Browse Source

Add initial support for http redirect

master
Nico Schottelius 6 months ago
parent
commit
a12878f681
  1. 4
      Dockerfile
  2. 20
      README.md
  3. 11
      entrypoint.sh
  4. 16
      nginx-http-redir.conf

4
Dockerfile

@ -1,6 +1,6 @@
FROM nginx:1.21.3-alpine
FROM nginx:1.21.4-alpine
RUN apk update && apk add certbot bind-tools
COPY entrypoint.sh /
COPY entrypoint.sh nginx-http-redir.conf /
CMD ["/entrypoint.sh"]

20
README.md

@ -23,6 +23,10 @@ services**.
container not to change permissions
* If you setup the variable NGINX to any value, the container will
start nginx and reload after trying to renew the certificate
* If you set the variable NGINX_HTTP_REDIRECT, the container will
enable automatic redirect of http to https with the exception of the
path /.well-known/acme-challenge/
```
docker run -e DOMAIN=example.com \
@ -45,6 +49,22 @@ docker run -e DOMAIN=example.com \
you will get a proper, real world usable nginx server. Inject the
nginx configuration by meains of a volume to /etc/nginx/conf.d
### Nginx HTTP redirect support
Using
```
docker run -e DOMAIN=example.com \
-e EMAIL=root@example.com \
-e NGINX=yes \
-e NGINX_HTTP_REDIRECT=yes \
-e STAGING=no \
ungleich/ungleich-certbot
```
the container will listen on port 80 and redirect the traffic to port
443 (https).
### Exiting after getting the certificate
By default, the container will stay alive and try to renew the

11
entrypoint.sh

@ -58,13 +58,20 @@ fi
# Still there? Start nginx if requested
if [ "$NGINX" ]; then
if [ "$NGINX_HTTP_REDIRECT" ]; then
cp /nginx-http-redir.conf /etc/nginx/conf.d
fi
nginx
fi
# Try to renew once per day
while true; do
/usr/bin/certbot renew
if [ "$NGINX_HTTP_REDIRECT" ]; then
/usr/bin/certbot renew --webroot --webroot-path /var/www/html
else
/usr/bin/certbot renew
fi
# And again, correct permissions if not told otherwise
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then

16
nginx-http-redir.conf

@ -0,0 +1,16 @@
server {
listen *:80;
listen [::]:80;
server_name _;
root /var/www/html/;
location /.well-known/acme-challenge/ {
root /var/www/html;
}
# Everything else -> ssl
location / {
return 301 https://$host$request_uri;
}
}
Loading…
Cancel
Save