commit 5572eace36112a739e5b19a210fd87b938a2bb14 Author: Nico Schottelius Date: Sat Dec 14 23:06:39 2019 +0100 Initial commit - turn the light on diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..5b03efb --- /dev/null +++ b/Dockerfile @@ -0,0 +1,8 @@ +FROM alpine +LABEL maintainer = "docker@ungleich.ch" + +RUN apk add --no-cache nginx certbot sipcalc +RUN mkdir /run/nginx +COPY entrypoint.sh / + +CMD [ "/entrypoint.sh" ] diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..d3c677d --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,67 @@ +#!/bin/sh + +addr=$(ip -o a | grep inet6 | grep -vE ' lo |fe80' | awk '{ print $4 }') +expanded_addr=$(sipcalc $addr | awk '/^Expanded/ { print $4}') +dnsname=$(echo $expanded_addr | sed 's/:/-/g').has-a.name + +echo Getting certificate for $dnsname + +wwwroot=/var/www/${dnsname} + +mkdir -p "${wwwroot}" + +cat > "/etc/nginx/conf.d/${dnsname}.conf" < 1 vhost +server_names_hash_bucket_size 128; + +server { + listen 80; + listen [::]:80; + + server_name ${dnsname}; + + location /.well-known/acme-challenge/ { + root ${wwwroot}; + } + + # Everything else -> ssl + location / { + return 301 https://$host$request_uri; + } + + +} +EOF + +mkdir -p /run/nginx +nginx + +certbot certonly --agree-tos \ + --register-unsafely-without-email \ + --non-interactive \ + --webroot --webroot-path "${wwwroot}" \ + -d "${dnsname}" + +cat > "/etc/nginx/conf.d/${dnsname}_ssl.conf" < ${wwwroot}/index.html + +# restart and run now with cert +pkill nginx + +# wait until old process is gone +sleep 2 + +nginx -g "daemon off;"