIR_DEFAULT="/var/consul" SESSION_DIR=${SESSION_DIR:-$SESSION_DIR_DEFAULT} @@ -22,7 +23,7 @@ CERT_DIR="/var/www/ssl" ACME_ENV=${ACME_ENV:-staging} function getConsulSession () { - if [ -f $SESSION_FILE ]; then + if [ -f $SESSION_FILE ]; then SID=$(cat ${SESSION_DIR}/session) local STATUS=$(curl -s ${CONSUL_ROOT}/session/info/${SID}) if [ "${STATUS}" != "[]" ]; then @@ -39,7 +40,7 @@ function getConsulSession () { function renewConsulSession () { local SID="$(getConsulSession)" rc=$? - if [ $rc -ne 0 ]; then + if [ $rc -ne 0 ]; then createConsulSession return $? else From a2e6afb255254ae8816313af43557b4093f6b449 Mon Sep 17 00:00:00 2001 From: Shaun Berryman Date: Mon, 10 Apr 2017 21:34:10 -0700 Subject: [PATCH 3/6] [WARN] -consul has been renamed to -consul-addr --- bin/acme | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/acme b/bin/acme index b7a0ff9..59d3e75 100755 --- a/bin/acme +++ b/bin/acme @@ -128,7 +128,7 @@ case "$1" in acquireLeader ;; watch) - /usr/local/bin/consul-template -config /etc/acme/watch.hcl -consul $CONSUL_HOST:8500 + /usr/local/bin/consul-template -config /etc/acme/watch.hcl -consul-addr $CONSUL_HOST:8500 ;; init) if [ -f ${CERT_DIR}/fullchain.pem -a -f ${CERT_DIR}/privkey.pem ]; then From 91b5d21f689c1154bfc4bbe2a7021a6dd3c5cbaa Mon Sep 17 00:00:00 2001 From: Shaun Berryman Date: Mon, 10 Apr 2017 21:57:20 -0700 Subject: [PATCH 4/6] Turns out the service name is hard coded everywhere! --- etc/acme/templates/cert.ctmpl | 3 ++- etc/acme/templates/chain.ctmpl | 3 ++- etc/acme/templates/challenge-token.ctmpl | 7 ++++--- etc/acme/templates/fullchain.ctmpl | 3 ++- etc/acme/templates/privkey.ctmpl | 3 ++- 5 files changed, 12 insertions(+), 7 deletions(-) diff --git a/etc/acme/templates/cert.ctmpl b/etc/acme/templates/cert.ctmpl index 46d94d2..bcb1e92 100644 --- a/etc/acme/templates/cert.ctmpl +++ b/etc/acme/templates/cert.ctmpl @@ -1 +1,2 @@ -{{if key "nginx/acme/cert"}}{{key "nginx/acme/cert"}}{{end}} +{{ $service_name := env "SERVICE_NAME" }} +{{if key (print $service_name "/acme/cert")}}{{key (print $service_name "/acme/key")}}{{end}} diff --git a/etc/acme/templates/chain.ctmpl b/etc/acme/templates/chain.ctmpl index c914597..0b0d3bd 100644 --- a/etc/acme/templates/chain.ctmpl +++ b/etc/acme/templates/chain.ctmpl @@ -1 +1,2 @@ -{{if key "nginx/acme/chain"}}{{key "nginx/acme/chain"}}{{end}} +{{ $service_name := env "SERVICE_NAME" }} +{{if key (print $service_name "/acme/chain")}}{{key (print $service_name "/acme/chain")}}{{end}} diff --git a/etc/acme/templates/challenge-token.ctmpl b/etc/acme/templates/challenge-token.ctmpl index 902c5ce..258b552 100644 --- a/etc/acme/templates/challenge-token.ctmpl +++ b/etc/acme/templates/challenge-token.ctmpl @@ -1,3 +1,4 @@ -{{if key "nginx/acme/challenge/token-filename"}}{{key "nginx/acme/challenge/token-filename"}}{{end}} -{{if key "nginx/acme/challenge/token-value"}}{{key "nginx/acme/challenge/token-value"}}{{end}} -{{if key "nginx/acme/challenge/last-token-filename"}}{{key "nginx/acme/challenge/last-token-filename"}}{{end}} +{{ $service_name := env "SERVICE_NAME" }} +{{if key (print $service_name "/acme/token-filename")}}{{key (print $service_name "/acme/token-filename")}}{{end}} +{{if key (print $service_name "/acme/token-value")}}{{key (print $service_name "/acme/token-value")}}{{end}} +{{if key (print $service_name "/acme/last-token-filename")}}{{key (print $service_name "/acme/last-token-filename")}}{{end}} diff --git a/etc/acme/templates/fullchain.ctmpl b/etc/acme/templates/fullchain.ctmpl index 3a785ff..a0dfc62 100644 --- a/etc/acme/templates/fullchain.ctmpl +++ b/etc/acme/templates/fullchain.ctmpl @@ -1 +1,2 @@ -{{if key "nginx/acme/fullchain"}}{{key "nginx/acme/fullchain"}}{{end}} +{{ $service_name := env "SERVICE_NAME" }} +{{if key (print $service_name "/acme/fullchain")}}{{key (print $service_name "/acme/fullchain")}}{{end}} diff --git a/etc/acme/templates/privkey.ctmpl b/etc/acme/templates/privkey.ctmpl index 0a4a20b..f98ec61 100644 --- a/etc/acme/templates/privkey.ctmpl +++ b/etc/acme/templates/privkey.ctmpl @@ -1 +1,2 @@ -{{if key "nginx/acme/key"}}{{key "nginx/acme/key"}}{{end}} +{{ $service_name := env "SERVICE_NAME" }} +{{if key (print $service_name "/acme/key")}}{{key (print $service_name "/acme/key")}}{{end}} From 7029befbd16a5be02ae13282aa9a97f346018d57 Mon Sep 17 00:00:00 2001 From: Shaun Berryman Date: Tue, 11 Apr 2017 16:31:45 -0700 Subject: [PATCH 5/6] Add some documentation for SERVICE_NAME --- README.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/README.md b/README.md index d7313ae..0c32981 100644 --- a/README.md +++ b/README.md @@ -42,3 +42,47 @@ nginx: labels: - triton.cns.services=nginx ``` + +#### Multiple nginx, same consul cluster + +To run more than one Nginx balancer against the same consul cluster you'll need +to namespace them using the `SERVICE_NAME` environment variable. (Default: `nginx`) + +Example: + +```yaml +nginx_1: + image: autopilotpattern/nginx + restart: always + mem_limit: 512m + env_file: _env + environment: + - BACKEND=example + - CONSUL_AGENT=1 + - ACME_ENV=staging + - ACME_DOMAIN=example.com + - SERVICE_NAME=nginx_1 + ports: + - 80 + - 443 + - 9090 + labels: + - triton.cns.services=nginx-1 +nginx_2: + image: autopilotpattern/nginx + restart: always + mem_limit: 512m + env_file: _env + environment: + - BACKEND=example + - CONSUL_AGENT=1 + - ACME_ENV=staging + - ACME_DOMAIN=dev.example.com + - SERVICE_NAME=nginx_2 + ports: + - 80 + - 443 + - 9090 + labels: + - triton.cns.services=nginx-2 +``` From 55fd2e1221c408b710284e60252a3b13299b8942 Mon Sep 17 00:00:00 2001 From: Shaun Berryman Date: Wed, 12 Apr 2017 09:37:33 -0700 Subject: [PATCH 6/6] Add default service_name of "nginx" to templates --- etc/acme/templates/cert.ctmpl | 1 + etc/acme/templates/chain.ctmpl | 1 + etc/acme/templates/challenge-token.ctmpl | 1 + etc/acme/templates/fullchain.ctmpl | 1 + etc/acme/templates/privkey.ctmpl | 1 + 5 files changed, 5 insertions(+) diff --git a/etc/acme/templates/cert.ctmpl b/etc/acme/templates/cert.ctmpl index bcb1e92..3e90796 100644 --- a/etc/acme/templates/cert.ctmpl +++ b/etc/acme/templates/cert.ctmpl @@ -1,2 +1,3 @@ {{ $service_name := env "SERVICE_NAME" }} +{{ $service_name := or $service_name "nginx" }} {{if key (print $service_name "/acme/cert")}}{{key (print $service_name "/acme/key")}}{{end}} diff --git a/etc/acme/templates/chain.ctmpl b/etc/acme/templates/chain.ctmpl index 0b0d3bd..47f1ead 100644 --- a/etc/acme/templates/chain.ctmpl +++ b/etc/acme/templates/chain.ctmpl @@ -1,2 +1,3 @@ {{ $service_name := env "SERVICE_NAME" }} +{{ $service_name := or $service_name "nginx" }} {{if key (print $service_name "/acme/chain")}}{{key (print $service_name "/acme/chain")}}{{end}} diff --git a/etc/acme/templates/challenge-token.ctmpl b/etc/acme/templates/challenge-token.ctmpl index 258b552..c0d6853 100644 --- a/etc/acme/templates/challenge-token.ctmpl +++ b/etc/acme/templates/challenge-token.ctmpl @@ -1,4 +1,5 @@ {{ $service_name := env "SERVICE_NAME" }} +{{ $service_name := or $service_name "nginx" }} {{if key (print $service_name "/acme/token-filename")}}{{key (print $service_name "/acme/token-filename")}}{{end}} {{if key (print $service_name "/acme/token-value")}}{{key (print $service_name "/acme/token-value")}}{{end}} {{if key (print $service_name "/acme/last-token-filename")}}{{key (print $service_name "/acme/last-token-filename")}}{{end}} diff --git a/etc/acme/templates/fullchain.ctmpl b/etc/acme/templates/fullchain.ctmpl index a0dfc62..17a56bd 100644 --- a/etc/acme/templates/fullchain.ctmpl +++ b/etc/acme/templates/fullchain.ctmpl @@ -1,2 +1,3 @@ {{ $service_name := env "SERVICE_NAME" }} +{{ $service_name := or $service_name "nginx" }} {{if key (print $service_name "/acme/fullchain")}}{{key (print $service_name "/acme/fullchain")}}{{end}} diff --git a/etc/acme/templates/privkey.ctmpl b/etc/acme/templates/privkey.ctmpl index f98ec61..b0b2e99 100644 --- a/etc/acme/templates/privkey.ctmpl +++ b/etc/acme/templates/privkey.ctmpl @@ -1,2 +1,3 @@ {{ $service_name := env "SERVICE_NAME" }} +{{ $service_name := or $service_name "nginx" }} {{if key (print $service_name "/acme/key")}}{{key (print $service_name "/acme/key")}}{{end}}