Initial commit - turn the light on

This commit is contained in:
Nico Schottelius 2019-12-14 23:06:39 +01:00
commit 5572eace36
2 changed files with 75 additions and 0 deletions

8
Dockerfile Normal file
View file

@ -0,0 +1,8 @@
FROM alpine
LABEL maintainer = "docker@ungleich.ch"
RUN apk add --no-cache nginx certbot sipcalc
RUN mkdir /run/nginx
COPY entrypoint.sh /
CMD [ "/entrypoint.sh" ]

67
entrypoint.sh Executable file
View file

@ -0,0 +1,67 @@
#!/bin/sh
addr=$(ip -o a | grep inet6 | grep -vE ' lo |fe80' | awk '{ print $4 }')
expanded_addr=$(sipcalc $addr | awk '/^Expanded/ { print $4}')
dnsname=$(echo $expanded_addr | sed 's/:/-/g').has-a.name
echo Getting certificate for $dnsname
wwwroot=/var/www/${dnsname}
mkdir -p "${wwwroot}"
cat > "/etc/nginx/conf.d/${dnsname}.conf" <<EOF
# required, otherwise nginx complains with > 1 vhost
server_names_hash_bucket_size 128;
server {
listen 80;
listen [::]:80;
server_name ${dnsname};
location /.well-known/acme-challenge/ {
root ${wwwroot};
}
# Everything else -> ssl
location / {
return 301 https://$host$request_uri;
}
}
EOF
mkdir -p /run/nginx
nginx
certbot certonly --agree-tos \
--register-unsafely-without-email \
--non-interactive \
--webroot --webroot-path "${wwwroot}" \
-d "${dnsname}"
cat > "/etc/nginx/conf.d/${dnsname}_ssl.conf" <<EOF
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/${dnsname}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${dnsname}/privkey.pem;
server_name ${dnsname};
root ${wwwroot};
}
EOF
echo Welcome to ${dnsname} running with IPv6+LetsEncrypt > ${wwwroot}/index.html
# restart and run now with cert
pkill nginx
# wait until old process is gone
sleep 2
nginx -g "daemon off;"