Initial commit. Haven't been able to test lets encrypt yet, nginx works

jwanglof · May 20, 2016 · bd86416 · bd86416
1 parent 311aff6
commit bd86416
Show file tree

Hide file tree

Showing 4 changed files with 165 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,49 @@
+# Created by .ignore support plugin (hsz.mobi)
+### JetBrains template
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff:
+.idea/workspace.xml
+.idea/tasks.xml
+.idea/dictionaries
+.idea/vcs.xml
+.idea/jsLibraryMappings.xml
+
+# Sensitive or high-churn files:
+.idea/dataSources.ids
+.idea/dataSources.xml
+.idea/dataSources.local.xml
+.idea/sqlDataSources.xml
+.idea/dynamic.xml
+.idea/uiDesigner.xml
+
+# Gradle:
+.idea/gradle.xml
+.idea/libraries
+
+# Mongo Explorer plugin:
+.idea/mongoSettings.xml
+
+## File-based project format:
+*.iws
+
+## Plugin-specific files:
+
+# IntelliJ
+/out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+
+.idea/
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,52 @@
+FROM alpine:3.3
+
+MAINTAINER Johan Wänglöf <[email protected]>
+
+###
+# Nginx
+###
+RUN apk add --update nginx
+
+# Symlink nginx' default logs to std* so Docker Logs can see them
+RUN ln -sf /dev/stdout /var/log/nginx/access.log
+RUN ln -sf /dev/stderr /var/log/nginx/error.log
+
+
+###
+# Lets Encrypt
+###
+RUN export CERTBOT_DEPS="py-pip \
+                         build-base \
+                         libffi-dev \
+                         python-dev \
+                         ca-certificates \
+                         openssl-dev \
+                         linux-headers \
+                         dialog \
+                         wget" && \
+            apk --update add openssl \
+                             augeas-libs \
+                             ${CERTBOT_DEPS}
+
+RUN pip install --upgrade --no-cache-dir pip virtualenv
+
+RUN mkdir /letsencrypt
+RUN mkdir /etc/ssl/botillsammans
+WORKDIR /letsencrypt
+
+# Get the certbot so we can use Lets Encrypt
+RUN wget https://dl.eff.org/certbot-auto
+RUN chmod a+x certbot-auto
+
+# Clean up
+RUN apk del ${CERTBOT_DEPS}
+RUN rm -rf /var/cache/apk/*
+
+WORKDIR /
+
+COPY ./run.sh /
+RUN chmod a+x /run.sh
+
+EXPOSE 80 443
+
+CMD ["sh", "/run.sh"]
diff --git a/README.md b/README.md
@@ -1,2 +1,4 @@
 # docker-alpine-nginx-letsencrypt
 Docker Image with Nginx + LetsEncrypt
+
+Inspiration, and help, from: https://hub.docker.com/r/connexiolabs/alpine-nginx/ and https://hub.docker.com/r/ecor/letsencrypt/
diff --git a/run.sh b/run.sh
@@ -0,0 +1,62 @@
+#!/usr/bin/env sh
+
+# $LETSENCRYPT_FIRST_TIME is an environment variable
+if [ "$LETSENCRYPT_FIRST_TIME" = "true" ]
+then
+    cd /letsencrypt
+
+    # Build the certbot-command depending on environment variables
+    CERTONLY_COMMAND="./certbot-auto certonly --webroot"
+
+#    export LETSENCRYPT_AGREE_TOS='true'
+    if [ "$LETSENCRYPT_AGREE_TOS" = "true" ]; then
+        CERTONLY_COMMAND="$CERTONLY_COMMAND --agree-tos"
+    fi
+
+#    export LETSENCRYPT_EMAIL="[email protected]"
+    if [ ! -z "$LETSENCRYPT_EMAIL" ]; then
+        CERTONLY_COMMAND="$CERTONLY_COMMAND --email $LETSENCRYPT_EMAIL"
+    fi
+
+#    export LETSENCRYPT_WEBROOT_PATH="/asd/asd"
+    if [ ! -z "$LETSENCRYPT_WEBROOT_PATH" ]; then
+        CERTONLY_COMMAND="$CERTONLY_COMMAND --webroot-path $LETSENCRYPT_WEBROOT_PATH"
+    fi
+
+    # It's only possible to use multi-domains or one domain
+    #export LETSENCRYPT_DOMAINS=botillsammans.nu,www.botillsammans.nu
+#    export LETSENCRYPT_DOMAIN=example.com
+    if [ ! -z "$LETSENCRYPT_DOMAINS" ]; then
+#        CERTONLY_COMMAND="$CERTONLY_COMMAND --domains [$LETSENCRYPT_DOMAINS]"
+        CERTONLY_COMMAND="$CERTONLY_COMMAND --domains $LETSENCRYPT_DOMAINS"
+    elif [ ! -z "$LETSENCRYPT_DOMAIN" ]; then
+        CERTONLY_COMMAND="$CERTONLY_COMMAND --domain $LETSENCRYPT_DOMAIN"
+    else
+        echo "You must choose at least one domain"
+        exit 1
+    fi
+
+    # [email protected] is an alias of [email protected]
+    #./certbot-auto certonly --webroot --agree-tos --email [email protected] -w /etc/ssl/botillsammans -d botillsammans.nu -d www.botillsammans.nu
+#    ./certbot-auto certonly --webroot --agree-tos --email [email protected] -w /etc/ssl/botillsammans -d botillsammans.klumpen.se
+    echo "Certbot command:", ${CERTONLY_COMMAND}
+else
+    echo "Not first time"
+fi
+
+# $LETSENCRYPT_RENEW is an environment variable
+if [ "$LETSENCRYPT_RENEW" = "true" ]
+then
+    echo "Renew the cert!"
+else
+    echo "No renew"
+fi
+
+# Go back to root as default
+cd /
+
+echo "Starting Nginx"
+
+/usr/sbin/nginx -c /etc/nginx/nginx.conf -g "daemon off;"
+
+echo "Failed starting Nginx!"