v0.1

2025-07-20 14:53:12 +03:00
commit cd2f49ea82
234 changed files with 52038 additions and 0 deletions
--- a/playbooks/roles/nginx-reconfigure2/files/docker_files/certbot/Dockerfile
+++ b/playbooks/roles/nginx-reconfigure2/files/docker_files/certbot/Dockerfile
@@ -0,0 +1,20 @@
+
+#облегченный образ дебиан
+FROM debian:stable-slim
+LABEL authors="RONIS"
+
+# Обновление и установка необходимых пакетов
+RUN apt update && \
+    apt install -y python3-certbot-nginx && \
+    apt install -y cron
+
+
+COPY check_and_create_cert.sh  ./
+
+# Проверка наличия сертификата для домена
+RUN chmod +x ./check_and_create_cert.sh && echo "0 0 1 * * certbot renew --quiet" | tee -a /etc/crontab > /dev/null
+
+
+# Запуск скрипта в контейнере при старте "& cron -f" обеспечивает запуск процесса для поддержки контейнера 
+CMD bash -c "./check_and_create_cert.sh & cron -f"
+
--- a/playbooks/roles/nginx-reconfigure2/files/docker_files/certbot/check_and_create_cert.sh
+++ b/playbooks/roles/nginx-reconfigure2/files/docker_files/certbot/check_and_create_cert.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+set -e
+if certbot certificates | grep -q "No certificates found."; then
+    echo "Сертификат не найден. Создаю новый..."
+    certbot certonly --webroot --w /var/www/certbot/ -d $DOMAIN_URL -d $GIT_DOMAIN -d $DRONE_DOMAIN -m $DOMAIN_EMAIL --agree-tos --no-eff-email --non-interactive --config-dir /etc/letsencrypt --work-dir /var/lib/letsencrypt --logs-dir /var/log/letsencrypt
+else
+    echo "Сертификат уже существует."
+    certbot renew -n
+fi
--- a/playbooks/roles/nginx-reconfigure2/files/docker_files/nginx-compose.yaml
+++ b/playbooks/roles/nginx-reconfigure2/files/docker_files/nginx-compose.yaml
@@ -0,0 +1,49 @@
+services:
+  nginx:
+    container_name: nginx
+    image: nginx:1.28.0-bookworm
+    environment:
+      USER_ID: 1000
+      USER_GID: 1001
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - /srv/proxy/nginx/:/etc/nginx/:ro
+      - /srv/proxy/certbot/letsencrypt:/etc/letsencrypt:ro
+      - /srv/proxy/certbot/www/:/var/www/certbot/
+      - /srv/log/nginx:/var/log/nginx
+      - /srv/proxy/static:/usr/share/nginx/static:ro
+
+    restart: unless-stopped
+    networks:
+      - cicd_net
+      - nginx_net
+      - test_net
+      - prod_net
+
+  certbot:
+    container_name: certbot
+    build: certbot
+    env_file:
+      - .env
+    volumes:
+      - /srv/proxy/certbot/letsencrypt:/etc/letsencrypt
+      - /srv/proxy/certbot/www/:/var/www/certbot
+      - /srv/proxy/var/log/letsencrypt:/var/log/letsencrypt
+    restart: unless-stopped
+    user: root
+    depends_on:
+      - nginx
+    networks:
+      - nginx_net
+
+networks:
+  nginx_net:
+    external: true
+  cicd_net:
+    external: true
+  test_net:
+    external: true
+  prod_net:
+    external: true