Add initial support for http redirect
This commit is contained in:
Nico Schottelius
parent
4faf770cb6
commit
a12878f681
4 changed files with 47 additions and 4 deletions
|
|
@ -1,6 +1,6 @@
|
|||
FROM nginx:1.21.3-alpine
|
||||
FROM nginx:1.21.4-alpine
|
||||
|
||||
RUN apk update && apk add certbot bind-tools
|
||||
|
||||
COPY entrypoint.sh /
|
||||
COPY entrypoint.sh nginx-http-redir.conf /
|
||||
CMD ["/entrypoint.sh"]
|
||||
|
|
|
|||
20
README.md
20
README.md
|
|
@ -23,6 +23,10 @@ services**.
|
|||
container not to change permissions
|
||||
* If you setup the variable NGINX to any value, the container will
|
||||
start nginx and reload after trying to renew the certificate
|
||||
* If you set the variable NGINX_HTTP_REDIRECT, the container will
|
||||
enable automatic redirect of http to https with the exception of the
|
||||
path /.well-known/acme-challenge/
|
||||
|
||||
|
||||
```
|
||||
docker run -e DOMAIN=example.com \
|
||||
|
|
@ -45,6 +49,22 @@ docker run -e DOMAIN=example.com \
|
|||
you will get a proper, real world usable nginx server. Inject the
|
||||
nginx configuration by meains of a volume to /etc/nginx/conf.d
|
||||
|
||||
### Nginx HTTP redirect support
|
||||
|
||||
Using
|
||||
|
||||
```
|
||||
docker run -e DOMAIN=example.com \
|
||||
-e EMAIL=root@example.com \
|
||||
-e NGINX=yes \
|
||||
-e NGINX_HTTP_REDIRECT=yes \
|
||||
-e STAGING=no \
|
||||
ungleich/ungleich-certbot
|
||||
```
|
||||
|
||||
the container will listen on port 80 and redirect the traffic to port
|
||||
443 (https).
|
||||
|
||||
### Exiting after getting the certificate
|
||||
|
||||
By default, the container will stay alive and try to renew the
|
||||
|
|
|
|||
|
|
@ -58,13 +58,20 @@ fi
|
|||
# Still there? Start nginx if requested
|
||||
|
||||
if [ "$NGINX" ]; then
|
||||
|
||||
if [ "$NGINX_HTTP_REDIRECT" ]; then
|
||||
cp /nginx-http-redir.conf /etc/nginx/conf.d
|
||||
fi
|
||||
nginx
|
||||
fi
|
||||
|
||||
# Try to renew once per day
|
||||
while true; do
|
||||
/usr/bin/certbot renew
|
||||
|
||||
if [ "$NGINX_HTTP_REDIRECT" ]; then
|
||||
/usr/bin/certbot renew --webroot --webroot-path /var/www/html
|
||||
else
|
||||
/usr/bin/certbot renew
|
||||
fi
|
||||
|
||||
# And again, correct permissions if not told otherwise
|
||||
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
|
||||
|
|
|
|||
16
nginx-http-redir.conf
Normal file
16
nginx-http-redir.conf
Normal file
|
|
@ -0,0 +1,16 @@
|
|||
server {
|
||||
listen *:80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name _;
|
||||
root /var/www/html/;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/html;
|
||||
}
|
||||
|
||||
# Everything else -> ssl
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue