me/env-docker
me/env-docker
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Create temporary cert process so that nginx can start. Still need to figure out if/how certbot will attempt to renew domains in conf.d. Lowered the cert days in case it checks that.

Browse Source
This commit is contained in:
Hyperling 2023-07-05 21:17:14 -07:00
parent 8fa7adb2d3
commit cea611c81c
4 changed files with 33 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Config/ReverseProxy/Dockerfile
View File

@ -7,10 +7,3 @@ FROM nginx
# Add all the configuration files to the environment. # Add all the configuration files to the environment.
COPY ./config/nginx.conf /etc/nginx/nginx.conf COPY ./config/nginx.conf /etc/nginx/nginx.conf
COPY ./config/conf.d/*.* /etc/nginx/conf.d/ COPY ./config/conf.d/*.* /etc/nginx/conf.d/
# Create "working" certificates for the example configuration file.
RUN mkdir -p /etc/nginx/certs/example.com
RUN openssl req -new -x509 -days 5000 -nodes \
-out /etc/nginx/certs/example.com/cert.crt \
-keyout /etc/nginx/certs/example.com/cert.key \
-subj '/CN=example.com/O=Example/C=XX'

4
Config/ReverseProxy/config/conf.d/example.com
View File

@ -33,8 +33,8 @@ server {
server_name example.com; server_name example.com;
# The certs being used for the website. # The certs being used for the website.
ssl_certificate /etc/nginx/certs/example.com/cert.crt; ssl_certificate /etc/nginx/certs/example.com/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/example.com/cert.key; ssl_certificate_key /etc/nginx/certs/example.com/privkey.pem;
# Send traffic to upstream server # Send traffic to upstream server
location / { location / {

30
Config/ReverseProxy/create_placeholder_certs.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
# Create a fake cert for each file in config/conf.d/.
DIR=`dirname $0`
if [[ $DIR == \.* ]]; then
DIR=`pwd`
fi
# Where the files need to live.
CERT_DIR=$DIR/../../Volumes/ReverseProxy/letsencrypt-certs
echo "CERT_DIR=$CERT_DIR"
# Create the directory if it does not exist.
mkdir -pv $DIR/../../Volumes/ReverseProxy/letsencrypt-certs
# Loop over the proxy configuration files and ensure they have certs.
ls $DIR/config/conf.d/*.* | while read file; do
filename=`basename $file`
echo "Checking $filename:"
if [[ ! -d $CERT_DIR/$filename ]]; then
echo " Creating self-signed certs at $CERT_DIR/$filename."
mkdir -pv $CERT_DIR/$filename
openssl req -new -x509 -days 3 -nodes \
-out $CERT_DIR/$filename/fullchain.pem \
-keyout $CERT_DIR/$filename/privkey.pem \
-subj "/CN=$filename/O=$filename/C=XX"
else
echo " Certs already exist!"
fi
done

2
Config/ReverseProxy/docker-compose.yml
View File

@ -15,7 +15,7 @@ services:
- "80:80" - "80:80"
- "443:443" - "443:443"
volumes: volumes:
- ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs-letsencrypt - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot: certbot:
image: certbot/certbot image: certbot/certbot