Use a service instead of a manually started compose
This commit is contained in:
Philip Henning
parent
3a22687652
commit
8a306e0c4f
2 changed files with 55 additions and 17 deletions
28
README.md
28
README.md
|
|
@ -18,6 +18,10 @@ apt update \
|
|||
tee /etc/apt/sources.list.d/docker.list > /dev/null \
|
||||
&& apt update \
|
||||
&& apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin \
|
||||
&& echo "{" > /etc/docker/daemon.json \
|
||||
&& echo " \"log-driver\": \"journald\"" >> /etc/docker/daemon.json \
|
||||
&& echo "}" >> /etc/docker/daemon.json \
|
||||
&& systemctl restart docker.service \
|
||||
&& mkdir -p /var/lib/apps \
|
||||
&& ln -s /var/lib/apps \
|
||||
&& apt install -y git vim \
|
||||
|
|
@ -39,16 +43,32 @@ cd /root/apps \
|
|||
&& ./scripts/init.sh \
|
||||
&& docker compose build --no-cache \
|
||||
--build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \
|
||||
--build-arg SRC_REV=$(git rev-parse --short HEAD) \
|
||||
&& docker compose up -d; docker compose logs -f
|
||||
--build-arg SRC_REV=$(git rev-parse --short HEAD)
|
||||
```
|
||||
|
||||
## Service Handling
|
||||
|
||||
Start service:
|
||||
```shell
|
||||
systemctl start authentik.service
|
||||
```
|
||||
|
||||
Stop service:
|
||||
```shell
|
||||
systemctl stop authentik.service
|
||||
```
|
||||
|
||||
Show logs:
|
||||
```shell
|
||||
journalctl -xef -u authentik.service
|
||||
```
|
||||
|
||||
## Upgrade
|
||||
|
||||
1. Update `AUTHENTIK_TAG` to the desired tag in `env.template`, as well as
|
||||
in the deployed `.env` file.
|
||||
2. `docker-compose down`
|
||||
3. `docker compose up -d; docker compose logs -f`
|
||||
2. `systemctl stop authentik.service`
|
||||
3. `systemctl start authentik.service; journalctl -xef -u authentik.service`
|
||||
|
||||
## Rebuild containers locally
|
||||
|
||||
|
|
|
|||
|
|
@ -27,19 +27,19 @@ prompt_password() {
|
|||
# Trap SIGINT to exit gracefully if the user aborts with CTRL+C
|
||||
trap 'printf "\nOperation aborted by user.\n" >&2; exit 1' SIGINT
|
||||
|
||||
|
||||
cd "$(dirname "$(realpath "$0")")/../"
|
||||
AUTHENTIK_DOCKER_COMPOSE_PATH="$(realpath "$(pwd)")"
|
||||
|
||||
# Check if .env exists and exit if it is
|
||||
[[ -f ./.env ]] && echo ".env already exists. Exiting!" && exit 1 || true
|
||||
|
||||
cat ./env.template >> ./.env
|
||||
echo "# SECRETS" >> ./.env
|
||||
echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> ./.env
|
||||
echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> ./.env
|
||||
prompt_password "AUTHENTIK_EMAIL__PASSWORD"; echo "AUTHENTIK_EMAIL__PASSWORD=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD
|
||||
prompt_password "GEOIPUPDATE_LICENSE_KEY"; echo "GEOIPUPDATE_LICENSE_KEY=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD
|
||||
echo "" >> ./.env
|
||||
if [[ ! -f ./.env ]]; then
|
||||
cat ./env.template >> ./.env
|
||||
echo "# SECRETS" >> ./.env
|
||||
echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> ./.env
|
||||
echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> ./.env
|
||||
prompt_password "AUTHENTIK_EMAIL__PASSWORD"; echo "AUTHENTIK_EMAIL__PASSWORD=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD
|
||||
prompt_password "GEOIPUPDATE_LICENSE_KEY"; echo "GEOIPUPDATE_LICENSE_KEY=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD
|
||||
echo "" >> ./.env
|
||||
fi
|
||||
|
||||
# Generate dhparam, if not existing
|
||||
[[ ! -d ./data/nginx/certs ]] && mkdir -p ./data/nginx/certs && chmod 700 ./data/nginx/certs && chown 101:101 ./data/nginx/certs || true
|
||||
|
|
@ -60,7 +60,7 @@ if [[ ! -d ./data/.lego ]]; then
|
|||
fi
|
||||
|
||||
# Setup directory for acme cheallenges
|
||||
mkdir -p ./data/nginx/acme
|
||||
[[ ! -d ./data/nginx/acme ]] && mkdir -p ./data/nginx/acme
|
||||
|
||||
# Setup cronjob to automatically renew certificates
|
||||
[[ ! -f /etc/systemd/system/lego-renew-sso-base23-de.service ]] && cat <<EOF > /etc/systemd/system/lego-renew-sso-base23-de.service && systemctl daemon-reload
|
||||
|
|
@ -72,8 +72,8 @@ After=network-online.target
|
|||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/var/lib/apps/sso.base23.de/scripts/cert_renew.sh
|
||||
WorkingDirectory=/var/lib/apps/sso.base23.de/
|
||||
ExecStart=${AUTHENTIK_DOCKER_COMPOSE_PATH}/scripts/cert_renew.sh
|
||||
WorkingDirectory=${AUTHENTIK_DOCKER_COMPOSE_PATH}/
|
||||
User=root
|
||||
Group=root
|
||||
RemainAfterExit=yes
|
||||
|
|
@ -95,3 +95,21 @@ Persistent=true
|
|||
[Install]
|
||||
WantedBy=timers.target
|
||||
EOF
|
||||
|
||||
# Setup systemd service for authentik
|
||||
[[ ! -f /etc/systemd/system/authentik.service ]] && cat <<EOF > /etc/systemd/system/authentik.service && systemctl daemon-reload && systemctl enable authentik.service
|
||||
[Unit]
|
||||
Description=Authentik Docker Compose Service
|
||||
After=network.target docker.service
|
||||
Requires=docker.service
|
||||
|
||||
[Service]
|
||||
Restart=always
|
||||
WorkingDirectory=${AUTHENTIK_DOCKER_COMPOSE_PATH}
|
||||
ExecStart=/usr/bin/docker compose up -d
|
||||
ExecStop=/usr/bin/docker compose down
|
||||
TimeoutStartSec=0
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue