From cea611c81cdb2eb725a8b1ab1d95beb4bb1349d5 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 21:17:14 -0700 Subject: [PATCH] Create temporary cert process so that nginx can start. Still need to figure out if/how certbot will attempt to renew domains in conf.d. Lowered the cert days in case it checks that. --- Config/ReverseProxy/Dockerfile | 7 ----- Config/ReverseProxy/config/conf.d/example.com | 4 +-- .../ReverseProxy/create_placeholder_certs.sh | 30 +++++++++++++++++++ Config/ReverseProxy/docker-compose.yml | 2 +- 4 files changed, 33 insertions(+), 10 deletions(-) create mode 100755 Config/ReverseProxy/create_placeholder_certs.sh diff --git a/Config/ReverseProxy/Dockerfile b/Config/ReverseProxy/Dockerfile index 8da69da..7d8d97d 100644 --- a/Config/ReverseProxy/Dockerfile +++ b/Config/ReverseProxy/Dockerfile @@ -7,10 +7,3 @@ FROM nginx # Add all the configuration files to the environment. COPY ./config/nginx.conf /etc/nginx/nginx.conf COPY ./config/conf.d/*.* /etc/nginx/conf.d/ - -# Create "working" certificates for the example configuration file. -RUN mkdir -p /etc/nginx/certs/example.com -RUN openssl req -new -x509 -days 5000 -nodes \ - -out /etc/nginx/certs/example.com/cert.crt \ - -keyout /etc/nginx/certs/example.com/cert.key \ - -subj '/CN=example.com/O=Example/C=XX' diff --git a/Config/ReverseProxy/config/conf.d/example.com b/Config/ReverseProxy/config/conf.d/example.com index b578321..8e3c7d7 100644 --- a/Config/ReverseProxy/config/conf.d/example.com +++ b/Config/ReverseProxy/config/conf.d/example.com @@ -33,8 +33,8 @@ server { server_name example.com; # The certs being used for the website. - ssl_certificate /etc/nginx/certs/example.com/cert.crt; - ssl_certificate_key /etc/nginx/certs/example.com/cert.key; + ssl_certificate /etc/nginx/certs/example.com/fullchain.pem; + ssl_certificate_key /etc/nginx/certs/example.com/privkey.pem; # Send traffic to upstream server location / { diff --git a/Config/ReverseProxy/create_placeholder_certs.sh b/Config/ReverseProxy/create_placeholder_certs.sh new file mode 100755 index 0000000..0c83f54 --- /dev/null +++ b/Config/ReverseProxy/create_placeholder_certs.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# Create a fake cert for each file in config/conf.d/. + +DIR=`dirname $0` +if [[ $DIR == \.* ]]; then + DIR=`pwd` +fi + +# Where the files need to live. +CERT_DIR=$DIR/../../Volumes/ReverseProxy/letsencrypt-certs +echo "CERT_DIR=$CERT_DIR" + +# Create the directory if it does not exist. +mkdir -pv $DIR/../../Volumes/ReverseProxy/letsencrypt-certs + +# Loop over the proxy configuration files and ensure they have certs. +ls $DIR/config/conf.d/*.* | while read file; do + filename=`basename $file` + echo "Checking $filename:" + if [[ ! -d $CERT_DIR/$filename ]]; then + echo " Creating self-signed certs at $CERT_DIR/$filename." + mkdir -pv $CERT_DIR/$filename + openssl req -new -x509 -days 3 -nodes \ + -out $CERT_DIR/$filename/fullchain.pem \ + -keyout $CERT_DIR/$filename/privkey.pem \ + -subj "/CN=$filename/O=$filename/C=XX" + else + echo " Certs already exist!" + fi +done diff --git a/Config/ReverseProxy/docker-compose.yml b/Config/ReverseProxy/docker-compose.yml index f19a990..6b97cc1 100644 --- a/Config/ReverseProxy/docker-compose.yml +++ b/Config/ReverseProxy/docker-compose.yml @@ -15,7 +15,7 @@ services: - "80:80" - "443:443" volumes: - - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs-letsencrypt + - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" certbot: image: certbot/certbot