Create script to get real certificates. Programs are functional but have not tried pointing the production router to the test box yet to see if the challenge will pass.
This commit is contained in:
parent
7be7df9b45
commit
478cce43b5
@ -33,7 +33,7 @@ http {
|
||||
# Allow nginx to fulfill LetsEncrypt Certbot challenges.
|
||||
server {
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /etc/nginx/certs-letsencrypt;
|
||||
root /etc/nginx/letsencrypt;
|
||||
}
|
||||
}
|
||||
|
||||
|
73
Config/ReverseProxy/create_letsencrypt_certs.sh
Executable file
73
Config/ReverseProxy/create_letsencrypt_certs.sh
Executable file
@ -0,0 +1,73 @@
|
||||
#!/bin/bash
|
||||
# Create a real cert for each file in config/conf.d/.
|
||||
|
||||
DIR=`dirname $0`
|
||||
if [[ $DIR == \.* ]]; then
|
||||
DIR=`pwd`
|
||||
fi
|
||||
|
||||
# Where the files need to live.
|
||||
CERT_DIR=$DIR/../../Volumes/ReverseProxy/letsencrypt-certs
|
||||
echo "CERT_DIR=$CERT_DIR"
|
||||
|
||||
# Ensure that fake certs were created at some point, or that the system has been run at least once.
|
||||
if [[ ! -d $DIR/../../Volumes/ReverseProxy/letsencrypt-certs ]]; then
|
||||
echo "ERROR: Certificate directory does not exist yet. Run the placeholder script first." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# The container needs to be running in order to use the certbot command.
|
||||
certbot_running=`docker ps | grep -c reverseproxy-certbot-1`
|
||||
if [[ $certbot_running != 1 ]]; then
|
||||
echo "ERROR: Certbot container does not appear to be running, cannot continue." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Gather information from the user.
|
||||
echo -n "Please provide the email address you would like the certs bound to: "
|
||||
read email
|
||||
if [[ -z $email ]]; then
|
||||
echo "ERROR: Email address is mandatory. $email" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo -n "Please double check that '$email' looks correct and provide Yes if so: "
|
||||
typeset -u confirm
|
||||
read confirm
|
||||
if [[ $confirm != "Y"* ]]; then
|
||||
echo "Email address was not confirmed, received '$confirm', aborting."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Loop over the proxy configuration files and ensure they have certs.
|
||||
ls $DIR/config/conf.d/*.* | while read file; do
|
||||
filename=`basename $file`
|
||||
|
||||
if [[ $filename == "example.com" ]]; then
|
||||
echo "Skipping $filename since it is only for testing."
|
||||
continue
|
||||
fi
|
||||
|
||||
echo "*** Checking $filename ***"
|
||||
if [[ -d $CERT_DIR/$filename ]]; then
|
||||
echo "Getting the domains which need the cert."
|
||||
domains=`grep server_name $file`
|
||||
|
||||
# Clean up the data by removing the directive and semi-colon, changing
|
||||
# spaces to commas, and making sure there are no gaps.
|
||||
domains=${domains//server_name/}
|
||||
domains=${domains//;/}
|
||||
domains=`echo $domains`
|
||||
domains=${domains// /,}
|
||||
echo "Domains='$domains'"
|
||||
|
||||
echo "Attempting to create real certs at $CERT_DIR/$filename."
|
||||
docker exec reverseproxy-certbot-1 certbot certonly -n --standalone \
|
||||
--agree-tos -m $email -d $filename
|
||||
|
||||
ls -lh $CERT_DIR/$filename/*
|
||||
else
|
||||
echo "Website's certificate folder does not exist, skipping."
|
||||
continue
|
||||
fi
|
||||
done
|
@ -15,11 +15,12 @@ services:
|
||||
- "80:80"
|
||||
- "443:443"
|
||||
volumes:
|
||||
- ../../Volumes/ReverseProxy/letsencrypt:/etc/nginx/letsencrypt
|
||||
- ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs
|
||||
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
|
||||
certbot:
|
||||
image: certbot/certbot
|
||||
volumes:
|
||||
- ../../Volumes/ReverseProxy/letsencrypt-etc:/etc/letsencrypt
|
||||
- ../../Volumes/ReverseProxy/letsencrypt:/etc/letsencrypt
|
||||
- ../../Volumes/ReverseProxy/letsencrypt-certs:/var/www/certbot
|
||||
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
|
||||
|
Loading…
x
Reference in New Issue
Block a user