docker-compose/authentik
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add location for acme; update scripts

Browse source
This commit is contained in:
Philip Henning 2024-11-19 12:11:49 +01:00
parent c237c41457
commit ac1e1f7008
4 changed files with 19 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

8
data/nginx/default.conf.template
View file

@ -33,8 +33,16 @@ server {
listen [::]:${NGINX_HTTP_PORT}; listen [::]:${NGINX_HTTP_PORT};
server_name ${NGINX_SERVERNAME}; server_name ${NGINX_SERVERNAME};
# Exclude Let's Encrypt directory from redirection
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
# Redirect all other traffic to HTTPS
location / {
return 302 https://$host$request_uri; return 302 https://$host$request_uri;
} }
}
# HTTPS Server # HTTPS Server
server { server {

1
docker-compose.yml
View file

@ -125,6 +125,7 @@ services:
- ./data/nginx/default.conf.template:/etc/nginx/templates/default.conf.template:ro - ./data/nginx/default.conf.template:/etc/nginx/templates/default.conf.template:ro
- ./data/nginx/dhparams.pem:/etc/nginx/ssl/dhparams.pem:ro - ./data/nginx/dhparams.pem:/etc/nginx/ssl/dhparams.pem:ro
- ./data/nginx/certs:/etc/nginx/ssl/certs:ro - ./data/nginx/certs:/etc/nginx/ssl/certs:ro
- ./data/nginx/acme:/var/www/letsencrypt:ro
ports: ports:
- target: 8080 - target: 8080
published: "80" published: "80"

8
scripts/cert_renew.sh
View file

@ -5,9 +5,9 @@ cd "$(dirname "$(realpath "$0")")/../"
lego \ lego \
--path ./data/.lego \ --path ./data/.lego \
--http.port :8080 \
--tls.port :8443 \
--email="acme@base23.de" \ --email="acme@base23.de" \
--domains="sso.base23.de" \ --domains="sso.base23.de" \
--http renew \ --http \
--renew-hook="./scripts/cert_renew_hook.sh" --http.webroot ./data/nginx/acme \
--renew-hook="./scripts/cert_renew_hook.sh" \
renew

7
scripts/init.sh
View file

@ -51,12 +51,15 @@ echo ""
echo "Create certificate" echo "Create certificate"
lego \ lego \
--path ./data/.lego \ --path ./data/.lego \
--http.port :8080 \ --accept-tos \
--tls.port :8443 \
--email="acme@base23.de" \ --email="acme@base23.de" \
--domains="sso.base23.de" \ --domains="sso.base23.de" \
--http run --http run
# Link certificates to correct directory # Link certificates to correct directory
ln -s ../../.lego/certificates/sso.base23.de.crt ./data/nginx/certs/sso.base23.de.crt
ln -s ../../.lego/certificates/sso.base23.de.issuer.crt ./data/nginx/certs/sso.base23.de.issuer.crt
ln -s ../../.lego/certificates/sso.base23.de.key ./data/nginx/certs/sso.base23.de.key
# Setup cronjob to automatically renew certificates # Setup cronjob to automatically renew certificates