ungleich-public
/
ungleich-certbot
6
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add initial support for http redirect

This commit is contained in:
Nico Schottelius 2021-12-04 23:46:57 +01:00
parent 4faf770cb6
commit a12878f681
4 changed files with 47 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile
View File

@ -1,6 +1,6 @@
FROM nginx:1.21.3-alpine
FROM nginx:1.21.4-alpine
RUN apk update && apk add certbot bind-tools
COPY entrypoint.sh /
COPY entrypoint.sh nginx-http-redir.conf /
CMD ["/entrypoint.sh"]

20
README.md
View File

@ -23,6 +23,10 @@ services**.
container not to change permissions
* If you setup the variable NGINX to any value, the container will
start nginx and reload after trying to renew the certificate
* If you set the variable NGINX_HTTP_REDIRECT, the container will
enable automatic redirect of http to https with the exception of the
path /.well-known/acme-challenge/
```
docker run -e DOMAIN=example.com \
@ -45,6 +49,22 @@ docker run -e DOMAIN=example.com \
you will get a proper, real world usable nginx server. Inject the
nginx configuration by meains of a volume to /etc/nginx/conf.d
### Nginx HTTP redirect support
Using
```
docker run -e DOMAIN=example.com \
-e EMAIL=root@example.com \
-e NGINX=yes \
-e NGINX_HTTP_REDIRECT=yes \
-e STAGING=no \
ungleich/ungleich-certbot
```
the container will listen on port 80 and redirect the traffic to port
443 (https).
### Exiting after getting the certificate
By default, the container will stay alive and try to renew the

11
entrypoint.sh
View File

@ -58,13 +58,20 @@ fi
# Still there? Start nginx if requested
if [ "$NGINX" ]; then
if [ "$NGINX_HTTP_REDIRECT" ]; then
cp /nginx-http-redir.conf /etc/nginx/conf.d
fi
nginx
fi
# Try to renew once per day
while true; do
/usr/bin/certbot renew
if [ "$NGINX_HTTP_REDIRECT" ]; then
/usr/bin/certbot renew --webroot --webroot-path /var/www/html
else
/usr/bin/certbot renew
fi
# And again, correct permissions if not told otherwise
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then

16
nginx-http-redir.conf Normal file
View File

@ -0,0 +1,16 @@
server {
listen *:80;
listen [::]:80;
server_name _;
root /var/www/html/;
location /.well-known/acme-challenge/ {
root /var/www/html;
}
# Everything else -> ssl
location / {
return 301 https://$host$request_uri;
}
}