From 06d26faf73a5a3d9561a8b61171f00ae997db327 Mon Sep 17 00:00:00 2001 From: Deon George Date: Mon, 14 Oct 2024 12:13:21 +1100 Subject: [PATCH] Our SSL certs are now in their own dir, ensure md5 of certs goes in /tmp/nginx --- docker/Dockerfile | 8 ++++---- docker/init-docker | 6 +++--- ssl.sh | 10 +++++----- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 70fc45b..e46fea6 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -23,16 +23,16 @@ RUN chmod 444 /etc/nginx/default.d/ssl/* && \ chmod 400 /etc/nginx/default.d/ssl/default.key /etc/nginx/default.d/ssl/dhparams.pem # Default SSL cert -RUN mkdir -p /etc/nginx/conf.d/ssl && \ - ln -s ../../default.d/ssl/default.crt /etc/nginx/conf.d/ssl/mail.crt && \ - ln -s ../../default.d/ssl/default.key /etc/nginx/conf.d/ssl/mail.key +RUN mkdir -p /etc/nginx/ssl && \ + ln -s ../default.d/ssl/default.crt /etc/nginx/ssl/mail.crt && \ + ln -s ../default.d/ssl/default.key /etc/nginx/ssl/mail.key COPY ssl.sh /usr/sbin/ COPY docker/init-docker /sbin/ COPY var/www/maintenance /var/www/maintenance # Expose our web root and log directories log. -#VOLUME [ "/etc/nginx/conf.d", "/etc/nginx/default.d", "/etc/nginx/include.d" ] +#VOLUME [ "/etc/nginx/http.d", "/etc/nginx/default.d", "/etc/nginx/include.d", "/etc/nginx/ssl" ] # Starting EXPOSE 80 443 25 110 143 diff --git a/docker/init-docker b/docker/init-docker index 3dcac24..9d004b1 100755 --- a/docker/init-docker +++ b/docker/init-docker @@ -1,9 +1,9 @@ #!/bin/sh -TMPDIR=/tmp -LEGODIR=/etc/nginx/conf.d/ssl/lego +TMPDIR=/tmp/nginx +LEGODIR=/etc/nginx/ssl/lego -# Create our MD5 of our certifcates in /tmp +# Create our MD5 of our certifcates in ${TMPDIR} for cert in $(lego --path ${LEGODIR} list |grep Certificate\ Path|awk '{print $3}'); do OUTPUT=$(basename ${cert}) echo "- Creating MD5 of [${cert}] in [${TMPDIR}/${OUTPUT}]" diff --git a/ssl.sh b/ssl.sh index 0acde89..e30d476 100755 --- a/ssl.sh +++ b/ssl.sh @@ -1,14 +1,14 @@ #!/bin/bash -TMPDIR=/tmp +TMPDIR=/tmp/nginx if [ "$1" == "certbot" ]; then - certbot renew -q --config-dir /etc/nginx/conf.d/ssl/letsencrypt/ --renew-hook "/usr/sbin/nginx -s reload" + certbot renew -q --config-dir /etc/nginx/ssl/letsencrypt/ --renew-hook "/usr/sbin/nginx -s reload" elif [ "$1" == "lego" ]; then - CERTDIR=/etc/nginx/conf.d - LEGODIR=${CERTDIR}/ssl/lego - CERTFILE=${CERTDIR}/lego-cert.ssl + CERTDIR=/etc/nginx/ssl + LEGODIR=${CERTDIR}/lego + CERTFILE=${LEGODIR}/lego-cert.ssl RELOAD="/tmp/nginx.reload" TLS_PORT=444