SchultesDev/nginx-php-fpm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding experimental letsencrypt support

Browse Source
This commit is contained in:
Ric Harvey
2016-07-22 15:43:36 +01:00
parent 9bd2dd0732
commit 4b3ce4b402
3 changed files with 47 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
Dockerfile
View File

@@ -34,7 +34,18 @@ RUN apk add --no-cache bash \
php5-json \ php5-json \
php5-phar \ php5-phar \
php5-soap \ php5-soap \
php5-dom && \ php5-dom \
python \
python-dev \
py-pip \
augeas-dev \
openssl-dev \
ca-certificates \
dialog \
gcc \
musl-dev \
linux-headers \
libffi-dev &&\
mkdir -p /etc/nginx && \ mkdir -p /etc/nginx && \
mkdir -p /var/www/app && \ mkdir -p /var/www/app && \
mkdir -p /run/nginx && \ mkdir -p /run/nginx && \
@@ -42,7 +53,11 @@ RUN apk add --no-cache bash \
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && \ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" && \
php -r "if (hash_file('SHA384', 'composer-setup.php') === '${composer_hash}') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" && \ php -r "if (hash_file('SHA384', 'composer-setup.php') === '${composer_hash}') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" && \
php composer-setup.php --install-dir=/usr/bin --filename=composer && \ php composer-setup.php --install-dir=/usr/bin --filename=composer && \
php -r "unlink('composer-setup.php');" php -r "unlink('composer-setup.php');" && \
pip install -U certbot && \
mkdir -p /etc/letsencrypt/webrootauth && \
apk del gcc musl-dev linux-headers libffi-dev augeas-dev python-dev
ADD conf/supervisord.conf /etc/supervisord.conf ADD conf/supervisord.conf /etc/supervisord.conf
@@ -85,8 +100,9 @@ find /etc/php5/conf.d/ -name "*.ini" -exec sed -i -re 's/^(\s*)#(.*)/\1;\2/g' {}
ADD scripts/start.sh /start.sh ADD scripts/start.sh /start.sh
ADD scripts/pull /usr/bin/pull ADD scripts/pull /usr/bin/pull
ADD scripts/push /usr/bin/push ADD scripts/push /usr/bin/push
RUN chmod 755 /usr/bin/pull && chmod 755 /usr/bin/push ADD scripts/letsencrypt-setup /usr/bin/letsencrypt-setup
RUN chmod 755 /start.sh ADD scripts/letsencrypt-renew /usr/bin/letsencrypt-renew
RUN chmod 755 /usr/bin/pull && chmod 755 /usr/bin/push && chmod 755 /usr/bin/letsencrypt-setup && chmod 755 /usr/bin/letsencrypt-renew && chmod 755 /start.sh
# copy in code # copy in code
ADD src/ /var/www/html/ ADD src/ /var/www/html/

13
scripts/letsencrypt-renew Executable file
View File

@@ -0,0 +1,13 @@
#!/bin/bash
# Lets Encrypt
if [ -z "$DOMAIN" ]; then
echo "You need to have \$DOMAIN set"
else
if [ -f /etc/letsencrypt/live/${DOMAIN}/fullchain.pem ]; then
cerbot renew
supervisorctl restart nginx
else
echo "There is no cert to renew"
fi
fi

14
scripts/letsencrypt-setup Executable file
View File

@@ -0,0 +1,14 @@
#!/bin/bash
# Lets Encrypt
if [ -z "$WEBROOT" ] || [ -z "$GIT_EMAIL" ] || [ -z "$DOMAIN" ]; then
echo "You need the \$WEBROOT, \$GIT_EMAIL and the \$DOMAIN Variables"
else
certbot certonly --webroot -w $WEBROOT -d $DOMAIN --email $GIT_EMAIL --agree-tos
ln -s /etc/nginx/sites-available/default-ssl.conf /etc/nginx/sites-enabled/
sed -i "s/##DOMAIN##/${DOMAIN}/g" /etc/nginx/sites-enabled/default-ssl.conf
supervisorctl restart nginx
fi