Enable templating! Eliminate unnecessary customization!
This commit is contained in:
parent
386d73143b
commit
f6d02a7ec9
66
README.md
66
README.md
|
@ -1,19 +1,14 @@
|
|||
# docker-nginx-certbot
|
||||
Create and automatically renew website SSL certificates using the letsencrypt free certificate authority, and its client *certbot*, built on top of the nginx server.
|
||||
Create and automatically renew website SSL certificates using the free [letsencrypt](https://letsencrypt.org/) certificate authority, and its client [*certbot*](https://certbot.eff.org/), built on top of the [nginx](https://www.nginx.com/) webserver.
|
||||
|
||||
# More information
|
||||
|
||||
Find out more about letsencrypt: https://letsencrypt.org
|
||||
|
||||
Certbot github: https://github.com/certbot/certbot
|
||||
|
||||
This repository was originally forked from `@henridwyer`, many thanks to him for the good idea. I've rewritten about 90% of this repository, so it bears almost no resemblance to the original. This repository is _much_ more opinionated about the structure of your webservers/containers, however it is easier to use as long as all of your webservers follow that pattern.
|
||||
This repository was originally forked from `@henridwyer`, many thanks to him for the good idea. It has since been completely rewritten, and bears almost no resemblance to the original. This repository is _much_ more opinionated about the structure of your webservers/containers, however it is easier to use as long as all of your webservers follow the given pattern.
|
||||
|
||||
# Usage
|
||||
|
||||
Create a config directory for your custom configs:
|
||||
```
|
||||
mkdir conf.d
|
||||
|
||||
```bash
|
||||
$ mkdir conf.d
|
||||
```
|
||||
|
||||
And a `.conf` in that directory:
|
||||
|
@ -36,19 +31,62 @@ version: '3'
|
|||
services:
|
||||
frontend:
|
||||
restart: unless-stopped
|
||||
build: frontend
|
||||
image: staticfloat/nginx-certbot
|
||||
ports:
|
||||
- 80:80/tcp
|
||||
- 443:443/tcp
|
||||
environment:
|
||||
- CERTBOT_EMAIL=owner@company.com
|
||||
CERTBOT_EMAIL: owner@company.com
|
||||
volumes:
|
||||
- ./conf.d:/etc/nginx/user.conf.d :ro
|
||||
...
|
||||
- ./conf.d:/etc/nginx/user.conf.d:ro
|
||||
- letsencrypt:/etc/letsencrypt
|
||||
volumes:
|
||||
letsencrypt:
|
||||
```
|
||||
|
||||
Launch that docker-compose file, and you're good to go; `certbot` will automatically request an SSL certificate for any `nginx` sites that look for SSL certificates in `/etc/letsencrypt/live`, and will automatically renew them over time.
|
||||
|
||||
## Templating
|
||||
|
||||
You may wish to template your configurations, e.g. passing in a hostname so as to be able to run multiple identical copies of this container; one per website. The docker container will use [`envsubst`](https://www.gnu.org/software/gettext/manual/html_node/envsubst-Invocation.html) to template all mounted user configs with a user-provided list of environment variables. Example:
|
||||
|
||||
```nginx
|
||||
# In conf.d/nginx_template.conf
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name ${FQDN};
|
||||
ssl_certificate /etc/letsencrypt/live/${FQDN}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/${FQDN}/privkey.pem;
|
||||
|
||||
...
|
||||
}
|
||||
```
|
||||
|
||||
```yml
|
||||
version: '3'
|
||||
services:
|
||||
frontend:
|
||||
restart: unless-stopped
|
||||
image: staticfloat/nginx-certbot
|
||||
ports:
|
||||
- 80:80/tcp
|
||||
- 443:443/tcp
|
||||
environment:
|
||||
CERTBOT_EMAIL: owner@company.com
|
||||
ENVSUBST_VARS: FQDN
|
||||
FQDN: server.company.com
|
||||
volumes:
|
||||
- ./conf.d:/etc/nginx/user.conf.d:ro
|
||||
- letsencrypt:/etc/letsencrypt
|
||||
volumes:
|
||||
letsencrypt:
|
||||
```
|
||||
|
||||
# Changelog
|
||||
|
||||
### 1.0
|
||||
- Many improvements thanks to contributors from across the globe. Together, we have drastically reduced the amount of customization needed; configs can be mounted directly into a prebuilt image, and the configurations can even be templated.
|
||||
|
||||
### 0.8
|
||||
- Ditch cron, it never liked me anway. Just use `sleep` and a `while` loop instead.
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ trap "kill 0" EXIT
|
|||
. $(cd $(dirname $0); pwd)/util.sh
|
||||
|
||||
# first include any user configs if they've been mounted
|
||||
link_user_configs
|
||||
template_user_configs
|
||||
|
||||
# Immediately run auto_enable_configs so that nginx is in a runnable state
|
||||
auto_enable_configs
|
||||
|
|
|
@ -93,20 +93,26 @@ is_renewal_required() {
|
|||
[ $is_finshed_week_sec -lt 0 ]
|
||||
}
|
||||
|
||||
# symlinks any *.conf files in /etc/nginx/user.conf.d
|
||||
# copies any *.conf files in /etc/nginx/user.conf.d
|
||||
# to /etc/nginx/conf.d so they are included as configs
|
||||
# this allows a user to easily mount their own configs
|
||||
link_user_configs() {
|
||||
# We make use of `envsubst` to allow for on-the-fly templating
|
||||
# of the user configs.
|
||||
template_user_configs() {
|
||||
SOURCE_DIR="${1-/etc/nginx/user.conf.d}"
|
||||
TARGET_DIR="${2-/etc/nginx/conf.d}"
|
||||
|
||||
echo "symlinking scripts from ${SOURCE_DIR} to ${TARGET_DIR}"
|
||||
# envsubst needs dollar signs in front of all variable names
|
||||
DENV=$(echo ${ENVSUBST_VARS} | sed -E 's/\$*([^ ]+)/\$\1/g')
|
||||
|
||||
echo "templating scripts from ${SOURCE_DIR} to ${TARGET_DIR}"
|
||||
echo "Substituting variables ${DENV}"
|
||||
|
||||
if [ ! -d "$SOURCE_DIR" ]; then
|
||||
echo "no ${SOURCE_DIR}, nothing to do."
|
||||
else
|
||||
for conf in ${SOURCE_DIR}/*.conf; do
|
||||
ln -sv "${conf}" "${TARGET_DIR}/$(basename ${conf})"
|
||||
envsubst "${DENV}" <"${conf}" > "${TARGET_DIR}/$(basename ${conf})"
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue