From 1a4b87053023b47d54a1082f3aa8e17475159417 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mika=C3=ABl=20Capelle?= Date: Sun, 29 Nov 2020 11:33:31 +0000 Subject: [PATCH] Update. --- certbot | 12 ++++++++++++ docker-compose.yml | 4 +++- domains.list | 5 +++++ nginx.tmpl | 17 +++++++++++------ update_certs.sh | 20 ++++---------------- 5 files changed, 35 insertions(+), 23 deletions(-) create mode 100755 certbot diff --git a/certbot b/certbot new file mode 100755 index 0000000..50d0f80 --- /dev/null +++ b/certbot @@ -0,0 +1,12 @@ +#!/bin/bash + +docker exec nginx_proxy mkdir -p /var/www/certbot + +docker run -it --rm --name letsencrypt \ + --volumes-from nginx_proxy -v /etc/letsencrypt:/etc/letsencrypt:rw \ + --network nginxproxy \ + certbot/certbot \ + --webroot --webroot-path /var/www/certbot --config-dir=/etc/letsencrypt \ + $* + +# renew --cert-name typename.fr --dry-run diff --git a/docker-compose.yml b/docker-compose.yml index 92da4fe..1a5f7cc 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,5 @@ -version: '2' +version: "2" + services: nginx: restart: always @@ -12,6 +13,7 @@ services: - /etc/nginx/conf.d - /etc/letsencrypt:/etc/letsencrypt:ro - /var/docker/proxy/vhost.d:/etc/nginx/vhost.d:ro + dockergen: restart: always depends_on: diff --git a/domains.list b/domains.list index d5e3ea1..1aea5c6 100644 --- a/domains.list +++ b/domains.list @@ -50,3 +50,8 @@ zik-insat.fr q.zik-insat.fr m.zik-insat.fr n.zik-insat.fr + +# Saxtoys +saxtoys.fr +www.saxtoys.fr +q.saxtoys.fr diff --git a/nginx.tmpl b/nginx.tmpl index 0061fee..406add0 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -75,7 +75,7 @@ server { server_name _; # This is just an invalid value which will never trigger on a real hostname. listen 80; access_log /var/log/nginx/access.log vhost; - location /.well-known/ { + location /.well-known/acme-challenge { root /var/www/certbot; } @@ -94,7 +94,7 @@ server { # ssl_certificate /etc/nginx/certs/default.crt; # ssl_certificate_key /etc/nginx/certs/default.key; - location /.well-known/ { + location /.well-known/acme-challenge { root /var/www/certbot; } @@ -157,6 +157,8 @@ upstream {{ $upstream_name }} { {{ $is_https := (and (ne $https_method "nohttps") (ne $vhostCertDir "") (exists (printf "/etc/letsencrypt/live/%s/fullchain.pem" $host)) (exists (printf "/etc/letsencrypt/live/%s/privkey.pem" $host))) }} +{{ $is_https := true }} + {{ if $is_https }} {{ if eq $https_method "redirect" }} @@ -181,8 +183,11 @@ server { ssl_session_cache shared:SSL:50m; ssl_session_tickets off; - ssl_certificate /etc/letsencrypt/live/{{ (printf "%s" $host) }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ (printf "%s" $host) }}/privkey.pem; + {{/* ssl_certificate /etc/letsencrypt/live/{{ (printf "%s" $host) }}/fullchain.pem; */}} + {{/* ssl_certificate_key /etc/letsencrypt/live/{{ (printf "%s" $host) }}/privkey.pem; */}} + + ssl_certificate /etc/letsencrypt/live/typename.fr/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/typename.fr/privkey.pem; {{ if (exists (printf "/etc/letsencrypt/live/%s.dhparam.pem" $host)) }} ssl_dhparam {{ printf "/etc/letsencrypt/live/%s.dhparam.pem" $host }}; @@ -198,7 +203,7 @@ server { include /etc/nginx/vhost.d/default; {{ end }} - location /.well-known/ { + location /.well-known/acme-challenge { root /var/www/certbot; } @@ -236,7 +241,7 @@ server { include /etc/nginx/vhost.d/default; {{ end }} - location /.well-known/ { + location /.well-known/acme-challenge { root /var/www/certbot; } diff --git a/update_certs.sh b/update_certs.sh index 71c67f8..2554411 100755 --- a/update_certs.sh +++ b/update_certs.sh @@ -1,9 +1,9 @@ #!/bin/bash -if [ $(id -u) -ne 0 ]; then - echo "This script must be run as root." > /dev/stderr - exit 1 -fi +# if [ $(id -u) -ne 0 ]; then +# echo "This script must be run as root." > /dev/stderr +# exit 1 +# fi domains=$(cat domains.list | grep -v -E '^[[:space:]]*(#.*)?$') @@ -16,16 +16,4 @@ $(dirname $0)/certbot \ --cert-name typename.fr \ -d $(echo typename.fr ${domains[*]} | tr ' ' ',') -for domain in ${domains[*]}; do - echo "Creating symbolic links for ${domain}... " - dir=/etc/letsencrypt/live/${domain} - if [ -e "${dir}" ]; then - rm -rf ${dir} - fi - mkdir ${dir} - for link in /etc/letsencrypt/live/typename.fr/*.pem; do - ln -s $(readlink $link) ${dir}/$(basename $link) - done -done - docker-compose restart