This commit is contained in:
Mikaël Capelle 2020-11-29 11:33:31 +00:00
parent dc5621cb53
commit 1a4b870530
5 changed files with 35 additions and 23 deletions

12
certbot Executable file
View File

@ -0,0 +1,12 @@
#!/bin/bash
docker exec nginx_proxy mkdir -p /var/www/certbot
docker run -it --rm --name letsencrypt \
--volumes-from nginx_proxy -v /etc/letsencrypt:/etc/letsencrypt:rw \
--network nginxproxy \
certbot/certbot \
--webroot --webroot-path /var/www/certbot --config-dir=/etc/letsencrypt \
$*
# renew --cert-name typename.fr --dry-run

View File

@ -1,4 +1,5 @@
version: '2' version: "2"
services: services:
nginx: nginx:
restart: always restart: always
@ -12,6 +13,7 @@ services:
- /etc/nginx/conf.d - /etc/nginx/conf.d
- /etc/letsencrypt:/etc/letsencrypt:ro - /etc/letsencrypt:/etc/letsencrypt:ro
- /var/docker/proxy/vhost.d:/etc/nginx/vhost.d:ro - /var/docker/proxy/vhost.d:/etc/nginx/vhost.d:ro
dockergen: dockergen:
restart: always restart: always
depends_on: depends_on:

View File

@ -50,3 +50,8 @@ zik-insat.fr
q.zik-insat.fr q.zik-insat.fr
m.zik-insat.fr m.zik-insat.fr
n.zik-insat.fr n.zik-insat.fr
# Saxtoys
saxtoys.fr
www.saxtoys.fr
q.saxtoys.fr

View File

@ -75,7 +75,7 @@ server {
server_name _; # This is just an invalid value which will never trigger on a real hostname. server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80; listen 80;
access_log /var/log/nginx/access.log vhost; access_log /var/log/nginx/access.log vhost;
location /.well-known/ { location /.well-known/acme-challenge {
root /var/www/certbot; root /var/www/certbot;
} }
@ -94,7 +94,7 @@ server {
# ssl_certificate /etc/nginx/certs/default.crt; # ssl_certificate /etc/nginx/certs/default.crt;
# ssl_certificate_key /etc/nginx/certs/default.key; # ssl_certificate_key /etc/nginx/certs/default.key;
location /.well-known/ { location /.well-known/acme-challenge {
root /var/www/certbot; root /var/www/certbot;
} }
@ -157,6 +157,8 @@ upstream {{ $upstream_name }} {
{{ $is_https := (and (ne $https_method "nohttps") (ne $vhostCertDir "") (exists (printf "/etc/letsencrypt/live/%s/fullchain.pem" $host)) (exists (printf "/etc/letsencrypt/live/%s/privkey.pem" $host))) }} {{ $is_https := (and (ne $https_method "nohttps") (ne $vhostCertDir "") (exists (printf "/etc/letsencrypt/live/%s/fullchain.pem" $host)) (exists (printf "/etc/letsencrypt/live/%s/privkey.pem" $host))) }}
{{ $is_https := true }}
{{ if $is_https }} {{ if $is_https }}
{{ if eq $https_method "redirect" }} {{ if eq $https_method "redirect" }}
@ -181,8 +183,11 @@ server {
ssl_session_cache shared:SSL:50m; ssl_session_cache shared:SSL:50m;
ssl_session_tickets off; ssl_session_tickets off;
ssl_certificate /etc/letsencrypt/live/{{ (printf "%s" $host) }}/fullchain.pem; {{/* ssl_certificate /etc/letsencrypt/live/{{ (printf "%s" $host) }}/fullchain.pem; */}}
ssl_certificate_key /etc/letsencrypt/live/{{ (printf "%s" $host) }}/privkey.pem; {{/* ssl_certificate_key /etc/letsencrypt/live/{{ (printf "%s" $host) }}/privkey.pem; */}}
ssl_certificate /etc/letsencrypt/live/typename.fr/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/typename.fr/privkey.pem;
{{ if (exists (printf "/etc/letsencrypt/live/%s.dhparam.pem" $host)) }} {{ if (exists (printf "/etc/letsencrypt/live/%s.dhparam.pem" $host)) }}
ssl_dhparam {{ printf "/etc/letsencrypt/live/%s.dhparam.pem" $host }}; ssl_dhparam {{ printf "/etc/letsencrypt/live/%s.dhparam.pem" $host }};
@ -198,7 +203,7 @@ server {
include /etc/nginx/vhost.d/default; include /etc/nginx/vhost.d/default;
{{ end }} {{ end }}
location /.well-known/ { location /.well-known/acme-challenge {
root /var/www/certbot; root /var/www/certbot;
} }
@ -236,7 +241,7 @@ server {
include /etc/nginx/vhost.d/default; include /etc/nginx/vhost.d/default;
{{ end }} {{ end }}
location /.well-known/ { location /.well-known/acme-challenge {
root /var/www/certbot; root /var/www/certbot;
} }

View File

@ -1,9 +1,9 @@
#!/bin/bash #!/bin/bash
if [ $(id -u) -ne 0 ]; then # if [ $(id -u) -ne 0 ]; then
echo "This script must be run as root." > /dev/stderr # echo "This script must be run as root." > /dev/stderr
exit 1 # exit 1
fi # fi
domains=$(cat domains.list | grep -v -E '^[[:space:]]*(#.*)?$') domains=$(cat domains.list | grep -v -E '^[[:space:]]*(#.*)?$')
@ -16,16 +16,4 @@ $(dirname $0)/certbot \
--cert-name typename.fr \ --cert-name typename.fr \
-d $(echo typename.fr ${domains[*]} | tr ' ' ',') -d $(echo typename.fr ${domains[*]} | tr ' ' ',')
for domain in ${domains[*]}; do
echo "Creating symbolic links for ${domain}... "
dir=/etc/letsencrypt/live/${domain}
if [ -e "${dir}" ]; then
rm -rf ${dir}
fi
mkdir ${dir}
for link in /etc/letsencrypt/live/typename.fr/*.pem; do
ln -s $(readlink $link) ${dir}/$(basename $link)
done
done
docker-compose restart docker-compose restart