docker
/
nginx-certbot
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

Multitudinous fixes

This commit is contained in:
Elliot Saba 2017-01-24 20:43:56 -08:00
parent 90e3be422f
commit 07ad674223
3 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Makefile
View File

@ -1,7 +1,14 @@
# If we have `--squash` support, then use it!
ifneq ($(shell docker build --help 2>/dev/null | grep squash),)
DOCKER_BUILD = docker build --squash
else
DOCKER_BUILD = docker build
endif
all: build all: build
build: Makefile Dockerfile build: Makefile Dockerfile
docker build --squash -t staticfloat/nginx-certbot . $(DOCKER_BUILD) -t staticfloat/nginx-certbot .
@echo "Done! Use docker run staticfloat/nginx-certbot to run" @echo "Done! Use docker run staticfloat/nginx-certbot to run"
push: push:

2
nginx_conf.d/certbot.conf
View File

@ -5,7 +5,7 @@ server {
# Pass this particular URL off to certbot, to authenticate HTTPS certificates # Pass this particular URL off to certbot, to authenticate HTTPS certificates
location '/.well-known/acme-challenge' { location '/.well-known/acme-challenge' {
default_type "text/plain"; default_type "text/plain";
proxy_pass http://localhost:80; proxy_pass http://localhost:1337;
} }
# Everything else gets shunted over to HTTPS # Everything else gets shunted over to HTTPS

14
scripts/util.sh
View File

@ -16,13 +16,13 @@ error() {
parse_domains() { parse_domains() {
# For each configuration file in /etc/nginx/conf.d/*.conf* # For each configuration file in /etc/nginx/conf.d/*.conf*
for conf_file in /etc/nginx/conf.d/*.conf*; do for conf_file in /etc/nginx/conf.d/*.conf*; do
sed -n -e 's/^\s*ssl_certificate_key\s*\/etc/letsencrypt/live/(.*\)/privkey.pem;/\1/p' $conf_file | tr '\n' ',' sed -n -e 's&^\s*ssl_certificate_key\s*\/etc/letsencrypt/live/\(.*\)/privkey.pem;&\1&p' $conf_file | xargs echo | tr ' ' ','
done done
} }
# Given a config file path, spit out all the ssl_certificate_key file paths # Given a config file path, spit out all the ssl_certificate_key file paths
parse_keyfiles() { parse_keyfiles() {
sed -n -e 's/^\s*ssl_certificate_key\s*\(.*\);/\1/p' "$1" sed -n -e 's&^\s*ssl_certificate_key\s*\(.*\);&\1&p' "$1"
} }
# Given a config file path, return 0 if all keyfiles exist (or there are no # Given a config file path, return 0 if all keyfiles exist (or there are no
@ -41,13 +41,13 @@ keyfiles_exist() {
# that don't have their keyfiles yet, and disabling them through renaming # that don't have their keyfiles yet, and disabling them through renaming
auto_enable_configs() { auto_enable_configs() {
for conf_file in /etc/nginx/conf.d/*.conf*; do for conf_file in /etc/nginx/conf.d/*.conf*; do
if ! keyfiles_exist $conf_file; then if keyfiles_exist $conf_file; then
if [ $conf_file == *.nokey ]; then if [ ${conf_file##*.} = nokey ]; then
echo "Found all the keyfiles for $conf_file, enabling..." echo "Found all the keyfiles for $conf_file, enabling..."
mv $conf_file ${conf_file%.*} mv $conf_file ${conf_file%.*}
fi fi
else else
if [ $conf_file == *.conf ]; then if [ ${conf_file##*.} = conf ]; then
echo "Keyfile(s) missing for $conf_file, disabling..." echo "Keyfile(s) missing for $conf_file, disabling..."
mv $conf_file $conf_file.nokey mv $conf_file $conf_file.nokey
fi fi
@ -59,7 +59,7 @@ auto_enable_configs() {
# EMAIL environment variable, to register the proper support email address. # EMAIL environment variable, to register the proper support email address.
get_certificate() { get_certificate() {
echo "Getting certificate for domain $1 on behalf of user $2" echo "Getting certificate for domain $1 on behalf of user $2"
return certbot certonly --agree-tos --keep -n --text --email $2 --server \ certbot certonly --agree-tos --keep -n --text --email $2 --server \
https://acme-v01.api.letsencrypt.org/directory -d $1 \ https://acme-v01.api.letsencrypt.org/directory -d $1 --http-01-port 1337 \
--standalone --standalone-supported-challenges http-01 --debug --standalone --standalone-supported-challenges http-01 --debug
} }