Version 0.5: Less features makes for better software
This commit is contained in:
parent
9fca4ca0c7
commit
a5e9215d92
|
@ -1,5 +1,5 @@
|
||||||
FROM python:2
|
FROM python:2
|
||||||
MAINTAINER Henri Dwyer <henri@dwyer.io>
|
MAINTAINER Elliot Saba <staticfloat@gmail.com>
|
||||||
|
|
||||||
VOLUME /etc/letsencrypt
|
VOLUME /etc/letsencrypt
|
||||||
EXPOSE 80
|
EXPOSE 80
|
||||||
|
@ -8,7 +8,7 @@ RUN apt update && apt install -y cron
|
||||||
RUN pip install certbot
|
RUN pip install certbot
|
||||||
RUN mkdir /scripts
|
RUN mkdir /scripts
|
||||||
|
|
||||||
ADD ./crontab /etc/cron.d/certbot
|
COPY ./crontab /etc/cron.d/certbot
|
||||||
RUN crontab /etc/cron.d/certbot
|
RUN crontab /etc/cron.d/certbot
|
||||||
|
|
||||||
COPY ./scripts/ /scripts
|
COPY ./scripts/ /scripts
|
||||||
|
|
4
Makefile
4
Makefile
|
@ -1,7 +1,7 @@
|
||||||
all: build
|
all: build
|
||||||
|
|
||||||
build: Makefile Dockerfile
|
build: Makefile Dockerfile
|
||||||
docker build --squash -t staticfloat/docker-letsencrypt-cron .
|
docker build --squash -t staticfloat/docker-certbot-cron .
|
||||||
|
|
||||||
push:
|
push:
|
||||||
docker push staticfloat/docker-letsencrypt-cron
|
docker push staticfloat/docker-certbot-cron
|
||||||
|
|
56
README.md
56
README.md
|
@ -1,5 +1,5 @@
|
||||||
# docker-letsencrypt-cron
|
# docker-certbot-cron
|
||||||
Create and automatically renew website SSL certificates using the letsencrypt free certificate authority, and its client *certbot*.
|
Create and automatically renew website SSL certificates using the letsencrypt free certificate authority, and its client *certbot*. Define the environment variables `DOMAINS` (space-separated list of fully-qualified domain names) and `EMAIL` (your letsencrypt registration email) to automatically run `certbot` to renew/fetch your SSL certificates in the background. Configure `nginx` to pass off the ACME validation challenge, and you'll have zero-downtime, 100% automatic SSL certificates for all your Docker containers!
|
||||||
|
|
||||||
# ACME Validation challenge
|
# ACME Validation challenge
|
||||||
|
|
||||||
|
@ -12,28 +12,60 @@ The recommended way to use this image is to set up your reverse proxy to automat
|
||||||
If you use nginx as a reverse proxy, you can add the following to your configuration file in order to pass the ACME challenge.
|
If you use nginx as a reverse proxy, you can add the following to your configuration file in order to pass the ACME challenge.
|
||||||
|
|
||||||
``` nginx
|
``` nginx
|
||||||
upstream certbot_upstream{
|
|
||||||
server certbot:80;
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
location '/.well-known/acme-challenge' {
|
location '/.well-known/acme-challenge' {
|
||||||
default_type "text/plain";
|
default_type "text/plain";
|
||||||
proxy_pass http://certbot_upstream;
|
# Note: this works with docker-compose only if the service name is `certbot`,
|
||||||
}
|
# and the `nginx` service `depends_on` the `certbot` service!
|
||||||
|
proxy_pass http://certbot:80;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## `docker-compose` example
|
||||||
|
|
||||||
|
To use this container with `docker-compose`, put something like the following into your configuration:
|
||||||
|
```yml
|
||||||
|
version '2'
|
||||||
|
services:
|
||||||
|
...
|
||||||
|
certbot:
|
||||||
|
image: staticfloat/docker-certbot-cron
|
||||||
|
container_name: certbot
|
||||||
|
volumes:
|
||||||
|
- certbot_etc_letsencrypt:/etc/letsencrypt
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
- DOMAINS="foo.bar.com baz.bar.com"
|
||||||
|
- EMAIL=email@domain.com
|
||||||
|
...
|
||||||
|
nginx:
|
||||||
|
...
|
||||||
|
depends_on:
|
||||||
|
- certbot
|
||||||
|
volumes:
|
||||||
|
- certbot_etc_letsencrypt:/etc/letsencrypt:ro
|
||||||
|
...
|
||||||
|
volumes:
|
||||||
|
certbot_etc_letsencrypt:
|
||||||
|
external: true
|
||||||
|
```
|
||||||
|
I personally like having my certificates stored in an external volume so that if I ever accidentally run `docker-compose down` I don't have to re-issue myself the certificates.
