fix acme
This commit is contained in:
neilpang
parent
efc1f9100a
commit
ecb0e29a2c
3 changed files with 12 additions and 22 deletions
|
|
@ -10,7 +10,10 @@ RUN apt-get update \
|
|||
&& apt-get clean \
|
||||
&& rm -r /var/lib/apt/lists/*
|
||||
|
||||
RUN AUTOUPGRADE=1 LE_WORKING_DIR=/acme.sh LE_CONFIG_HOME=/acmecerts wget -O- https://get.acme.sh | sh
|
||||
ENV AUTOUPGRADE=1
|
||||
ENV LE_WORKING_DIR=/acme.sh
|
||||
ENV LE_CONFIG_HOME=/acmecerts
|
||||
RUN wget -O- https://get.acme.sh | sh
|
||||
|
||||
# Configure Nginx and apply fix for very long server names
|
||||
RUN echo "daemon off;" >> /etc/nginx/nginx.conf \
|
||||
|
|
|
|||
13
nginx.tmpl
13
nginx.tmpl
|
|
@ -104,13 +104,16 @@ server {
|
|||
{{ $is_regexp := hasPrefix "~" $host }}
|
||||
{{ $upstream_name := when $is_regexp (sha1 $host) $host }}
|
||||
|
||||
{{ $enable_acme := eq (or ($.Env.ENABLE_ACME) "") "true" }}
|
||||
{{ if $enable_acme }}
|
||||
#ACME_DOMAINS{{$host_list}}
|
||||
{{ end }}
|
||||
|
||||
# {{ $host }}
|
||||
upstream {{ $upstream_name }} {
|
||||
{{ range $container := $containers }}
|
||||
|
||||
{{ $enable_acme := eq (or ($container.Env.ENABLE_ACME) "") "true" }}
|
||||
{{ if $enable_acme }}
|
||||
#ACME_DOMAINS{{$host_list}}
|
||||
{{ end }}
|
||||
|
||||
{{ $addrLen := len $container.Addresses }}
|
||||
|
||||
{{ range $knownNetwork := $CurrentContainer.Networks }}
|
||||
|
|
@ -164,7 +167,6 @@ upstream {{ $upstream_name }} {
|
|||
server {
|
||||
server_name {{ replace $host_list "," " " -1 }};
|
||||
listen 80 {{ $default_server }};
|
||||
#location ^~ /.well-known/acme-challenge/ {default_type "text/plain";root html;} location = /.well-known/acme-challenge/ {try_files $uri =404;} #acme
|
||||
{{ if $enable_ipv6 }}
|
||||
listen [::]:80 {{ $default_server }};
|
||||
{{ end }}
|
||||
|
|
@ -232,7 +234,6 @@ server {
|
|||
server {
|
||||
server_name {{ replace $host_list "," " " -1 }};
|
||||
listen 80 {{ $default_server }};
|
||||
#location ^~ /.well-known/acme-challenge/ {default_type "text/plain";root html;} location = /.well-known/acme-challenge/ {try_files $uri =404;} #acme
|
||||
{{ if $enable_ipv6 }}
|
||||
listen [::]:80 {{ $default_server }};
|
||||
{{ end }}
|
||||
|
|
|
|||
16
updatessl.sh
16
updatessl.sh
|
|
@ -6,7 +6,6 @@ ACME_BIN="/acme.sh/acme.sh --home /acme.sh --config-home /acmecerts"
|
|||
|
||||
DEFAULT_CONF="/etc/nginx/conf.d/default.conf"
|
||||
|
||||
NGINX_HOME="/etc/nginx"
|
||||
|
||||
CERTS="/etc/nginx/certs"
|
||||
|
||||
|
|
@ -19,9 +18,7 @@ updatessl() {
|
|||
d=$(echo "$d_list" | cut -d , -f 1)
|
||||
$ACME_BIN --issue \
|
||||
-d $d_list \
|
||||
-w $NGINX_HOME/html \
|
||||
--pre-hook "$_SCRIPT_ pre_hook $DEFAULT_CONF" \
|
||||
--post-hook "$_SCRIPT_ post_hook $DEFAULT_CONF" \
|
||||
--nginx \
|
||||
--fullchain-file "$CERTS\$d.crt" \
|
||||
--key-file "$CERTS\$d.crt" \
|
||||
--reloadcmd "service nginx configtest && service force-reload"
|
||||
|
|
@ -37,17 +34,6 @@ updatessl() {
|
|||
|
||||
|
||||
|
||||
pre_hook() {
|
||||
_d_conf="$1"
|
||||
sed -i "s|#\(location.*#acme\)|\\1|" $_d_conf && service nginx configtest && service force-reload
|
||||
}
|
||||
|
||||
post_hook() {
|
||||
_d_conf="$1"
|
||||
sed -i "s|\(location.*#acme\)|#\\1|" $_d_conf
|
||||
}
|
||||
|
||||
|
||||
"$@"
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue