Another attempt
This commit is contained in:
Marwolf
@@ -17,6 +17,19 @@ services:
|
||||
- NGINX_HOST=${NGINX_HOST}
|
||||
restart: always
|
||||
|
||||
certbot:
|
||||
build: ./etc/certbot
|
||||
container_name: certbot
|
||||
volumes:
|
||||
- ./etc/letsencrypt/certs:/certs
|
||||
restart: always
|
||||
environment:
|
||||
- WEBROOT="/opt/bitnami/nginx/html"
|
||||
- DOMAINS=wolfkingdom.net
|
||||
- EMAIL=cleako@gmail.com
|
||||
- CONCAT=false
|
||||
- SEPARATE=true
|
||||
|
||||
myadmin:
|
||||
image: phpmyadmin/phpmyadmin
|
||||
container_name: phpmyadmin
|
||||
|
||||
21
etc/certbot/Dockerfile
Executable file
21
etc/certbot/Dockerfile
Executable file
@@ -0,0 +1,21 @@
|
||||
FROM python:2-alpine
|
||||
MAINTAINER Henri Dwyer <henri@dwyer.io>
|
||||
|
||||
VOLUME /certs
|
||||
VOLUME /etc/letsencrypt
|
||||
EXPOSE 80
|
||||
|
||||
RUN apk add --no-cache --virtual .build-deps linux-headers gcc musl-dev\
|
||||
&& apk add --no-cache libffi-dev openssl-dev dialog\
|
||||
&& pip install certbot\
|
||||
&& apk del .build-deps\
|
||||
&& mkdir /scripts
|
||||
|
||||
ADD crontab /etc/crontabs
|
||||
RUN crontab /etc/crontabs/crontab
|
||||
|
||||
COPY ./scripts/ /scripts
|
||||
RUN chmod +x /scripts/run_certbot.sh
|
||||
|
||||
ENTRYPOINT []
|
||||
CMD ["crond", "-f"]
|
||||
59
etc/certbot/run_certbot.sh
Executable file
59
etc/certbot/run_certbot.sh
Executable file
@@ -0,0 +1,59 @@
|
||||
echo "Running certbot for domains $DOMAINS"
|
||||
|
||||
get_certificate() {
|
||||
# Gets the certificate for the domain(s) CERT_DOMAINS (a comma separated list)
|
||||
# The certificate will be named after the first domain in the list
|
||||
# To work, the following variables must be set:
|
||||
# - CERT_DOMAINS : comma separated list of domains
|
||||
# - EMAIL
|
||||
# - CONCAT
|
||||
# - args
|
||||
|
||||
local d=${CERT_DOMAINS//,*/} # read first domain
|
||||
echo "Getting certificate for $CERT_DOMAINS"
|
||||
certbot certonly --agree-tos --renew-by-default -n \
|
||||
--text --server https://acme-v01.api.letsencrypt.org/directory \
|
||||
--email $EMAIL -d $CERT_DOMAINS $args
|
||||
ec=$?
|
||||
echo "certbot exit code $ec"
|
||||
if [ $ec -eq 0 ]
|
||||
then
|
||||
if $CONCAT
|
||||
then
|
||||
# concat the full chain with the private key (e.g. for haproxy)
|
||||
cat /etc/letsencrypt/live/$d/fullchain.pem /etc/letsencrypt/live/$d/privkey.pem > /certs/$d.pem
|
||||
else
|
||||
# keep full chain and private key in separate files (e.g. for nginx and apache)
|
||||
cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.pem
|
||||
cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key
|
||||
fi
|
||||
echo "Certificate obtained for $CERT_DOMAINS! Your new certificate - named $d - is in /certs"
|
||||
else
|
||||
echo "Cerbot failed for $CERT_DOMAINS. Check the logs for details."
|
||||
fi
|
||||
}
|
||||
|
||||
args=""
|
||||
if [ $WEBROOT ]
|
||||
then
|
||||
args=" --webroot -w $WEBROOT"
|
||||
else
|
||||
args=" --standalone --standalone-supported-challenges http-01"
|
||||
fi
|
||||
|
||||
if $DEBUG
|
||||
then
|
||||
args=$args" --debug"
|
||||
fi
|
||||
|
||||
if $SEPARATE
|
||||
then
|
||||
for d in $DOMAINS
|
||||
do
|
||||
CERT_DOMAINS=$d
|
||||
get_certificate
|
||||
done
|
||||
else
|
||||
CERT_DOMAINS=${DOMAINS// /,}
|
||||
get_certificate
|
||||
fi
|
||||
@@ -15,6 +15,11 @@ server {
|
||||
error_log /opt/bitnami/nginx/logs/error.log;
|
||||
access_log /opt/bitnami/nginx/logs/access.log;
|
||||
|
||||
location '/.well-known/acme-challenge' {
|
||||
default_type "text/plain";
|
||||
proxy_pass http://certbot_upstream;
|
||||
}
|
||||
|
||||
rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS
|
||||
|
||||
}
|
||||
@@ -50,6 +55,11 @@ server {
|
||||
root /opt/bitnami/nginx/html;
|
||||
}
|
||||
|
||||
location '/.well-known/acme-challenge' {
|
||||
default_type "text/plain";
|
||||
proxy_pass http://certbot_upstream;
|
||||
}
|
||||
|
||||
####### Proxies #######
|
||||
# PHP proxy
|
||||
# location /board {
|
||||
@@ -81,9 +91,4 @@ server {
|
||||
proxy_pass http://tomcat;
|
||||
}
|
||||
|
||||
location ~ /\.well-known/acme-challenge {
|
||||
root /opt/bitnami/nginx/html;
|
||||
allow all;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -6,6 +6,10 @@ upstream ghost {
|
||||
server ghost:2368;
|
||||
}
|
||||
|
||||
upstream certbot_upstream{
|
||||
server certbot:80;
|
||||
}
|
||||
|
||||
# HTTP
|
||||
server {
|
||||
listen 8080 default_server;
|
||||
@@ -24,6 +28,11 @@ server {
|
||||
root /opt/bitnami/nginx/html;
|
||||
}
|
||||
|
||||
location '/.well-known/acme-challenge' {
|
||||
default_type "text/plain";
|
||||
proxy_pass http://certbot_upstream;
|
||||
}
|
||||
|
||||
####### Proxies #######
|
||||
# PHP proxy
|
||||
# location /board {
|
||||
@@ -55,9 +64,4 @@ server {
|
||||
proxy_pass http://tomcat;
|
||||
}
|
||||
|
||||
location ~ /\.well-known/acme-challenge {
|
||||
root /opt/bitnami/nginx/html;
|
||||
allow all;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user