mirror of
https://github.com/wmnnd/nginx-certbot
synced 2023-04-20 18:47:46 +08:00
Initial commit
This commit is contained in:
Philipp
commit
6236b65a8b
21
LICENSE
Normal file
21
LICENSE
Normal file
@ -0,0 +1,21 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2018 Philipp Schmieder
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
26
data/nginx/app.conf
Normal file
26
data/nginx/app.conf
Normal file
@ -0,0 +1,26 @@
|
||||
server {
|
||||
listen 80;
|
||||
server_name example.org;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/certbot;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name example.org;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://example.org;
|
||||
}
|
||||
}
|
||||
17
docker-compose.yml
Normal file
17
docker-compose.yml
Normal file
@ -0,0 +1,17 @@
|
||||
version: '3'
|
||||
services:
|
||||
nginx:
|
||||
image: nginx:1.15-alpine
|
||||
volumes:
|
||||
- ./data/nginx:/etc/nginx/conf.d
|
||||
- ./data/certbot/conf:/etc/letsencrypt
|
||||
- ./data/certbot/www:/var/www/certbot
|
||||
ports:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
certbot:
|
||||
image: certbot/certbot
|
||||
volumes:
|
||||
- ./data/certbot/conf:/etc/letsencrypt
|
||||
- ./data/certbot/www:/var/www/certbot
|
||||
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
|
||||
68
init-letsencrypt.sh
Normal file
68
init-letsencrypt.sh
Normal file
@ -0,0 +1,68 @@
|
||||
#!/bin/bash
|
||||
|
||||
domains=( "example.org" "example.com" )
|
||||
rsa_key_size=4096
|
||||
data_path="./data/certbot"
|
||||
email="" #Adding a valid address is strongly recommended
|
||||
staging=0 #Set to 1 if you're just testing your setup to avoid hitting request limits
|
||||
|
||||
echo "### Preparing directories in $data_path ..."
|
||||
rm -Rf "$data_path"
|
||||
mkdir -p "$data_path/www"
|
||||
mkdir -p "$data_path/conf/live/$domains"
|
||||
|
||||
|
||||
echo "### Creating dummy certificate ..."
|
||||
path="/etc/letsencrypt/live/$domains"
|
||||
mkdir -p "$path"
|
||||
docker-compose run --rm --entrypoint "\
|
||||
openssl req -x509 -nodes -newkey rsa:1024 -days 1\
|
||||
-keyout '$path/privkey.pem' \
|
||||
-out '$path/fullchain.pem' \
|
||||
-subj '/CN=localhost'" certbot
|
||||
|
||||
|
||||
echo "### Downloading recommended HTTPS parameters ..."
|
||||
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
|
||||
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
|
||||
|
||||
|
||||
echo "### Starting nginx ..."
|
||||
docker-compose up -d nginx
|
||||
|
||||
|
||||
echo "### Deleting dummy certificate ..."
|
||||
sudo rm -Rf "$data_path/conf/live"
|
||||
|
||||
echo "### Downloading recommended TLS options ..."
|
||||
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
|
||||
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
|
||||
|
||||
|
||||
echo "### Requesting initial certificate ..."
|
||||
|
||||
#Join $domains to -d args
|
||||
domain_args=""
|
||||
for domain in "${domains[@]}"; do
|
||||
domain_args="$domain_args -d $domain"
|
||||
done
|
||||
|
||||
#Select appropriate email arg
|
||||
case "$email" in
|
||||
"") email_arg="--register-unsafely-without-email" ;;
|
||||
*) email_arg="--email $email" ;;
|
||||
esac
|
||||
|
||||
#Enable staging mode if needed
|
||||
if [ $staging != "0" ]; then staging_arg="--staging"; fi
|
||||
|
||||
docker-compose run --rm --entrypoint "\
|
||||
certbot certonly --webroot -w /var/www/certbot \
|
||||
$staging_arg \
|
||||
$email_arg \
|
||||
$domain_args \
|
||||
--rsa-key-size $rsa_key_size \
|
||||
--agree-tos \
|
||||
--force-renewal" certbot
|
||||
|
||||
docker-compose stop nginx
|
||||
Loading…
x
Reference in New Issue
Block a user