From f753a7bae75ee982a9de3c8a27a11ed6164813ee Mon Sep 17 00:00:00 2001 From: DarkCat09 Date: Wed, 19 Feb 2025 13:21:25 +0400 Subject: [PATCH 1/8] rename script, chmod +x --- Dockerfile | 4 ++-- entrypoint.sh => run.sh | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename entrypoint.sh => run.sh (100%) mode change 100644 => 100755 diff --git a/Dockerfile b/Dockerfile index 2a1e173..11d6f08 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,5 +7,5 @@ RUN /venv/bin/pip install -U pip certbot certbot-nginx RUN apk del py3-virtualenv && rm -rf /var/cache/apk -COPY ./entrypoint.sh / -CMD ["/entrypoint.sh"] +COPY ./run.sh / +CMD ["/run.sh"] diff --git a/entrypoint.sh b/run.sh old mode 100644 new mode 100755 similarity index 100% rename from entrypoint.sh rename to run.sh From 6ec7228db4a62c3cb71a3a1501cc5fe600a4d4b5 Mon Sep 17 00:00:00 2001 From: DarkCat09 Date: Wed, 19 Feb 2025 14:10:57 +0400 Subject: [PATCH 2/8] feat: ask for installation method --- run.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/run.sh b/run.sh index 3cf3352..78bba89 100755 --- a/run.sh +++ b/run.sh @@ -8,7 +8,23 @@ then # check if stdin (fd 0) is assigned to a tty [ ! -t 0 ] && echo "Not a TTY! Exiting" && exit 1 - /venv/bin/certbot certonly --nginx + echo "Choose installation method:" + echo " 1. get certs for hosts specified in nginx.conf" + echo " and automatically edit the config (default)" + echo " 2. get certs for hosts, do not edit the config" + echo " 3. just launch shell, i'll do it myself" + read n + + if [ "$n" = 3 ] + then + /bin/ash -i + elif [ "$n" = 2 ] + then + /venv/bin/certbot certonly --nginx + else + /venv/bin/certbot --nginx + fi + exit $? fi From 229a0bff287f305c0b8e828c0fb58378ccad4ce7 Mon Sep 17 00:00:00 2001 From: DarkCat09 Date: Wed, 19 Feb 2025 14:12:07 +0400 Subject: [PATCH 3/8] fix: check if subdir exists when volume is mounted, /etc/letsencrypt exists even when not init-ed --- run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run.sh b/run.sh index 78bba89..9d85431 100755 --- a/run.sh +++ b/run.sh @@ -1,6 +1,6 @@ #!/bin/ash -if [ ! -e /etc/letsencrypt ] +if [ ! -e /etc/letsencrypt/live ] then echo "[!!] Certbot directory is not initialized" echo "[!!] Either it's the first run or you forgot to add a volume" From f2a88873e666b71487b0c78c1693a27c312de497 Mon Sep 17 00:00:00 2001 From: DarkCat09 Date: Wed, 19 Feb 2025 14:14:02 +0400 Subject: [PATCH 4/8] style: prompt --- run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run.sh b/run.sh index 9d85431..a04fb59 100755 --- a/run.sh +++ b/run.sh @@ -13,7 +13,7 @@ then echo " and automatically edit the config (default)" echo " 2. get certs for hosts, do not edit the config" echo " 3. just launch shell, i'll do it myself" - read n + read -p '>> ' n if [ "$n" = 3 ] then From e47a81fc84ce308969a5b427e4593a1b2291d0eb Mon Sep 17 00:00:00 2001 From: DarkCat09 Date: Wed, 19 Feb 2025 15:49:30 +0400 Subject: [PATCH 5/8] feat: add certbot to PATH --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 11d6f08..7708fec 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,8 +3,10 @@ FROM alpine:latest RUN apk add --no-cache nginx python3 py3-virtualenv RUN python3 -m venv /venv -RUN /venv/bin/pip install -U pip certbot certbot-nginx +RUN /venv/bin/pip install certbot certbot-nginx +ENV PATH="/venv/bin:$PATH" +RUN /venv/bin/pip cache purge && /venv/bin/pip uninstall -y pip RUN apk del py3-virtualenv && rm -rf /var/cache/apk COPY ./run.sh / From 264c992e491fb2746eae94ae12367eff64d4b4c6 Mon Sep 17 00:00:00 2001 From: DarkCat09 Date: Wed, 19 Feb 2025 15:50:50 +0400 Subject: [PATCH 6/8] fix: 1.loop stop flag, 2.request user to perform first run by themself --- run.sh | 59 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/run.sh b/run.sh index a04fb59..8ab2773 100755 --- a/run.sh +++ b/run.sh @@ -1,38 +1,12 @@ #!/bin/ash -if [ ! -e /etc/letsencrypt/live ] -then - echo "[!!] Certbot directory is not initialized" - echo "[!!] Either it's the first run or you forgot to add a volume" - - # check if stdin (fd 0) is assigned to a tty - [ ! -t 0 ] && echo "Not a TTY! Exiting" && exit 1 - - echo "Choose installation method:" - echo " 1. get certs for hosts specified in nginx.conf" - echo " and automatically edit the config (default)" - echo " 2. get certs for hosts, do not edit the config" - echo " 3. just launch shell, i'll do it myself" - read -p '>> ' n - - if [ "$n" = 3 ] - then - /bin/ash -i - elif [ "$n" = 2 ] - then - /venv/bin/certbot certonly --nginx - else - /venv/bin/certbot --nginx - fi - - exit $? -fi - /usr/sbin/nginx -c /etc/nginx/nginx.conf & ngpid=$! waitpid="" +stopflag=0 ctrlc () { + stopflag=1 kill -QUIT "$ngpid" [ -n "$waitpid" ] && kill -INT "$waitpid" } @@ -40,9 +14,34 @@ ctrlc () { trap ctrlc INT trap ctrlc TERM -while true + +if [ ! -e /etc/letsencrypt/live ] +then + echo "[!!] Certbot directory is not initialized" + echo "[!!] Either it's the first run or you forgot to add a volume" + echo + echo "1. Login to shell" + echo " > docker compose exec -it nginx ash" + echo "2. Either let certbot retrieve certs and automatically edit nginx config" + echo " # certbot --nginx" + echo " OR just get certs for hosts in your nginx config, edit manually later" + echo " # certbot certonly --nginx" + echo "3. Restart:" + echo " # exit" + echo " > docker compose down && docker compose up -d" + + while [ $stopflag = 0 ] + do + sleep 5m & + waitpid=$! + wait + done +fi + + +while [ $stopflag = 0 ] do - /venv/bin/certbot renew --post-hook "kill -HUP $ngpid" + /venv/bin/certbot renew --post-hook "kill -HUP $ngpid" & sleep 12h & waitpid=$! wait From 8d1027d23f881f91ff7abbbe2f29c3ea6d7ab81b Mon Sep 17 00:00:00 2001 From: DarkCat09 Date: Wed, 19 Feb 2025 15:51:44 +0400 Subject: [PATCH 7/8] feat: add compose --- compose.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 compose.yml diff --git a/compose.yml b/compose.yml new file mode 100644 index 0000000..6c4ecf2 --- /dev/null +++ b/compose.yml @@ -0,0 +1,12 @@ +services: + nginx: + image: git.dc09.ru/darkcat09/certbot-nginx:latest + build: . + restart: unless-stopped + volumes: + - "./example/letsencrypt:/etc/letsencrypt" + - "./example/nginx.conf:/etc/nginx/nginx.conf" + - "./example/http.d:/etc/nginx/http.d" + ports: + - 80:80 + - 443:443 From 214ddf4785ae995f9843814c871ad1a0cdc04535 Mon Sep 17 00:00:00 2001 From: DarkCat09 Date: Wed, 19 Feb 2025 15:56:07 +0400 Subject: [PATCH 8/8] upload example/ dir --- example/http.d/test1.conf | 20 ++++++++++++++++++++ example/letsencrypt/.gitignore | 2 ++ example/nginx.conf | 15 +++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 example/http.d/test1.conf create mode 100644 example/letsencrypt/.gitignore create mode 100644 example/nginx.conf diff --git a/example/http.d/test1.conf b/example/http.d/test1.conf new file mode 100644 index 0000000..f0c8386 --- /dev/null +++ b/example/http.d/test1.conf @@ -0,0 +1,20 @@ +server { + server_name test1.dc09.ru; + return 200 "Hello world"; + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/test1.dc09.ru/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/test1.dc09.ru/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot +} + +server { + if ($host = test1.dc09.ru) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + server_name test1.dc09.ru; + return 404; # managed by Certbot +} diff --git a/example/letsencrypt/.gitignore b/example/letsencrypt/.gitignore new file mode 100644 index 0000000..d6b7ef3 --- /dev/null +++ b/example/letsencrypt/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/example/nginx.conf b/example/nginx.conf new file mode 100644 index 0000000..2eb4602 --- /dev/null +++ b/example/nginx.conf @@ -0,0 +1,15 @@ +worker_processes 4; + +events { + worker_connections 1024; +} + +http { + access_log off; + error_log off; + + include mime.types; + default_type application/octet-stream; + + include /etc/nginx/http.d/*; +}