diff --git a/docker/Dockerfile b/docker/Dockerfile index 70fc45b..e46fea6 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -23,16 +23,16 @@ RUN chmod 444 /etc/nginx/default.d/ssl/* && \ chmod 400 /etc/nginx/default.d/ssl/default.key /etc/nginx/default.d/ssl/dhparams.pem # Default SSL cert -RUN mkdir -p /etc/nginx/conf.d/ssl && \ - ln -s ../../default.d/ssl/default.crt /etc/nginx/conf.d/ssl/mail.crt && \ - ln -s ../../default.d/ssl/default.key /etc/nginx/conf.d/ssl/mail.key +RUN mkdir -p /etc/nginx/ssl && \ + ln -s ../default.d/ssl/default.crt /etc/nginx/ssl/mail.crt && \ + ln -s ../default.d/ssl/default.key /etc/nginx/ssl/mail.key COPY ssl.sh /usr/sbin/ COPY docker/init-docker /sbin/ COPY var/www/maintenance /var/www/maintenance # Expose our web root and log directories log. -#VOLUME [ "/etc/nginx/conf.d", "/etc/nginx/default.d", "/etc/nginx/include.d" ] +#VOLUME [ "/etc/nginx/http.d", "/etc/nginx/default.d", "/etc/nginx/include.d", "/etc/nginx/ssl" ] # Starting EXPOSE 80 443 25 110 143 diff --git a/docker/init-docker b/docker/init-docker index 3dcac24..9d004b1 100755 --- a/docker/init-docker +++ b/docker/init-docker @@ -1,9 +1,9 @@ #!/bin/sh -TMPDIR=/tmp -LEGODIR=/etc/nginx/conf.d/ssl/lego +TMPDIR=/tmp/nginx +LEGODIR=/etc/nginx/ssl/lego -# Create our MD5 of our certifcates in /tmp +# Create our MD5 of our certifcates in ${TMPDIR} for cert in $(lego --path ${LEGODIR} list |grep Certificate\ Path|awk '{print $3}'); do OUTPUT=$(basename ${cert}) echo "- Creating MD5 of [${cert}] in [${TMPDIR}/${OUTPUT}]" diff --git a/etc/nginx/default.d/02-maintenance.include b/etc/nginx/default.d/02-maintenance.include index dd4e0bf..f487b54 100644 --- a/etc/nginx/default.d/02-maintenance.include +++ b/etc/nginx/default.d/02-maintenance.include @@ -1,15 +1,15 @@ # Enable setting a maintenance mode and render the maintenance # page instead. # -# Add this lines to your conf.d file for your site. +# Add this lines to your http.d file for your site. # -# include conf.d/02-maintenance.include; +# include http.d/02-maintenance.include; # # if ($maintenance) { # return 503; # } # -# Create a default file in conf.d with these settings, or add them to your existing server +# Create a default file in http.d with these settings, or add them to your existing server # configuration # # error_page 502 =200 @maintenance; diff --git a/etc/nginx/include.d/mail.conf b/etc/nginx/include.d/mail.conf index 70682ce..f6965a5 100644 --- a/etc/nginx/include.d/mail.conf +++ b/etc/nginx/include.d/mail.conf @@ -6,8 +6,8 @@ mail { proxy_pass_error_message on; #ssl on; - ssl_certificate conf.d/ssl/mail.crt; - ssl_certificate_key conf.d/ssl/mail.key; + ssl_certificate ssl/mail.crt; + ssl_certificate_key ssl/mail.key; #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #ssl_ciphers HIGH:!aNULL:!MD5; diff --git a/ssl.sh b/ssl.sh index 0acde89..e30d476 100755 --- a/ssl.sh +++ b/ssl.sh @@ -1,14 +1,14 @@ #!/bin/bash -TMPDIR=/tmp +TMPDIR=/tmp/nginx if [ "$1" == "certbot" ]; then - certbot renew -q --config-dir /etc/nginx/conf.d/ssl/letsencrypt/ --renew-hook "/usr/sbin/nginx -s reload" + certbot renew -q --config-dir /etc/nginx/ssl/letsencrypt/ --renew-hook "/usr/sbin/nginx -s reload" elif [ "$1" == "lego" ]; then - CERTDIR=/etc/nginx/conf.d - LEGODIR=${CERTDIR}/ssl/lego - CERTFILE=${CERTDIR}/lego-cert.ssl + CERTDIR=/etc/nginx/ssl + LEGODIR=${CERTDIR}/lego + CERTFILE=${LEGODIR}/lego-cert.ssl RELOAD="/tmp/nginx.reload" TLS_PORT=444