Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Add letsencrypt service and configuration to access .well-known directory

Browse source
This commit is contained in:
David Parrish 2015-11-18 15:42:21 -05:00
parent bc56da5224
commit 752687a6a6
4 changed files with 60 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
Dockerfile
View file

@ -10,10 +10,14 @@ RUN apt-get update \
&& apt-get clean \ && apt-get clean \
&& rm -r /var/lib/apt/lists/* && rm -r /var/lib/apt/lists/*
# Get Let's Encrypt client # Get Let's Encrypt client source
RUN git -C /opt clone https://github.com/letsencrypt/letsencrypt RUN git -C /opt clone https://github.com/letsencrypt/letsencrypt
#RUN cd /opt/letsencrypt && ./letsencrypt-auto # Install letsencrypt
COPY letsencrypt.ini /etc/letsencrypt/cli.ini RUN cd /opt/letsencrypt && ./letsencrypt-auto --help
# Testing directory
RUN mkdir -p /usr/share/nginx/html/.well-known \
&& touch /usr/share/nginx/html/.well-known/testing
# Configure Nginx and apply fix for very long server names # Configure Nginx and apply fix for very long server names
RUN echo "daemon off;" >> /etc/nginx/nginx.conf \ RUN echo "daemon off;" >> /etc/nginx/nginx.conf \
@ -35,6 +39,7 @@ WORKDIR /app/
ENV DOCKER_HOST unix:///tmp/docker.sock ENV DOCKER_HOST unix:///tmp/docker.sock
VOLUME ["/etc/nginx/certs"] VOLUME ["/etc/nginx/certs"]
VOLUME ["/etc/letsencrypt"]
ENTRYPOINT ["/app/docker-entrypoint.sh"] ENTRYPOINT ["/app/docker-entrypoint.sh"]
CMD ["forego", "start", "-r"] CMD ["forego", "start", "-r"]

1
Procfile
View file

@ -1,2 +1,3 @@
nginx: nginx nginx: nginx
dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
letsencrypt: /app/letsencrypt_service

31
letsencrypt_service Executable file
View file

@ -0,0 +1,31 @@
#!/bin/bash
echo 'Waiting'
sleep 10
# Wait some amount of time
seconds_to_wait=100;
while true; do
# for each configuration file,
for f in "/etc/letsencrypt/*.ini"; do
[[ -f "$f" ]] || continue
echo "letsencrypt ${f%.ini}"
domain="${f%.ini}"
# Wait until the threshold is reached for renewing certificate
# cat /etc/nginx/certs/ftl3.local.crt | openssl x509 -noout -dates
# Or if the certificate doesn't exist
/opt/letsencrypt/letsencrypt-auto certonly --authenticator webroot \
--webroot-path /usr/share/nginx/html -d $domain
done
date
sleep $seconds_to_wait
done
# Date difference in days
datediff() {
d1=$(date -d "$1" +%s)
d2=$(date -d "$2" +%s)
echo $(( (d1 - d2) / 86400 ))
}

20
nginx.tmpl
View file

@ -143,7 +143,17 @@ server {
include /etc/nginx/vhost.d/default; include /etc/nginx/vhost.d/default;
{{ end }} {{ end }}
location /.well-known/ {
root /usr/share/nginx/html;
try_files $uri @proxy_pass;
}
# Redirect hack. See: http://stackoverflow.com/a/20694873/350221
location / { location / {
error_page 418 = @proxy_pass; return 418;
}
location @proxy_pass {
proxy_pass {{ trim $proto }}://{{ trim $host }}; proxy_pass {{ trim $proto }}://{{ trim $host }};
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }} {{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
auth_basic "Restricted {{ $host }}"; auth_basic "Restricted {{ $host }}";
@ -169,7 +179,17 @@ server {
include /etc/nginx/vhost.d/default; include /etc/nginx/vhost.d/default;
{{ end }} {{ end }}
location /.well-known/ {
root /usr/share/nginx/html;
try_files $uri @proxy_pass;
}
# Redirect hack. See: http://stackoverflow.com/a/20694873/350221
location / { location / {
error_page 418 = @proxy_pass; return 418;
}
location @proxy_pass {
proxy_pass {{ trim $proto }}://{{ trim $host }}; proxy_pass {{ trim $proto }}://{{ trim $host }};
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }} {{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
auth_basic "Restricted {{ $host }}"; auth_basic "Restricted {{ $host }}";