Last active
October 3, 2017 17:13
-
-
Save lynsei/ff0e6e62e1842220a876 to your computer and use it in GitHub Desktop.
instant-rancher-server-on-automated-ssl-in-10-lines-of-bash-code.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| INSTANT RANCHER-SERVER ON AUTOMATED SSL in 10 Lines of Bash Code | |
| # make a rancher-server:443 for ca-validated A+ SSL using Ubuntu-Trusty/jWilder-Nginx-Reverse-Proxy/LetsEncrypt+proxy-companion on AWS EC2 (or basically any cloud host using Ubuntu Trusty) | |
| # by Dr. C.Hogan | |
| # install docker fresh on ubuntu-trusty & set things up proper | |
| sudo apt-get install apt-transport-https ca-certificates | |
| sudo apt-key adv --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D | |
| sudo echo "deb https://apt.dockerproject.org/repo ubuntu-trusty main" >> /etc/apt/sources.list.d/docker.list; sudo apt-get-update | |
| sudo apt-get purge lxc-docker; sudo apt-cache policy docker-engine; sudo apt-get update; | |
| sudo apt-get install linux-image-extra-$(uname -r); sudo apt-get install docker-engine | |
| sudo service docker start; sudo usermod -aG docker ubuntu; exit; # this just allows docker into admin group and exits (or you could rehash/resource here instead) | |
| # test docker and provision all the nginx vanilla directories for jwilder & LE companion | |
| docker run hello-world; sudo mkdir /usr/share/nginx; sudo mkdir /usr/share/nginx/html; sudo mkdir -p /etc/nginx/ssl; sudo ln -s /etc/nginx/ssl /etc/nginx/certs; sudo mkdir /etc/nginx/vhost.d; sudo touch /etc/nginx/vhost.d/default.conf; # provison empty default conf for nginx | |
| # create rancher server instance as daemon with specific virtual port 8080 and using target domain pteros.com | |
| docker run -d -v /var/lib/mysql:/var/lib/mysql --restart=always --name=rancher-server -p 8080:8080 -e VIRTUAL_HOST=<targetsite.com> -e VIRTUAL_PORT=8080 -e "LETSENCRYPT_HOST=targetsite.com" -e "[email protected]" rancher/server | |
| # provision the jwilder reverse proxy using aforementioned settings, port 80 will 301 redirect requests to SSL host automatically | |
| docker run -d --name=nginx-proxy --link=rancher-server --restart=always -p 80:80 -p 443:443 -v /etc/nginx/vhost.d -v /usr/share/nginx/html -v /etc/nginx/ssl:/etc/nginx/certs -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy | |
| # provision the nginx LetsEncrypt helper container and attach it to the nginx-proxy instance | |
| sudo docker run -d -v /etc/nginx/ssl:/etc/nginx/certs:rw --volumes-from nginx-proxy -v /var/run/docker.sock:/var/run/docker.sock:ro jrcs/letsencrypt-nginx-proxy-companion | |
| # BAM!! | |
| # this concludes my lesson on instant deployment of a master Rancher Server node with | |
| # instant SSL Auto-Renew using LetsEncrypt and reverse proxy for nginx, thereby allowing you to serve many SSL sites from the same IP | |
| # OPTIONAL DEVOPS STUFF: | |
| #-------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
| # I like to sync all my devops tools from aws s3 sync, but if you use rancher-os or a vanilla instance outside of Amazon Linux AMI, it doesn't come with AWS cli pre-installed (or python/pip) | |
| # So I use the following code to automatically dockerize aws-cli and sync necessary devtools (npm, nodejitsu, my cobra binaries, boom, etc.) | |
| # copy aws env and aws.sh into place so we can copy certs from s3 | |
| # note: this syncs all the stuff you want to /home/ubuntu/<folder you want to sync it to> | |
| mkdir .aws | |
| cd .aws | |
| vi env | |
| ## *optional* contents of "env" | |
| $ cat /home/ubuntu/.aws/env | |
| AWS_ACCESS_KEY_ID=<your aws key> | |
| AWS_SECRET_ACCESS_KEY=<private key> | |
| AWS_DEFAULT_REGION=<region i.e.- us-west-1> | |
| cd ../ | |
| mkdir .scripts | |
| cd .scripts/ | |
| mkdir dockers | |
| cd dockers | |
| vi aws.sh | |
| ## *optional* contents of aws.sh | |
| $ cat /home/ubuntu/.scripts/dockers/aws.sh | |
| #!/bin/bash | |
| AWS_CONFIG_ENV=/home/ubuntu/.aws/env | |
| INSTANCE=$(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/instance-id) | |
| IMAGE=xueshanf/awscli:latest | |
| sudo docker pull $IMAGE | |
| sudo docker run -v /home/ubuntu/<folder you want to sync it to>:/root/.aws/ --env-file=$AWS_CONFIG_ENV $IMAGE /bin/bash -c "$1" | |
| # run aws.sh which runs the aws-cli so we can copy important stuff from s3. I use this to sync certificates, gnupg keyrings, etc, and I use a KMS AES_256bit encryption setup with it | |
| sh ~/.scripts/dockers/aws.sh "aws s3 sync s3://<your bucket>/<certs or whatever else stored at s3> /root/.aws/" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment