commit 83049e95907ac0ce829a97f529e634f7fe76517b Author: sangyun Date: Wed Jan 17 20:07:17 2024 +0900 initial create diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..21ab749 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,34 @@ +FROM ubuntu:22.04 + +# set timezone +ENV TIMEZONE=Asia/Seoul +RUN ln -snf /usr/share/zoneinfo/${TIMEZONE} /etc/localtime + +# install nginx cerbot etc. +RUN apt-get update -y \ + && apt-get install -y \ + cron \ + nginx \ + certbot \ + python3-certbot-nginx \ + python3-certbot-dns-cloudflare \ + && rm -rf /var/cache/apk/* + +# setup nginx +RUN echo "daemon off;" >> /etc/nginx/nginx.conf && chown -R www-data:www-data /var/lib/nginx + +# expose port +EXPOSE 80 443 + +# work dir +WORKDIR /home + +ADD acme-challenge.conf . +ADD create-cert-cloudflare.sh . +ADD entrypoint.sh . + +# crontab add +RUN chmod +x entrypoint.sh create-cert-cloudflare.sh + +# Run +CMD ["/home/entrypoint.sh"] \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..e2d6461 --- /dev/null +++ b/README.md @@ -0,0 +1,41 @@ +## docker build +```sh +docker build -t nginx-certbot . +``` + +## docker run +```sh +docker run -d \ +-v path:/etc/letsencrypt/ \ +-v path:/etc/nginx/conf.d \ +-v path:/etc/nginx/nginx.conf:ro \ +-v path:/etc/nginx/sites-enabled \ +-v path:/var/www \ +--net host \ +--name nginx \ +--restart=always \ +nginx-certbot +``` + +## 인증서 발급 +```sh +docker exec -it nginx bash + +# create cloudflare ini +echo dns_cloudflare_email=your@email.address > /etc/letsencrypt/cloudflare.ini +echo dns_cloudflare_api_key=your@key >> /etc/letsencrypt/cloudflare.ini + +# set 600 permission +chmod 600 /etc/letsencrypt/cloudflare.ini + +# create ssl certifications +certbot certonly \ +--dns-cloudflare \ +--dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini \ +--email your@email.address\ +--agree-tos \ +--no-eff-email \ +-d your.domain,*.your.domain + +nginx -s reload +``` \ No newline at end of file diff --git a/acme-challenge.conf b/acme-challenge.conf new file mode 100644 index 0000000..d7d35eb --- /dev/null +++ b/acme-challenge.conf @@ -0,0 +1,10 @@ +server { + listen 8080; + listen [::]:8080; + server_name ydev.me; + + location ~ /.well-known/acme-challenge { + allow all; + root /var/www/html; + } +} \ No newline at end of file diff --git a/create-cert-cloudflare.sh b/create-cert-cloudflare.sh new file mode 100644 index 0000000..1dcec74 --- /dev/null +++ b/create-cert-cloudflare.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +mkdir -p /home/letsencrypt +echo dns_cloudflare_email=$CLOUDFLARE_EMAIL > /home/letsencrypt/cloudflare.ini +echo dns_cloudflare_api_key=$CLOUDFLARE_API_KEY >> /home/letsencrypt/cloudflare.ini + +chmod 600 /home/letsencrypt/cloudflare.ini + +certbot certonly \ +--dns-cloudflare \ +--dns-cloudflare-credentials /home/letsencrypt/cloudflare.ini \ +--email $CLOUDFLARE_EMAIL \ +--agree-tos \ +--no-eff-email \ +-d $DOMAIN \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..cf89625 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# copy acme-chanllenge +echo "copy acme-challenge" +cp /home/acme-challenge.conf /etc/nginx/conf.d/acme-challenge.conf + +# add crontab entry to renew the letsencrypt certificate +echo "adding crontab" +echo "0 23 * * * certbot renew --dry-run" | crontab - +crontab -l + +# start nginx +echo "starting nginx" +nginx \ No newline at end of file