imdong/.gitignore

## .gitignore
.env
__pycache__/
certs/

## docker-compose.yml
services:
  cert:
    build: .
    volumes:
      - .:/app
    env_file:
      - .env

## Dockerfile
# 使用官方 Python 精简版作为基础镜像
FROM python:3-alpine

# 更新 pip 并安装 tccli（推荐 pip 安装方式）
RUN apk add --no-cache curl openssl jq && \
    python -m pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir tccli qiniu && \
    curl https://get.acme.sh | sh -s email=admin@qs5.org && \
    wget https://github.com/qiniu/qshell/releases/download/v2.16.0/qshell-v2.16.0-linux-amd64.tar.gz

COPY ./run_qiniu.py /app/run_qiniu.py
COPY ./main.sh /app/main.sh

WORKDIR /app

CMD ["/app/main.sh", "run"]

## main.sh
#!/bin/sh

# 申请证书
signCert() {
    ~/.acme.sh/acme.sh --issue --dns dns_dp -d www.qs5.org -d ip.qs5.org -d me.qs5.org -d cdn.qs5.org
}

# 设置腾讯云
setQcloud() {
    # 上传到腾讯云
    crtId=$(tccli ssl UploadCertificate --CertificatePublicKey "$(cat /root/.acme.sh/www.qs5.org_ecc/fullchain.cer)" --CertificatePrivateKey "$(cat /root/.acme.sh/www.qs5.org_ecc/www.qs5.org.key)" --Alias "acme-qs5.org-$(date +%Y%m%d)" | jq -r '.CertificateId')

    # 设置证书
    tccli cdn ModifyDomainConfig --Domain ip.qs5.org --Route Https.CertInfo.CertId --Value "{\"update\":\"${crtId}\"}"
}

# 设置七牛云
setQiniu() {
    # 七牛云
    python run_qiniu.py --domain cdn.qs5.org --cert "/root/.acme.sh/www.qs5.org_ecc/fullchain.cer" --key "/root/.acme.sh/www.qs5.org_ecc/www.qs5.org.key"
}

run() {
    # 申请证书
    signCert

    # 设置腾讯云
    setQcloud

    # 设置七牛云
    setQiniu
}

docker() {
    docker compose run --rm cert
}

# 运行
cmd=$1
if [ "$cmd" = "run" ]; then
    run
elif [ "$cmd" = "docker" ]; then
    docker
else
    echo "Usage: $0 {run|docker}"
fi

## run_qiniu.py
# -*- coding: utf-8 -*-
# flake8: noqa

import os
import argparse
import qiniu
from qiniu import DomainManager

# 配置信息
ACCESS_KEY = os.environ.get('QINIU_ACCESS_KEY')
SECRET_KEY = os.environ.get('QINIU_SECRET_KEY')

if not ACCESS_KEY or not SECRET_KEY:
    raise Exception("请先设置 QINIU_ACCESS_KEY 和 QINIU_SECRET_KEY 环境变量")

# 命令行参数
parser = argparse.ArgumentParser(description="上传七牛 CDN SSL 证书")
parser.add_argument('--domain', required=True, help='绑定 CDN 的域名，如 cdn.example.com')
parser.add_argument('--cert', required=True, help='证书文件路径（fullchain）')
parser.add_argument('--key', required=True, help='私钥文件路径（privkey）')
args = parser.parse_args()

# 初始化Auth对象
auth = qiniu.Auth(ACCESS_KEY, SECRET_KEY)

# 初始化 DomainManager 对象
domain_manager = DomainManager(auth)

# 读取证书和私钥文件
with open(args.key, 'r') as f:
    privatekey_str = f.read()

with open(args.cert, 'r') as f:
    ca_str = f.read()

ret, info = domain_manager.create_sslcert(
    args.domain, args.domain, privatekey_str, ca_str)
print(ret['certID'])

ret, info = domain_manager.put_httpsconf(args.domain, ret['certID'], False)
print(info)
	# 使用官方 Python 精简版作为基础镜像
	FROM python:3-alpine

