Version 0.5: Less features makes for better software

2017-01-19 17:42:04 -08:00 · 2017-01-19 17:42:04 -08:00 · a5e9215d92
parent 9fca4ca0c7
commit a5e9215d92
6 changed files with 71 additions and 72 deletions
--- a/4
+++ b/4
@ -1,5 +1,5 @@
 FROM python:2
-MAINTAINER Henri Dwyer <henri@dwyer.io>
+MAINTAINER Elliot Saba <staticfloat@gmail.com>

 VOLUME /etc/letsencrypt
 EXPOSE 80
@ -8,7 +8,7 @@ RUN apt update && apt install -y cron
 RUN pip install certbot
 RUN mkdir /scripts

-ADD ./crontab /etc/cron.d/certbot
+COPY ./crontab /etc/cron.d/certbot
 RUN crontab /etc/cron.d/certbot

 COPY ./scripts/ /scripts
--- a/4
+++ b/4
@ -1,7 +1,7 @@
 all: build

 build: Makefile Dockerfile
-	docker build --squash -t staticfloat/docker-letsencrypt-cron .
+	docker build --squash -t staticfloat/docker-certbot-cron .

 push:
-	docker push staticfloat/docker-letsencrypt-cron
+	docker push staticfloat/docker-certbot-cron
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@
-# docker-letsencrypt-cron
-Create and automatically renew website SSL certificates using the letsencrypt free certificate authority, and its client *certbot*.
+# docker-certbot-cron
+Create and automatically renew website SSL certificates using the letsencrypt free certificate authority, and its client *certbot*.  Define the environment variables `DOMAINS` (space-separated list of fully-qualified domain names) and `EMAIL` (your letsencrypt registration email) to automatically run `certbot` to renew/fetch your SSL certificates in the background.  Configure `nginx` to pass off the ACME validation challenge, and you'll have zero-downtime, 100% automatic SSL certificates for all your Docker containers!

 # ACME Validation challenge

@ -12,28 +12,60 @@ The recommended way to use this image is to set up your reverse proxy to automat
 If you use nginx as a reverse proxy, you can add the following to your configuration file in order to pass the ACME challenge.

 ``` nginx
-upstream certbot_upstream{
-  server certbot:80;
-}
-
 server {
-  listen              80;
-  location '/.well-known/acme-challenge' {
-    default_type "text/plain";
-    proxy_pass http://certbot_upstream;
-  }
+    listen 80;
+    location '/.well-known/acme-challenge' {
+        default_type "text/plain";
+        # Note: this works with docker-compose only if the service name is `certbot`,
+        # and the `nginx` service `depends_on` the `certbot` service!
+        proxy_pass http://certbot:80;
+    }
 }
-
 ```

+## `docker-compose` example
+
+To use this container with `docker-compose`, put something like the following into your configuration:
+```yml
+version '2'
+services:
+...
+    certbot:
+        image: staticfloat/docker-certbot-cron
+        container_name: certbot
+        volumes:
+            - certbot_etc_letsencrypt:/etc/letsencrypt
+        restart: unless-stopped
+        environment:
+            - DOMAINS="foo.bar.com baz.bar.com"
+            - EMAIL=email@domain.com
+...
+    nginx:
+        ...
+        depends_on:
+            - certbot
+        volumes:
+            - certbot_etc_letsencrypt:/etc/letsencrypt:ro
+...
+volumes:
+    certbot_etc_letsencrypt:
+        external: true
+```
+I personally like having my certificates stored in an external volume so that if I ever accidentally run `docker-compose down` I don't have to re-issue myself the certificates.
+
 # More information

 Find out more about letsencrypt: https://letsencrypt.org

 Certbot github: https://github.com/certbot/certbot

+This repository was originally forked from `@henridwyer`, many thanks to him for the good idea.  I've basically taken his approach and made it less flexible/simpler for my own use cases, so if you want this repository to do something a particular way, make sure [his repo](https://github.com/henridwyer/docker-letsencrypt-cron) doesn't already do it.
+
 # Changelog

+### 0.5
+- Change the name to `docker-certbot-cron`, update documentation, strip out even more stuff I don't care about.
+
 ### 0.4
 - Rip out a bunch of stuff because `@staticfloat` is a monster, and likes to do things his way

--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,13 +0,0 @@
-version: '2'
-
-services:
-  certbot:
-    image: staticfloat/docker-letsencrypt-cron
-    container_name: certbot
-    volumes:
-      - buildbot_certbot_letsencrypt:/etc/letsencrypt
-    restart: unless-stopped
-    environment:
-      - DOMAINS=buildtest.e.ip.saba.us
-      - EMAIL=staticfloat@gmail.com
-      - SEPARATE=true
--- a/scripts/entrypoint.sh
+++ b/scripts/entrypoint.sh
@ -1,3 +1,3 @@
 #!/bin/bash
 /bin/bash /scripts/run_certbot.sh
-cron -f
+exec cron -f
--- a/scripts/run_certbot.sh
+++ b/scripts/run_certbot.sh
@ -1,50 +1,30 @@
 echo "Running certbot for domains $DOMAINS"

 get_certificate() {
-  # Gets the certificate for the domain(s) CERT_DOMAINS (a comma separated list)
-  # The certificate will be named after the first domain in the list
-  # To work, the following variables must be set:
-  # - CERT_DOMAINS : comma separated list of domains
-  # - EMAIL
-  # - args
+    # Gets the certificate for the domain(s) CERT_DOMAINS (a comma separated list)
+    # The certificate will be named after the first domain in the list
+    # To work, the following variables must be set:
+    # - CERT_DOMAINS : comma separated list of domains
+    # - EMAIL

-  local d=${CERT_DOMAINS//,*/} # read first domain
-  echo "Getting certificate for $CERT_DOMAINS"
-  certbot certonly --agree-tos --keep -n \
-  --text --server https://acme-v01.api.letsencrypt.org/directory \
-  --email $EMAIL -d $CERT_DOMAINS $args
-  ec=$?
-  echo "certbot exit code $ec"
-  if [ $ec -eq 0 ]
-  then
-    echo "Certificates for $CERT_DOMAINS can be found in /etc/letsencrypt/live/$d"
-  else
-    echo "Cerbot failed for $CERT_DOMAINS. Check the logs for details."
-  fi
+    local d=${CERT_DOMAINS//,*/} # read first domain
+    echo "Getting certificate for $CERT_DOMAINS"
+    certbot certonly --agree-tos --keep -n --text --email $EMAIL --server \
+        https://acme-v01.api.letsencrypt.org/directory -d $CERT_DOMAINS \
+        --standalone --standalone-supported-challenges http-01 --debug
+    ec=$?
+    echo "certbot exit code $ec"
+    if [ $ec -eq 0 ]; then
+        echo "Certificates for $CERT_DOMAINS can be found in /etc/letsencrypt/live/$d"
+    else
+        echo "Cerbot failed for $CERT_DOMAINS. Check the logs for details."
+    fi
 }

-args=""
-if [ $WEBROOT ]
-then
-  args=" --webroot -w $WEBROOT"
-else
-  args=" --standalone --standalone-supported-challenges http-01"
-fi
-
-if $DEBUG
-then
-  args=$args" --debug"
-fi
-
 set -x
-if $SEPARATE
-then
-  for d in $DOMAINS
-  do
-    CERT_DOMAINS=$d
-    get_certificate
-  done
-else
-  CERT_DOMAINS=${DOMAINS// /,}
+for d in $DOMAINS
+do
+  CERT_DOMAINS=$d
  get_certificate
-fi
+done
+