|
||||||
|
|
||||||
# More information
|
# More information
|
||||||
|
|
||||||
Find out more about letsencrypt: https://letsencrypt.org
|
Find out more about letsencrypt: https://letsencrypt.org
|
||||||
|
|
||||||
Certbot github: https://github.com/certbot/certbot
|
Certbot github: https://github.com/certbot/certbot
|
||||||
|
|
||||||
|
This repository was originally forked from `@henridwyer`, many thanks to him for the good idea. I've basically taken his approach and made it less flexible/simpler for my own use cases, so if you want this repository to do something a particular way, make sure [his repo](https://github.com/henridwyer/docker-letsencrypt-cron) doesn't already do it.
|
||||||
|
|
||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
### 0.5
|
||||||
|
- Change the name to `docker-certbot-cron`, update documentation, strip out even more stuff I don't care about.
|
||||||
|
|
||||||
### 0.4
|
### 0.4
|
||||||
- Rip out a bunch of stuff because `@staticfloat` is a monster, and likes to do things his way
|
- Rip out a bunch of stuff because `@staticfloat` is a monster, and likes to do things his way
|
||||||
|
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
version: '2'
|
|
||||||
|
|
||||||
services:
|
|
||||||
certbot:
|
|
||||||
image: staticfloat/docker-letsencrypt-cron
|
|
||||||
container_name: certbot
|
|
||||||
volumes:
|
|
||||||
- buildbot_certbot_letsencrypt:/etc/letsencrypt
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
- DOMAINS=buildtest.e.ip.saba.us
|
|
||||||
- EMAIL=staticfloat@gmail.com
|
|
||||||
- SEPARATE=true
|
|
|
@ -1,3 +1,3 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
/bin/bash /scripts/run_certbot.sh
|
/bin/bash /scripts/run_certbot.sh
|
||||||
cron -f
|
exec cron -f
|
||||||
|
|
|
@ -1,50 +1,30 @@
|
||||||
echo "Running certbot for domains $DOMAINS"
|
echo "Running certbot for domains $DOMAINS"
|
||||||
|
|
||||||
get_certificate() {
|
get_certificate() {
|
||||||
# Gets the certificate for the domain(s) CERT_DOMAINS (a comma separated list)
|
# Gets the certificate for the domain(s) CERT_DOMAINS (a comma separated list)
|
||||||
# The certificate will be named after the first domain in the list
|
# The certificate will be named after the first domain in the list
|
||||||
# To work, the following variables must be set:
|
# To work, the following variables must be set:
|
||||||
# - CERT_DOMAINS : comma separated list of domains
|
# - CERT_DOMAINS : comma separated list of domains
|
||||||
# - EMAIL
|
# - EMAIL
|
||||||
# - args
|
|
||||||
|
|
||||||
local d=${CERT_DOMAINS//,*/} # read first domain
|
local d=${CERT_DOMAINS//,*/} # read first domain
|
||||||
echo "Getting certificate for $CERT_DOMAINS"
|
echo "Getting certificate for $CERT_DOMAINS"
|
||||||
certbot certonly --agree-tos --keep -n \
|
certbot certonly --agree-tos --keep -n --text --email $EMAIL --server \
|
||||||
--text --server https://acme-v01.api.letsencrypt.org/directory \
|
https://acme-v01.api.letsencrypt.org/directory -d $CERT_DOMAINS \
|
||||||
--email $EMAIL -d $CERT_DOMAINS $args
|
--standalone --standalone-supported-challenges http-01 --debug
|
||||||
ec=$?
|
ec=$?
|
||||||
echo "certbot exit code $ec"
|
echo "certbot exit code $ec"
|
||||||
if [ $ec -eq 0 ]
|
if [ $ec -eq 0 ]; then
|
||||||
then
|
echo "Certificates for $CERT_DOMAINS can be found in /etc/letsencrypt/live/$d"
|
||||||
echo "Certificates for $CERT_DOMAINS can be found in /etc/letsencrypt/live/$d"
|
else
|
||||||
else
|
echo "Cerbot failed for $CERT_DOMAINS. Check the logs for details."
|
||||||
echo "Cerbot failed for $CERT_DOMAINS. Check the logs for details."
|
fi
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
args=""
|
|
||||||
if [ $WEBROOT ]
|
|
||||||
then
|
|
||||||
args=" --webroot -w $WEBROOT"
|
|
||||||
else
|
|
||||||
args=" --standalone --standalone-supported-challenges http-01"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if $DEBUG
|
|
||||||
then
|
|
||||||
args=$args" --debug"
|
|
||||||
fi
|
|
||||||
|
|
||||||
set -x
|
set -x
|
||||||
if $SEPARATE
|
for d in $DOMAINS
|
||||||
then
|
do
|
||||||
for d in $DOMAINS
|
CERT_DOMAINS=$d
|
||||||
do
|
|
||||||
CERT_DOMAINS=$d
|
|
||||||
get_certificate
|
|
||||||
done
|
|
||||||
else
|
|
||||||
CERT_DOMAINS=${DOMAINS// /,}
|
|
||||||
get_certificate
|
get_certificate
|
||||||
fi
|
done
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue