docker/nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Our SSL certs are now in their own dir, ensure md5 of certs goes in /tmp/nginx
All checks were successful
Create Docker Image / Build Docker Image (x86_64) (push) Successful in 25s
Details
Create Docker Image / Build Docker Image (arm64) (push) Successful in 1m6s
Details
Create Docker Image / Final Docker Image Manifest (push) Successful in 9s
Details

Browse Source
This commit is contained in:
Deon George 2024-10-14 12:13:21 +11:00
parent a17722df77
commit 2eb94a9106
5 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docker/Dockerfile
View File

@ -23,16 +23,16 @@ RUN chmod 444 /etc/nginx/default.d/ssl/* && \
chmod 400 /etc/nginx/default.d/ssl/default.key /etc/nginx/default.d/ssl/dhparams.pem
# Default SSL cert
RUN mkdir -p /etc/nginx/conf.d/ssl && \
ln -s ../../default.d/ssl/default.crt /etc/nginx/conf.d/ssl/mail.crt && \
ln -s ../../default.d/ssl/default.key /etc/nginx/conf.d/ssl/mail.key
RUN mkdir -p /etc/nginx/ssl && \
ln -s ../default.d/ssl/default.crt /etc/nginx/ssl/mail.crt && \
ln -s ../default.d/ssl/default.key /etc/nginx/ssl/mail.key
COPY ssl.sh /usr/sbin/
COPY docker/init-docker /sbin/
COPY var/www/maintenance /var/www/maintenance
# Expose our web root and log directories log.
#VOLUME [ "/etc/nginx/conf.d", "/etc/nginx/default.d", "/etc/nginx/include.d" ]
#VOLUME [ "/etc/nginx/http.d", "/etc/nginx/default.d", "/etc/nginx/include.d", "/etc/nginx/ssl" ]
# Starting
EXPOSE 80 443 25 110 143

6
docker/init-docker
View File

@ -1,9 +1,9 @@
#!/bin/sh
TMPDIR=/tmp
LEGODIR=/etc/nginx/conf.d/ssl/lego
TMPDIR=/tmp/nginx
LEGODIR=/etc/nginx/ssl/lego
# Create our MD5 of our certifcates in /tmp
# Create our MD5 of our certifcates in ${TMPDIR}
for cert in $(lego --path ${LEGODIR} list |grep Certificate\ Path|awk '{print $3}'); do
OUTPUT=$(basename ${cert})
echo "- Creating MD5 of [${cert}] in [${TMPDIR}/${OUTPUT}]"

6
etc/nginx/default.d/02-maintenance.include
View File

@ -1,15 +1,15 @@
# Enable setting a maintenance mode and render the maintenance
# page instead.
#
# Add this lines to your conf.d file for your site.
# Add this lines to your http.d file for your site.
#
# include conf.d/02-maintenance.include;
# include http.d/02-maintenance.include;
#
# if ($maintenance) {
# return 503;
# }
#
# Create a default file in conf.d with these settings, or add them to your existing server
# Create a default file in http.d with these settings, or add them to your existing server
# configuration
#
# error_page 502 =200 @maintenance;

4
etc/nginx/include.d/mail.conf
View File

@ -6,8 +6,8 @@ mail {
proxy_pass_error_message on;
#ssl on;
ssl_certificate conf.d/ssl/mail.crt;
ssl_certificate_key conf.d/ssl/mail.key;
ssl_certificate ssl/mail.crt;
ssl_certificate_key ssl/mail.key;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!MD5;

10
ssl.sh
View File

@ -1,14 +1,14 @@
#!/bin/bash
TMPDIR=/tmp
TMPDIR=/tmp/nginx
if [ "$1" == "certbot" ]; then
certbot renew -q --config-dir /etc/nginx/conf.d/ssl/letsencrypt/ --renew-hook "/usr/sbin/nginx -s reload"
certbot renew -q --config-dir /etc/nginx/ssl/letsencrypt/ --renew-hook "/usr/sbin/nginx -s reload"
elif [ "$1" == "lego" ]; then
CERTDIR=/etc/nginx/conf.d
LEGODIR=${CERTDIR}/ssl/lego
CERTFILE=${CERTDIR}/lego-cert.ssl
CERTDIR=/etc/nginx/ssl
LEGODIR=${CERTDIR}/lego
CERTFILE=${LEGODIR}/lego-cert.ssl
RELOAD="/tmp/nginx.reload"
TLS_PORT=444