Fabio/nginx-proxy-auto-docker
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

add acme.sh to support auto ssl

Browse source
This commit is contained in:
neilpang 2017-06-03 16:31:21 +08:00
parent 2f401447c7
commit 76233f2032
4 changed files with 65 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
Dockerfile
View file

@ -6,9 +6,12 @@ RUN apt-get update \
&& apt-get install -y -q --no-install-recommends \
ca-certificates \
wget \
cron \
&& apt-get clean \
&& rm -r /var/lib/apt/lists/*
RUN AUTOUPGRADE=1 LE_WORKING_DIR=/acme.sh LE_CONFIG_HOME /acmecerts wget -O- https://get.acme.sh | sh
# Configure Nginx and apply fix for very long server names
RUN echo "daemon off;" >> /etc/nginx/nginx.conf \
&& sed -i 's/^http {/&\n server_names_hash_bucket_size 128;/g' /etc/nginx/nginx.conf
@ -30,5 +33,7 @@ ENV DOCKER_HOST unix:///tmp/docker.sock
VOLUME ["/etc/nginx/certs"]
VOLUME ["/acmecerts"]
ENTRYPOINT ["/app/docker-entrypoint.sh"]
CMD ["forego", "start", "-r"]

4
Procfile
View file

@ -1,2 +1,4 @@
dockergen: docker-gen -watch -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
dockergen: docker-gen -watch -notify "/app/updatessl.sh updatessl" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
nginx: nginx
cron: cron

7
nginx.tmpl
View file

@ -103,6 +103,11 @@ server {
{{ $host := index $sl 0 }}
{{ $is_regexp := hasPrefix "~" $host }}
{{ $upstream_name := when $is_regexp (sha1 $host) $host }}
{{ $enable_acme := eq (or ($.Env.ENABLE_ACME) "") "true" }}
{{ if $enable_acme }}
#{{ACMD_DOMAINS $host_list}}
{{ end }}
# {{ $host }}
upstream {{ $upstream_name }} {
{{ range $container := $containers }}
@ -159,6 +164,7 @@ upstream {{ $upstream_name }} {
server {
server_name {{ replace $host_list "," " " -1 }};
listen 80 {{ $default_server }};
#location ^~ /.well-known/acme-challenge/ {default_type "text/plain";root html;} location = /.well-known/acme-challenge/ {try_files $uri =404;} #acme
{{ if $enable_ipv6 }}
listen [::]:80 {{ $default_server }};
{{ end }}
@ -226,6 +232,7 @@ server {
server {
server_name {{ replace $host_list "," " " -1 }};
listen 80 {{ $default_server }};
#location ^~ /.well-known/acme-challenge/ {default_type "text/plain";root html;} location = /.well-known/acme-challenge/ {try_files $uri =404;} #acme
{{ if $enable_ipv6 }}
listen [::]:80 {{ $default_server }};
{{ end }}

50
updatessl.sh Normal file
View file

@ -0,0 +1,50 @@
#!/usr/bin/env sh
_SCRIPT_="$0"
ACME_BIN="/acme.sh/acme.sh --home /acme.sh --config-home /acmecerts"
DEFAULT_CONF="/etc/nginx/conf.d/default.conf"
NGINX_HOME="/etc/nginx"
CERTS="/etc/nginx/certs"
updatessl() {
for d_list in $(grep ACMD_DOMAINS $DEFAULT_CONF | cut -d ' ' -f 2);
do
d=$(echo "$d_list" | cut -d , -f 1)
$ACME_BIN --issue \
-d $d_list \
-w $NGINX_HOME/html \
--pre-hook "$_SCRIPT_ pre_hook $DEFAULT_CONF" \
--post-hook "$_SCRIPT_ post_hook $DEFAULT_CONF" \
--fullchain-file "$CERTS\$d.crt" \
--key-file "$CERTS\$d.crt" \
--reloadcmd "service nginx configtest && service force-reload"
done
#generate nginx conf again.
docker-gen /app/nginx.tmpl /etc/nginx/conf.d/default.conf
service nginx configtest && service force-reload
}
pre_hook() {
_d_conf="$1"
sed -i "s|#\(location.*#acme\)|\\1|" $_d_conf && service nginx configtest && service force-reload
}
post_hook() {
_d_conf="$1"
sed -i "s|\(location.*#acme\)|#\\1|" $_d_conf
}
"$@"