From 71f75417ac996ebad253b8a4f44f13a1e5787835 Mon Sep 17 00:00:00 2001
From: Matthew Hodgson <matthew@matrix.org>
Date: Fri, 8 Nov 2024 16:47:59 +0000
Subject: [PATCH] more LE fixes

---
 compose.yml                         |  7 -------
 data-template/nginx/conf.d/app.conf | 11 +++--------
 init-letsencrypt.sh                 | 20 ++++++++++++--------
 3 files changed, 15 insertions(+), 23 deletions(-)

diff --git a/compose.yml b/compose.yml
index 1f8661a..a81a471 100644
--- a/compose.yml
+++ b/compose.yml
@@ -85,8 +85,6 @@ services:
     depends_on:
       init:
         condition: service_completed_successfully
-      synapse:
-        condition: service_started
 
   certbot:
     image: certbot/certbot:latest
@@ -95,11 +93,6 @@ services:
       - ${VOLUME_PATH}/data/certbot/conf:/etc/letsencrypt
       - ${VOLUME_PATH}/data/certbot/www:/var/www/certbot
     entrypoint: "/bin/sh -c 'trap exit TERM; while [ -e /etc/letsencrypt/live ]; do certbot renew; sleep 12h & wait $${!}; done;'"
-    depends_on:
-      init:
-        condition: service_completed_successfully
-      nginx:
-        condition: service_started
 
   postgres:
     image: postgres:latest
diff --git a/data-template/nginx/conf.d/app.conf b/data-template/nginx/conf.d/app.conf
index 82580b8..a2b001c 100644
--- a/data-template/nginx/conf.d/app.conf
+++ b/data-template/nginx/conf.d/app.conf
@@ -14,14 +14,12 @@ server {
 
     listen 80;
 
-    # location /.well-known/acme-challenge/ {
-    #    root /var/www/certbot;
-    #    add_header Access-Control-Allow-Origin *;
-    # }
+    location /.well-known/acme-challenge/ {
+       root /var/www/certbot;
+    }
 
     location /.well-known/matrix/ {
         root /var/www;
-	#add_header Access-Control-Allow-Origin *;
     }
 
     # XXX: is this right? or should auth.$DOMAIN be the issuer?
@@ -29,7 +27,6 @@ server {
         proxy_pass http://mas:8080;
         proxy_http_version 1.1;
         proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
-	#add_header Access-Control-Allow-Origin *;
     }
 
     location / {
@@ -45,7 +42,6 @@ server {
 
     location /.well-known/matrix/ {
         root /var/www;
-	#add_header Access-Control-Allow-Origin *;
     }
 
     # XXX: is this right? or should auth.$DOMAIN be the issuer?
@@ -53,7 +49,6 @@ server {
         proxy_pass http://mas:8080;
         proxy_http_version 1.1;
         proxy_set_header X-Forwarded-For ${DOLLAR}remote_addr;
-	#add_header Access-Control-Allow-Origin *;
     }
 }
 
diff --git a/init-letsencrypt.sh b/init-letsencrypt.sh
index 59ffac3..a9b53e3 100755
--- a/init-letsencrypt.sh
+++ b/init-letsencrypt.sh
@@ -2,8 +2,10 @@
 
 # taken from https://raw.githubusercontent.com/wmnnd/nginx-certbot/refs/heads/master/init-letsencrypt.sh
 
-if ! [ -x "$(command -v docker-compose)" ]; then
-  echo 'Error: docker-compose is not installed.' >&2
+set -x
+
+if ! [ -x "$(command -v docker)" ]; then
+  echo 'Error: dockeris not installed.' >&2
   exit 1
 fi
 
@@ -12,7 +14,7 @@ domains=$DOMAINS
 rsa_key_size=4096
 data_path="./data/certbot"
 read -p "admin email address for letsencrypt: " email
-staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
+staging=1 # Set to 1 if you're testing your setup to avoid hitting request limits
 
 if [ -d "$data_path" ]; then
   read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
@@ -33,7 +35,7 @@ echo "### Creating dummy certificate for $domains ..."
 # N.B. in bash, $domains will return the first value of the array in string context, so this is not a bug:
 path="/etc/letsencrypt/live/$domains"
 mkdir -p "$data_path/conf/live/$domains"
-docker-compose run --rm --entrypoint "\
+docker compose run --rm --entrypoint "\
   openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\
     -keyout '$path/privkey.pem' \
     -out '$path/fullchain.pem' \
@@ -42,11 +44,13 @@ docker-compose run --rm --entrypoint "\
 echo
 
 echo "### Starting nginx ..."
-docker-compose up --force-recreate -d nginx
+docker compose up --force-recreate -d nginx
 echo
 
+exit
+
 echo "### Deleting dummy certificate for $domains ..."
-docker-compose run --rm --entrypoint "\
+docker compose run --rm --entrypoint "\
   rm -Rf /etc/letsencrypt/live/$domains && \
   rm -Rf /etc/letsencrypt/archive/$domains && \
   rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
@@ -69,7 +73,7 @@ esac
 # Enable staging mode if needed
 if [ $staging != "0" ]; then staging_arg="--staging"; fi
 
-docker-compose run --rm --entrypoint "\
+docker compose run --rm --entrypoint "\
   certbot certonly --webroot -w /var/www/certbot \
     $staging_arg \
     $email_arg \
@@ -80,4 +84,4 @@ docker-compose run --rm --entrypoint "\
 echo
 
 echo "### Reloading nginx ..."
-docker-compose exec nginx nginx -s reload
\ No newline at end of file
+docker compose exec nginx nginx -s reload