🎉 Awesome Nginx Certbot Compose! with some improvements

luke10x · luke10x · commit dd75521bf606 · 2023-03-20T22:13:05.000-04:00
- domain names are figured out from /etc/nginx/conf.d/*.conf filenames;
- top-level directories in repo represent Compose services (for
  autocomplete);
- static websites will be contained in a mounted directory
  /var/www/websites.
diff --git a/.gitignore b/.gitignore
@@ -1 +1 @@
-/data/certbot
+certbot/
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,7 @@
 MIT License
 
 Copyright (c) 2018 Philipp Schmieder
+Copyright (c) 2023 Luke 10X
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/data/nginx/app.conf b/data/nginx/app.conf
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -5,9 +5,10 @@ services:
     image: nginx:1.15-alpine
     restart: unless-stopped
     volumes:
-      - ./data/nginx:/etc/nginx/conf.d
-      - ./data/certbot/conf:/etc/letsencrypt
-      - ./data/certbot/www:/var/www/certbot
+      - ./nginx/conf.d:/etc/nginx/conf.d:ro
+      - ./nginx/www:/var/www/sites:ro
+      - ./certbot/letsencrypt:/etc/letsencrypt:ro
+      - ./certbot/www:/var/www/certbot:ro
     ports:
       - "80:80"
       - "443:443"
@@ -16,6 +17,6 @@ services:
     image: certbot/certbot
     restart: unless-stopped
     volumes:
-      - ./data/certbot/conf:/etc/letsencrypt
-      - ./data/certbot/www:/var/www/certbot
+      - ./certbot/letsencrypt:/etc/letsencrypt:rw
+      - ./certbot/www:/var/www/certbot:rw
     entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
diff --git a/init-letsencrypt.sh b/init-letsencrypt.sh
@@ -5,9 +5,18 @@ if ! [ -x "$(command -v docker-compose)" ]; then
   exit 1
 fi
 
-domains=(example.org www.example.org)
+function lsconf() {
+  for file in ./nginx/conf.d/*.conf; do
+      filename=$(basename "$file")
+      echo "${filename%.*}"
+  done
+}
+
+configs=$(lsconf | xargs)
+domains=($configs)
+
 rsa_key_size=4096
-data_path="./data/certbot"
+data_path="./certbot/letsencrypt"
 email="" # Adding a valid address is strongly recommended
 staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
 
@@ -19,17 +28,17 @@ if [ -d "$data_path" ]; then
 fi
 
 
-if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
+if [ ! -e "$data_path/options-ssl-nginx.conf" ] || [ ! -e "$data_path/ssl-dhparams.pem" ]; then
   echo "### Downloading recommended TLS parameters ..."
-  mkdir -p "$data_path/conf"
-  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
-  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
+  mkdir -p "$data_path"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/options-ssl-nginx.conf"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/ssl-dhparams.pem"
   echo
 fi
 
 echo "### Creating dummy certificate for $domains ..."
 path="/etc/letsencrypt/live/$domains"
-mkdir -p "$data_path/conf/live/$domains"
+mkdir -p "$data_path/live/$domains"
 docker-compose run --rm --entrypoint "\
   openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\
     -keyout '$path/privkey.pem' \
diff --git a/nginx/conf.d/.gitignore b/nginx/conf.d/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
diff --git a/nginx/www/.gitignore b/nginx/www/.gitignore
@@ -0,0 +1,2 @@
+*
+!.gitignore
