diff options
author | terminaldweller <thabogre@gmail.com> | 2021-01-17 06:18:35 +0000 |
---|---|---|
committer | terminaldweller <thabogre@gmail.com> | 2021-01-17 06:18:35 +0000 |
commit | ecef4e3cc9f2d414b817b18a0b9c7303c39e519a (patch) | |
tree | 7d947424ee1bd386a39a6e5a2bb41f4e9aeb4ead /matrix-server/certbot | |
parent | fixed the matrix image (diff) | |
download | dockerimages-ecef4e3cc9f2d414b817b18a0b9c7303c39e519a.tar.gz dockerimages-ecef4e3cc9f2d414b817b18a0b9c7303c39e519a.zip |
matrix server docker-compose WIP
Diffstat (limited to 'matrix-server/certbot')
5 files changed, 47 insertions, 0 deletions
diff --git a/matrix-server/certbot/Dockerfile b/matrix-server/certbot/Dockerfile new file mode 100644 index 0000000..dc6369b --- /dev/null +++ b/matrix-server/certbot/Dockerfile @@ -0,0 +1,4 @@ +FROM certbot/certbot:v1.11.0 +RUN apk update && apk add socat +COPY ./scripts/ /etc/scripts/ +EXPOSE 380 diff --git a/matrix-server/certbot/scripts/concatenate-certificates.sh b/matrix-server/certbot/scripts/concatenate-certificates.sh new file mode 100644 index 0000000..5238a9b --- /dev/null +++ b/matrix-server/certbot/scripts/concatenate-certificates.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +if [ -f /etc/letsencrypt/live/davole.com/fullchain.pem -a -f /etc/letsencrypt/live/davole.com/privkey.pem ]; then + cat /etc/letsencrypt/live/davole.com/fullchain.pem /etc/letsencrypt/live/davole.com/privkey.pem > /etc/certificates/davole.com.pem +fi diff --git a/matrix-server/certbot/scripts/create-certificates.sh b/matrix-server/certbot/scripts/create-certificates.sh new file mode 100644 index 0000000..5fb6345 --- /dev/null +++ b/matrix-server/certbot/scripts/create-certificates.sh @@ -0,0 +1,10 @@ +#!/bin/bash +# Request certificates +certbot certonly --standalone \ + --non-interactive --agree-tos --email info@davole.com --http-01-port=380 \ + --cert-name davole.com \ + -d davole.com +# Concatenate certificates +. /etc/scripts/concatenate-certificates.sh +# Update certificates in HAProxy +. /etc/scripts/update-haproxy-certificates.sh diff --git a/matrix-server/certbot/scripts/renew-certificates.sh b/matrix-server/certbot/scripts/renew-certificates.sh new file mode 100644 index 0000000..e46d412 --- /dev/null +++ b/matrix-server/certbot/scripts/renew-certificates.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# Certificates exist +if [ -d /etc/letsencrypt/live/davole.com ]; then + # Check certificates and renew them + certbot renew --http-01-port=380 + + # Concatenate certificates + . /etc/scripts/concatenate-certificates.sh + + # Update certificates in HAProxy + . /etc/scripts/update-haproxy-certificates.sh + +# Certificates don't exist +else + # Execute certificate creation script + . /etc/scripts/create-certificates.sh +fi diff --git a/matrix-server/certbot/scripts/update-haproxy-certificates.sh b/matrix-server/certbot/scripts/update-haproxy-certificates.sh new file mode 100644 index 0000000..a1f9fc6 --- /dev/null +++ b/matrix-server/certbot/scripts/update-haproxy-certificates.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# Start transaction +echo -e "set ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem <<\n$(cat /etc/certificates/davole.com.pem)\n" | socat tcp-connect:haproxy:9999 - + +# Commit transaction +echo "commit ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem" | socat tcp-connect:haproxy:9999 - + +# Show certification info (not essential) +echo "show ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem" | socat tcp-connect:haproxy:9999 - |