mirror of
https://github.com/element-hq/element-docker-demo.git
synced 2026-01-24 22:26:13 +03:00
LE fixes
This commit is contained in:
Matthew Hodgson
@@ -94,7 +94,7 @@ services:
|
||||
volumes:
|
||||
- ${VOLUME_PATH}/data/certbot/conf:/etc/letsencrypt
|
||||
- ${VOLUME_PATH}/data/certbot/www:/var/www/certbot
|
||||
entrypoint: "/bin/sh -c 'trap exit TERM; while [ -f /etc/letsencrypt/live ]; do certbot renew; sleep 12h & wait $${!}; done;'"
|
||||
entrypoint: "/bin/sh -c 'trap exit TERM; while [ -e /etc/letsencrypt/live ]; do certbot renew; sleep 12h & wait $${!}; done;'"
|
||||
depends_on:
|
||||
init:
|
||||
condition: service_completed_successfully
|
||||
|
||||
24
setup.sh
24
setup.sh
@@ -1,5 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
set -x
|
||||
|
||||
# set up data & secrets dir with the right ownerships in the default location
|
||||
# to stop docker autocreating them with random owners.
|
||||
# originally these were checked into the git repo, but that's pretty ugly, so doing it here instead.
|
||||
@@ -22,15 +25,16 @@ if [[ ! -e .env ]]; then
|
||||
sed -ir s/^example.com/$DOMAIN/ .env
|
||||
|
||||
# SSL setup
|
||||
mkdir -p data/ssl
|
||||
read -p "Use local mkcert CA for SSL? [y/n]" use_mkcert
|
||||
if [[ use_mkcert =~ ^[Yy]$ ]]; then
|
||||
mkdir -p data/certbot/{conf,www} # stop broken binds
|
||||
read -p "Use local mkcert CA for SSL? [y/n] " use_mkcert
|
||||
if [[ use_mkcert =~ [Yy] ]]; then
|
||||
if [[ ! -x mkcert ]]; then
|
||||
echo "Please install mkcert from brew/apt/yum etc"
|
||||
exit
|
||||
fi
|
||||
mkcert -install
|
||||
mkcert $DOMAIN '*.'$DOMAIN
|
||||
mkdir -p data/ssl
|
||||
mv ${DOMAIN}+1.pem data/ssl/fullchain.pem
|
||||
mv ${DOMAIN}+1-key.pem data/ssl/privkey.pem
|
||||
cp "$(mkcert -CAROOT)"/rootCA.pem data/ssl/ca-certificates.crt
|
||||
@@ -38,14 +42,18 @@ if [[ ! -e .env ]]; then
|
||||
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "data/ssl/options-ssl-nginx.conf"
|
||||
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "data/ssl/ssl-dhparams.pem"
|
||||
else
|
||||
read -p "Use letsencrypt for SSL? [y/n]" use_letsencrypt
|
||||
if [[ use_letsencrypt =~ ^[Yy]$ ]]; then
|
||||
mkdir -p data/certbot/{conf,www}
|
||||
ln -s data/ssl data/certbot/conf/live/$DOMAIN
|
||||
read -p "Use letsencrypt for SSL? [y/n] " use_letsencrypt
|
||||
if [[ use_letsencrypt =~ [Yy] ]]; then
|
||||
mkdir -p data/certbot/conf/live/$DOMAIN
|
||||
if [[ ! -L data/ssl ]]; then
|
||||
ln -s ../data/certbot/conf/live/$DOMAIN data/ssl
|
||||
fi
|
||||
touch data/ssl/ca-certificates.crt # will get overwritten by init-letsencrypt.sh
|
||||
exec scripts/init-letsencrypt.sh
|
||||
exec ./init-letsencrypt.sh
|
||||
else
|
||||
echo "Please put a valid {privkey,fullchain}.pem and ca-certificates.crt into data/ssl/"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo ".env already exists; move it out of the way first to re-setup"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user