From ed9b6b6db0530868b888cf7a9151a14c47aa5eeb Mon Sep 17 00:00:00 2001
From: "A. Finkhaeuser" <alex@elaon.de>
Date: Tue, 9 Apr 2024 16:09:28 +0200
Subject: [PATCH] added docker deploy option to run the reload cmd with user
 root

---
 .test-env        | 10 ++++++++++
 deploy/docker.sh | 29 +++++++++++++++++++++++++++--
 2 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 .test-env

diff --git a/.test-env b/.test-env
new file mode 100644
index 00000000..50c372fb
--- /dev/null
+++ b/.test-env
@@ -0,0 +1,10 @@
+PDNS_Url=http://192.168.42.199:8000
+PDNS_ServerId=localhost
+PDNS_Token=aaff153f99761ce9931f6717016ad2f4-0b87b0a7263927744a361008e0c5110b
+DEPLOY_DOCKER_CONTAINER_LABEL=sh.acme.autoload.domain=test.elaon.de
+DEPLOY_DOCKER_CONTAINER_KEY_FILE=/opt/emqx/etc/certs/key.pem
+DEPLOY_DOCKER_CONTAINER_CERT_FILE="/opt/emqx/etc/certs/cert.pem"
+DEPLOY_DOCKER_CONTAINER_CA_FILE="/opt/emqx/etc/certs/cacert.pem"
+DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE="/opt/emqx/etc/certs/full.pem"
+DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="chmod 664 /opt/emqx/etc/certs/*.pem && /opt/emqx/bin/emqx stop"
+#DEPLOY_DOCKER_CONTAINER_RUN_AS_ROOT="true"
diff --git a/deploy/docker.sh b/deploy/docker.sh
index c9815d5b..03b26af0 100755
--- a/deploy/docker.sh
+++ b/deploy/docker.sh
@@ -7,11 +7,14 @@
 #DEPLOY_DOCKER_CONTAINER_CA_FILE="/path/to/ca.pem"
 #DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE="/path/to/fullchain.pem"
 #DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="service nginx force-reload"
+#DEPLOY_DOCKER_CONTAINER_RUN_AS_ROOT="false"
 
 _DEPLOY_DOCKER_WIKI="https://github.com/acmesh-official/acme.sh/wiki/deploy-to-docker-containers"
 
 _DOCKER_HOST_DEFAULT="/var/run/docker.sock"
 
+_RUN_AS_ROOT="false"
+
 docker_deploy() {
   _cdomain="$1"
   _ckey="$2"
@@ -94,6 +97,18 @@ docker_deploy() {
     _savedeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" "base64"
   fi
 
+  _getdeployconf DEPLOY_DOCKER_CONTAINER_RUN_AS_ROOT
+  if [ "$DEPLOY_DOCKER_CONTAINER_RUN_AS_ROOT" == "true" ]; then
+    DEPLOY_DOCKER_CONTAINER_RUN_AS_ROOT="true"
+    _RUN_AS_ROOT="true"
+  else
+    DEPLOY_DOCKER_CONTAINER_RUN_AS_ROOT="false"
+  fi
+  _debug2 DEPLOY_DOCKER_CONTAINER_RUN_AS_ROOT "$DEPLOY_DOCKER_CONTAINER_RUN_AS_ROOT"
+  if [ "$DEPLOY_DOCKER_CONTAINER_RUN_AS_ROOT" ]; then
+    _savedeployconf DEPLOY_DOCKER_CONTAINER_RUN_AS_ROOT "$DEPLOY_DOCKER_CONTAINER_RUN_AS_ROOT"
+  fi
+
   _cid="$(_get_id "$DEPLOY_DOCKER_CONTAINER_LABEL")"
   _info "Container id: $_cid"
   if [ -z "$_cid" ]; then
@@ -163,7 +178,12 @@ _docker_exec() {
   _dcid="$1"
   shift
   if [ "$_USE_DOCKER_COMMAND" ]; then
-    docker exec -i "$_dcid" sh -c "$*"
+    _OPTS=""
+    if [ "$_RUN_AS_ROOT" == "true" ]; then
+      _OPTS="-u root"
+      _debug2 "Run docker exec with user root"
+    fi
+    docker exec $_OPTS -i "$_dcid" sh -c "$*"
   elif [ "$_USE_REST" ]; then
     _err "Not implemented yet."
     return 1
@@ -171,8 +191,13 @@ _docker_exec() {
     _cmd="$*"
     #_cmd="$(printf "%s" "$_cmd" | sed 's/ /","/g')"
     _debug2 _cmd "$_cmd"
+    _OPTS=""
+    if [ "$_RUN_AS_ROOT" == "true" ]; then
+      _OPTS='"User": "root", '
+      _debug2 "Run docker exec with user root"
+    fi
     #create exec instance:
-    cjson="$(_curl_unix_sock "$_DOCKER_SOCK" POST "/containers/$_dcid/exec" "{\"Cmd\": [\"sh\", \"-c\", \"$_cmd\"]}")"
+    cjson="$(_curl_unix_sock "$_DOCKER_SOCK" POST "/containers/$_dcid/exec" "{$_OPTS\"Cmd\": [\"sh\", \"-c\", \"$_cmd\"]}")"
     _debug2 cjson "$cjson"
     execid="$(echo "$cjson" | cut -d '"' -f 4)"
     _debug execid "$execid"