upload example/ dir

when volume is mounted, /etc/letsencrypt exists even when not init-ed

Dockerfile

@@ -3,9 +3,11 @@ FROM alpine:latest
 RUN apk add --no-cache nginx python3 py3-virtualenv
 
 RUN python3 -m venv /venv
-RUN /venv/bin/pip install -U pip certbot certbot-nginx
+RUN /venv/bin/pip install certbot certbot-nginx
+ENV PATH="/venv/bin:$PATH"
 
+RUN /venv/bin/pip cache purge && /venv/bin/pip uninstall -y pip
 RUN apk del py3-virtualenv && rm -rf /var/cache/apk
 
-COPY ./entrypoint.sh /
-CMD ["/entrypoint.sh"]
+COPY ./run.sh /
+CMD ["/run.sh"]

compose.yml

@@ -0,0 +1,12 @@
+services:
+  nginx:
+    image: git.dc09.ru/darkcat09/certbot-nginx:latest
+    build: .
+    restart: unless-stopped
+    volumes:
+      - "./example/letsencrypt:/etc/letsencrypt"
+      - "./example/nginx.conf:/etc/nginx/nginx.conf"
+      - "./example/http.d:/etc/nginx/http.d"
+    ports:
+      - 80:80
+      - 443:443

entrypoint.sh

@@ -1,33 +0,0 @@
-#!/bin/ash
-
-if [ ! -e /etc/letsencrypt ]
-then
-  echo "[!!] Certbot directory is not initialized"
-  echo "[!!] Either it's the first run or you forgot to add a volume"
-
-  # check if stdin (fd 0) is assigned to a tty
-  [ ! -t 0 ] && echo "Not a TTY! Exiting" && exit 1
-
-  /venv/bin/certbot certonly --nginx
-  exit $?
-fi
-
-/usr/sbin/nginx -c /etc/nginx/nginx.conf &
-ngpid=$!
-waitpid=""
-
-ctrlc () {
-  kill -QUIT "$ngpid"
-  [ -n "$waitpid" ] && kill -INT "$waitpid"
-}
-
-trap ctrlc INT
-trap ctrlc TERM
-
-while true
-do
-  /venv/bin/certbot renew --post-hook "kill -HUP $ngpid"
-  sleep 12h &
-  waitpid=$!
-  wait
-done

example/http.d/test1.conf

@@ -0,0 +1,20 @@
+server {
+  server_name test1.dc09.ru;
+  return 200 "Hello world";
+
+  listen 443 ssl; # managed by Certbot
+  ssl_certificate /etc/letsencrypt/live/test1.dc09.ru/fullchain.pem; # managed by Certbot
+  ssl_certificate_key /etc/letsencrypt/live/test1.dc09.ru/privkey.pem; # managed by Certbot
+  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+
+server {
+  if ($host = test1.dc09.ru) {
+    return 301 https://$host$request_uri;
+  } # managed by Certbot
+
+  listen 80;
+  server_name test1.dc09.ru;
+  return 404; # managed by Certbot
+}

example/letsencrypt/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

example/nginx.conf

@@ -0,0 +1,15 @@
+worker_processes 4;
+
+events {
+  worker_connections 1024;
+}
+
+http {
+  access_log off;
+  error_log off;
+
+  include mime.types;
+  default_type application/octet-stream;
+
+  include /etc/nginx/http.d/*;
+}

run.sh

@@ -0,0 +1,48 @@
+#!/bin/ash
+
+/usr/sbin/nginx -c /etc/nginx/nginx.conf &
+ngpid=$!
+waitpid=""
+stopflag=0
+
+ctrlc () {
+  stopflag=1
+  kill -QUIT "$ngpid"
+  [ -n "$waitpid" ] && kill -INT "$waitpid"
+}
+
+trap ctrlc INT
+trap ctrlc TERM
+
+
+if [ ! -e /etc/letsencrypt/live ]
+then
+  echo "[!!] Certbot directory is not initialized"
+  echo "[!!] Either it's the first run or you forgot to add a volume"
+  echo
+  echo "1. Login to shell"
+  echo "   > docker compose exec -it nginx ash"
+  echo "2. Either let certbot retrieve certs and automatically edit nginx config"
+  echo "   # certbot --nginx"
+  echo "   OR just get certs for hosts in your nginx config, edit manually later"
+  echo "   # certbot certonly --nginx"
+  echo "3. Restart:"
+  echo "   # exit"
+  echo "   > docker compose down && docker compose up -d"
+
+  while [ $stopflag = 0 ]
+  do
+    sleep 5m &
+    waitpid=$!
+    wait
+  done
+fi
+
+
+while [ $stopflag = 0 ]
+do
+  /venv/bin/certbot renew --post-hook "kill -HUP $ngpid" &
+  sleep 12h &
+  waitpid=$!
+  wait
+done