Add initial support for http redirect

This commit is contained in:
Nico Schottelius 2021-12-04 23:46:57 +01:00
parent 4faf770cb6
commit a12878f681
4 changed files with 47 additions and 4 deletions

View file

@ -1,6 +1,6 @@
FROM nginx:1.21.3-alpine FROM nginx:1.21.4-alpine
RUN apk update && apk add certbot bind-tools RUN apk update && apk add certbot bind-tools
COPY entrypoint.sh / COPY entrypoint.sh nginx-http-redir.conf /
CMD ["/entrypoint.sh"] CMD ["/entrypoint.sh"]

View file

@ -23,6 +23,10 @@ services**.
container not to change permissions container not to change permissions
* If you setup the variable NGINX to any value, the container will * If you setup the variable NGINX to any value, the container will
start nginx and reload after trying to renew the certificate start nginx and reload after trying to renew the certificate
* If you set the variable NGINX_HTTP_REDIRECT, the container will
enable automatic redirect of http to https with the exception of the
path /.well-known/acme-challenge/
``` ```
docker run -e DOMAIN=example.com \ docker run -e DOMAIN=example.com \
@ -45,6 +49,22 @@ docker run -e DOMAIN=example.com \
you will get a proper, real world usable nginx server. Inject the you will get a proper, real world usable nginx server. Inject the
nginx configuration by meains of a volume to /etc/nginx/conf.d nginx configuration by meains of a volume to /etc/nginx/conf.d
### Nginx HTTP redirect support
Using
```
docker run -e DOMAIN=example.com \
-e EMAIL=root@example.com \
-e NGINX=yes \
-e NGINX_HTTP_REDIRECT=yes \
-e STAGING=no \
ungleich/ungleich-certbot
```
the container will listen on port 80 and redirect the traffic to port
443 (https).
### Exiting after getting the certificate ### Exiting after getting the certificate
By default, the container will stay alive and try to renew the By default, the container will stay alive and try to renew the

View file

@ -58,13 +58,20 @@ fi
# Still there? Start nginx if requested # Still there? Start nginx if requested
if [ "$NGINX" ]; then if [ "$NGINX" ]; then
if [ "$NGINX_HTTP_REDIRECT" ]; then
cp /nginx-http-redir.conf /etc/nginx/conf.d
fi
nginx nginx
fi fi
# Try to renew once per day # Try to renew once per day
while true; do while true; do
/usr/bin/certbot renew if [ "$NGINX_HTTP_REDIRECT" ]; then
/usr/bin/certbot renew --webroot --webroot-path /var/www/html
else
/usr/bin/certbot renew
fi
# And again, correct permissions if not told otherwise # And again, correct permissions if not told otherwise
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then

16
nginx-http-redir.conf Normal file
View file

@ -0,0 +1,16 @@
server {
listen *:80;
listen [::]:80;
server_name _;
root /var/www/html/;
location /.well-known/acme-challenge/ {
root /var/www/html;
}
# Everything else -> ssl
location / {
return 301 https://$host$request_uri;
}
}