Last active
July 15, 2018 22:50
-
-
Save adg/304f7ce803981856eca608c05d3b190e to your computer and use it in GitHub Desktop.
Update upspinservers to expose port 80
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash -e | |
# This script configures upspinservers deployed by upspin-ui to expose both | |
# port 80 and 443, to enable the Let's Encrypt http-01 challenge mechanism. | |
# See https://github.com/upspin/upspin/issues/568 for more details. | |
PROJECT="$1" | |
if [[ "$#" != "1" || "$PROJECT" == "" ]]; then | |
echo >&2 "usage: $0 <google-cloud-project-id>" | |
exit 2 | |
fi | |
INSTANCE=upspinserver | |
if [[ "$TMPDIR" == "" ]]; then | |
echo >&2 '$TMPDIR not set; exiting' | |
exit 1 | |
fi | |
CLOUDCONFIG="$TMPDIR/$$upspinserver-cloud-config.yaml" | |
cat > "$CLOUDCONFIG" <<EOF | |
#cloud-config | |
users: | |
- name: upspin | |
uid: 2000 | |
runcmd: | |
- iptables -w -A INPUT -p tcp --dport 80 -j ACCEPT | |
- iptables -w -A INPUT -p tcp --dport 443 -j ACCEPT | |
write_files: | |
- path: /etc/systemd/system/upspinserver.service | |
permissions: 0644 | |
owner: root | |
content: | | |
[Unit] | |
Description=An upspinserver container instance | |
Wants=gcr-online.target | |
After=gcr-online.target | |
[Service] | |
Environment="HOME=/home/upspin" | |
ExecStartPre=/usr/bin/docker-credential-gcr configure-docker | |
ExecStartPre=/usr/bin/docker pull gcr.io/upspin-containers/upspinserver:latest | |
ExecStart=/usr/bin/docker run --rm -u=2000 --volume=/home/upspin:/upspin -p=80:8080 -p=443:8443 --name=upspinserver gcr.io/upspin-containers/upspinserver:latest | |
ExecStop=/usr/bin/docker stop upspinserver | |
ExecStopPost=/usr/bin/docker rm upspinserver | |
Restart=on-failure | |
runcmd: | |
- systemctl daemon-reload | |
- systemctl start upspinserver.service | |
EOF | |
gcloud --project="$PROJECT" compute firewall-rules update allow-https --allow=tcp:80,tcp:443 | |
gcloud --project="$PROJECT" compute instances add-metadata "$INSTANCE" --metadata-from-file=user-data="$CLOUDCONFIG" | |
gcloud --project="$PROJECT" compute instances reset "$INSTANCE" | |
rm "$CLOUDCONFIG" | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@YaguraStation nope no particular reason to do this over mktemp.