	# 更新 pip 并安装 tccli（推荐 pip 安装方式）
	RUN apk add --no-cache curl openssl jq && \
	python -m pip install --no-cache-dir --upgrade pip && \
	pip install --no-cache-dir tccli qiniu && \
	curl https://get.acme.sh \| sh -s email=admin@qs5.org && \
	wget https://github.com/qiniu/qshell/releases/download/v2.16.0/qshell-v2.16.0-linux-amd64.tar.gz

	COPY ./run_qiniu.py /app/run_qiniu.py
	COPY ./main.sh /app/main.sh

	WORKDIR /app

	CMD ["/app/main.sh", "run"]
	#!/bin/sh

	# 申请证书
	signCert() {
	~/.acme.sh/acme.sh --issue --dns dns_dp -d www.qs5.org -d ip.qs5.org -d me.qs5.org -d cdn.qs5.org
	}

	# 设置腾讯云
	setQcloud() {
	# 上传到腾讯云
	crtId=$(tccli ssl UploadCertificate --CertificatePublicKey "$(cat /root/.acme.sh/www.qs5.org_ecc/fullchain.cer)" --CertificatePrivateKey "$(cat /root/.acme.sh/www.qs5.org_ecc/www.qs5.org.key)" --Alias "acme-qs5.org-$(date +%Y%m%d)" \| jq -r '.CertificateId')

	# 设置证书
	tccli cdn ModifyDomainConfig --Domain ip.qs5.org --Route Https.CertInfo.CertId --Value "{\"update\":\"${crtId}\"}"
	}

	# 设置七牛云
	setQiniu() {
	# 七牛云
	python run_qiniu.py --domain cdn.qs5.org --cert "/root/.acme.sh/www.qs5.org_ecc/fullchain.cer" --key "/root/.acme.sh/www.qs5.org_ecc/www.qs5.org.key"
	}

	run() {
	# 申请证书
	signCert

	# 设置腾讯云
	setQcloud

	# 设置七牛云
	setQiniu
	}

	docker() {
	docker compose run --rm cert
	}

	# 运行
	cmd=$1
	if [ "$cmd" = "run" ]; then
	run
	elif [ "$cmd" = "docker" ]; then
	docker
	else
	echo "Usage: $0 {run\|docker}"
	fi
	# -- coding: utf-8 --
	# flake8: noqa

	import os
	import argparse
	import qiniu
	from qiniu import DomainManager

	# 配置信息
	ACCESS_KEY = os.environ.get('QINIU_ACCESS_KEY')
	SECRET_KEY = os.environ.get('QINIU_SECRET_KEY')

	if not ACCESS_KEY or not SECRET_KEY:
	raise Exception("请先设置 QINIU_ACCESS_KEY 和 QINIU_SECRET_KEY 环境变量")

	# 命令行参数
	parser = argparse.ArgumentParser(description="上传七牛 CDN SSL 证书")
	parser.add_argument('--domain', required=True, help='绑定 CDN 的域名，如 cdn.example.com')
	parser.add_argument('--cert', required=True, help='证书文件路径（fullchain）')
	parser.add_argument('--key', required=True, help='私钥文件路径（privkey）')
	args = parser.parse_args()

	# 初始化Auth对象
	auth = qiniu.Auth(ACCESS_KEY, SECRET_KEY)

	# 初始化 DomainManager 对象
	domain_manager = DomainManager(auth)

	# 读取证书和私钥文件
	with open(args.key, 'r') as f:
	privatekey_str = f.read()

	with open(args.cert, 'r') as f:
	ca_str = f.read()

	ret, info = domain_manager.create_sslcert(
	args.domain, args.domain, privatekey_str, ca_str)
	print(ret['certID'])

	ret, info = domain_manager.put_httpsconf(args.domain, ret['certID'], False)
	print(info)