From 6236b65a8b3abfa5b8dde827db5b546fb2c3f25d Mon Sep 17 00:00:00 2001
From: Philipp <github@vanbittern.com>
Date: Fri, 28 Sep 2018 10:17:07 +0200
Subject: [PATCH] Initial commit

---
 LICENSE             | 21 ++++++++++++++
 data/nginx/app.conf | 26 +++++++++++++++++
 docker-compose.yml  | 17 ++++++++++++
 init-letsencrypt.sh | 68 +++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 132 insertions(+)
 create mode 100644 LICENSE
 create mode 100644 data/nginx/app.conf
 create mode 100644 docker-compose.yml
 create mode 100644 init-letsencrypt.sh

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..854a082
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Philipp Schmieder
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/data/nginx/app.conf b/data/nginx/app.conf
new file mode 100644
index 0000000..cd90438
--- /dev/null
+++ b/data/nginx/app.conf
@@ -0,0 +1,26 @@
+server {
+    listen 80;
+    server_name example.org;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name example.org;
+
+    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    location / {
+        proxy_pass http://example.org;
+    }
+}
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..54af606
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,17 @@
+version: '3'
+services:
+  nginx:
+    image: nginx:1.15-alpine
+    volumes:
+      - ./data/nginx:/etc/nginx/conf.d
+      - ./data/certbot/conf:/etc/letsencrypt
+      - ./data/certbot/www:/var/www/certbot
+    ports:
+      - "80:80"
+      - "443:443"
+  certbot:
+    image: certbot/certbot
+    volumes:
+      - ./data/certbot/conf:/etc/letsencrypt
+      - ./data/certbot/www:/var/www/certbot
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
diff --git a/init-letsencrypt.sh b/init-letsencrypt.sh
new file mode 100644
index 0000000..330c38f
--- /dev/null
+++ b/init-letsencrypt.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+domains=( "example.org" "example.com" )
+rsa_key_size=4096
+data_path="./data/certbot"
+email="" #Adding a valid address is strongly recommended 
+staging=0 #Set to 1 if you're just testing your setup to avoid hitting request limits
+
+echo "### Preparing directories in $data_path ..."
+rm -Rf "$data_path"
+mkdir -p "$data_path/www"
+mkdir -p "$data_path/conf/live/$domains"
+
+
+echo "### Creating dummy certificate ..."
+path="/etc/letsencrypt/live/$domains"
+mkdir -p "$path"
+docker-compose run --rm --entrypoint "\
+    openssl req -x509 -nodes -newkey rsa:1024 -days 1\
+      -keyout '$path/privkey.pem' \
+      -out '$path/fullchain.pem' \
+      -subj '/CN=localhost'" certbot
+
+
+echo "### Downloading recommended HTTPS parameters ..."
+curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
+curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
+
+
+echo "### Starting nginx ..."
+docker-compose up -d nginx
+
+
+echo "### Deleting dummy certificate ..."
+sudo rm -Rf "$data_path/conf/live"
+
+echo "### Downloading recommended TLS options ..."
+curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
+curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
+
+
+echo "### Requesting initial certificate ..."
+
+#Join $domains to -d args
+domain_args=""
+for domain in "${domains[@]}"; do
+  domain_args="$domain_args -d $domain"
+done
+
+#Select appropriate email arg
+case "$email" in
+  "") email_arg="--register-unsafely-without-email" ;;
+  *) email_arg="--email $email" ;;
+esac
+
+#Enable staging mode if needed
+if [ $staging != "0" ]; then staging_arg="--staging"; fi
+
+docker-compose run --rm --entrypoint "\
+  certbot certonly --webroot -w /var/www/certbot \
+    $staging_arg \
+    $email_arg \
+    $domain_args \
+    --rsa-key-size $rsa_key_size \
+    --agree-tos \
+    --force-renewal" certbot
+
+docker-compose stop nginx