commit 5572eace36112a739e5b19a210fd87b938a2bb14
Author: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Sat Dec 14 23:06:39 2019 +0100
Initial commit - turn the light on
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..5b03efb
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,8 @@
+FROM alpine
+LABEL maintainer = "docker@ungleich.ch"
+
+RUN apk add --no-cache nginx certbot sipcalc
+RUN mkdir /run/nginx
+COPY entrypoint.sh /
+
+CMD [ "/entrypoint.sh" ]
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..d3c677d
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+addr=$(ip -o a | grep inet6 | grep -vE ' lo |fe80' | awk '{ print $4 }')
+expanded_addr=$(sipcalc $addr | awk '/^Expanded/ { print $4}')
+dnsname=$(echo $expanded_addr | sed 's/:/-/g').has-a.name
+
+echo Getting certificate for $dnsname
+
+wwwroot=/var/www/${dnsname}
+
+mkdir -p "${wwwroot}"
+
+cat > "/etc/nginx/conf.d/${dnsname}.conf" <<EOF
+# required, otherwise nginx complains with > 1 vhost
+server_names_hash_bucket_size 128;
+
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name ${dnsname};
+
+ location /.well-known/acme-challenge/ {
+ root ${wwwroot};
+ }
+
+ # Everything else -> ssl
+ location / {
+ return 301 https://$host$request_uri;
+ }
+
+
+}
+EOF
+
+mkdir -p /run/nginx
+nginx
+
+certbot certonly --agree-tos \
+ --register-unsafely-without-email \
+ --non-interactive \
+ --webroot --webroot-path "${wwwroot}" \
+ -d "${dnsname}"
+
+cat > "/etc/nginx/conf.d/${dnsname}_ssl.conf" <<EOF
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+
+ ssl_certificate /etc/letsencrypt/live/${dnsname}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/${dnsname}/privkey.pem;
+
+ server_name ${dnsname};
+
+ root ${wwwroot};
+}
+EOF
+
+echo Welcome to ${dnsname} running with IPv6+LetsEncrypt > ${wwwroot}/index.html
+
+# restart and run now with cert
+pkill nginx
+
+# wait until old process is gone
+sleep 2
+
+nginx -g "daemon off;"