docker
/
nginx-certbot
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

stop to reacreate keys on restart

This commit is contained in:
Valder Gallo 2018-06-27 21:59:43 -03:00
parent 91af6eaabc
commit cf136e28d8
3 changed files with 24 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -1,5 +1,5 @@
FROM nginx FROM nginx
MAINTAINER Elliot Saba <staticfloat@gmail.com> LABEL maintainer="Valder Gallo <valergallo@gmail.com>"
VOLUME /etc/letsencrypt VOLUME /etc/letsencrypt
EXPOSE 80 EXPOSE 80

29
scripts/entrypoint.sh
View File

@ -14,28 +14,26 @@ auto_enable_configs
nginx -g "daemon off;" & nginx -g "daemon off;" &
export NGINX_PID=$! export NGINX_PID=$!
# Next, run certbot to request all the ssl certs we can find
/scripts/run_certbot.sh
# Lastly, run startup scripts # Lastly, run startup scripts
for f in /scripts/startup/*.sh; do for f in /scripts/startup/*.sh; do
if [[ -x "$f" ]]; then if [ -x "$f" ]; then
echo "Running startup script $f" echo "Running startup script $f"
$f $f
fi fi
done done
echo "Done with startup" echo "Done with startup"
now=$(date)
last_sync_file="/etc/letsencrypt/last_sync.txt" last_sync_file="/etc/letsencrypt/last_sync.txt"
if [[ ! -e "$last_sync_file" ]]; then if [ ! -e "$last_sync_file" ]; then
mkdir -p /Scripts
touch "$last_sync_file" touch "$last_sync_file"
# run certbot to request all the ssl certs we can find
echo "Run first time certbot"
/scripts/run_certbot.sh
fi fi
last_sync=$(stat -c %y "$last_sync_file") one_week_sec=604800
updated_days=$(( ($(date -d now +%s) - $(date -d last_sync +%s) )/(60*60*24) ))
# Instead of trying to run `cron` or something like that, just leep and run `certbot`. # Instead of trying to run `cron` or something like that, just leep and run `certbot`.
while [ true ]; do while [ true ]; do
@ -43,8 +41,17 @@ while [ true ]; do
sleep 604800 & sleep 604800 &
SLEEP_PID=$! SLEEP_PID=$!
# re-run certbot last_sync_sec=$(stat -c %Y "$last_sync_file")
/scripts/run_certbot.sh now_sec=$(date -d now +%s)
runned_sec=$(( ($now_sec - $last_sync_sec) ))
is_finshed_week_sec=$(( ($one_week_sec - $runned_sec) ))
echo "Not run_certbot.sh"
if [ $is_finshed_week_sec -lt 0 ]; then
# re-run certbot
echo "Run certbot"
/scripts/run_certbot.sh
fi
# Wait on sleep so that when we get ctrl-c'ed it kills everything due to our trap # Wait on sleep so that when we get ctrl-c'ed it kills everything due to our trap
wait "$SLEEP_PID" wait "$SLEEP_PID"

9
scripts/util.sh
View File

@ -62,14 +62,15 @@ get_certificate() {
PRODUCTION_URL='https://acme-v01.api.letsencrypt.org/directory' PRODUCTION_URL='https://acme-v01.api.letsencrypt.org/directory'
STAGING_URL='https://acme-staging.api.letsencrypt.org/directory' STAGING_URL='https://acme-staging.api.letsencrypt.org/directory'
if [[ ! "${IS_STAGING}" = "1" ]]; then if [ "${IS_STAGING}" = "1" ]; then
letsencrypt_url=STAGING_URL letsencrypt_url=STAGING_URL
echo "Staging on" echo "Staging ..."
else elses
letsencrypt_url=PRODUCTION_URL letsencrypt_url=PRODUCTION_URL
echo "Production on" echo "Production ..."
fi fi
echo "running certbot ... $letsencrypt_url"
certbot certonly --agree-tos --keep -n --text --email $2 --server \ certbot certonly --agree-tos --keep -n --text --email $2 --server \
$letsencrypt_url -d $1 --http-01-port 1337 \ $letsencrypt_url -d $1 --http-01-port 1337 \
--standalone --standalone-supported-challenges http-01 --debug --standalone --standalone-supported-challenges http-01 --debug