librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

example - fix certbot wildcard

This commit is contained in:
florian 2021-04-26 21:34:18 +02:00
parent 25494acace
commit a3cfb50b4d
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
2 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
examples/certbot-wildcard/certbot-wildcard.sh Normal file → Executable file
View File

@ -3,17 +3,24 @@
# you need to run it before starting bunkerized-nginx
# since it's manual there is no auto renew, you need to run it again before it expires
DOMAIN="*.website.com"
SERVICE="mywww"
# ask for wildcard certificate
# it's interactive and you will need to add a DNS entry
docker run --rm -it -v "${PWD}/letsencrypt:/etc/letsencrypt" certbot/certbot certonly --manual -d *.website.com --agree-tos --no-bootstrap
docker run --rm -it -v "${PWD}/letsencrypt:/etc/letsencrypt" certbot/certbot certonly --manual -d $DOMAIN --agree-tos
if [ $? -ne 0 ] ; then
echo "error while getting certificate for $DOMAIN"
exit 1
fi
# fix permissions
chown -R 101:101 "${PWD}/letsencrypt/live"
chown -R 101:101 "${PWD}/letsencrypt"
# reload nginx if it's already running (in case of a "renew")
if [ -z `docker-compose ps -q mywww` ] || [ -z `docker ps -q --no-trunc | grep $(docker-compose ps -q mywww)` ]; then
if [ -z `docker-compose ps -q $SERVICE` ] || [ -z `docker ps -q --no-trunc | grep $(docker-compose ps -q $SERVICE)` ]; then
echo "bunkerized-nginx is not running, skipping nginx reload"
else
echo "bunkerized-nginx is running, sending reload order"
docker-compose exec mywww nginx -s reload
docker-compose exec $SERVICE nginx -s reload
fi

6
examples/certbot-wildcard/docker-compose.yml
View File

@ -10,13 +10,13 @@ services:
- 443:8443
volumes:
- ./web-files:/www:ro
- ./letsencrypt/live/website.com:/certs:ro
- ./letsencrypt:/letsencrypt:ro
environment:
- SERVER_NAME=app1.website.com app2.website.com # replace with your domains
- MULTISITE=yes
- USE_CUSTOM_HTTPS=yes
- CUSTOM_HTTPS_CERT=/certs/fullchain.pem
- CUSTOM_HTTPS_KEY=/certs/privkey.pem
- CUSTOM_HTTPS_CERT=/letsencrypt/live/website.com/fullchain.pem
- CUSTOM_HTTPS_KEY=/letsencrypt/live/website.com/privkey.pem
- REDIRECT_HTTP_TO_HTTPS=yes
- DISABLE_DEFAULT_SERVER=yes
- USE_CLIENT_CACHE=yes