add location for acme; update scripts

data/nginx/default.conf.template

@@ -33,8 +33,16 @@ server {
 	listen [::]:${NGINX_HTTP_PORT};
 	server_name ${NGINX_SERVERNAME};
 
+	# Exclude Let's Encrypt directory from redirection
+	location /.well-known/acme-challenge/ {
+		root /var/www/letsencrypt;
+	}
+
+	# Redirect all other traffic to HTTPS
+	location / {
 		return 302 https://$host$request_uri;
 	}
+}
 
 # HTTPS Server
 server {

docker-compose.yml

@@ -125,6 +125,7 @@ services:
       - ./data/nginx/default.conf.template:/etc/nginx/templates/default.conf.template:ro
       - ./data/nginx/dhparams.pem:/etc/nginx/ssl/dhparams.pem:ro
       - ./data/nginx/certs:/etc/nginx/ssl/certs:ro
+      - ./data/nginx/acme:/var/www/letsencrypt:ro
     ports:
       - target: 8080
         published: "80"

scripts/cert_renew.sh

@@ -5,9 +5,9 @@ cd "$(dirname "$(realpath "$0")")/../"
 
 lego \
 --path ./data/.lego \
-	--http.port :8080 \
-	--tls.port :8443 \
 	--email="acme@base23.de" \
 	--domains="sso.base23.de" \
-	--http renew \
-	--renew-hook="./scripts/cert_renew_hook.sh"
+	--http \
+	--http.webroot ./data/nginx/acme \
+	--renew-hook="./scripts/cert_renew_hook.sh" \
+	renew

scripts/init.sh

@@ -51,12 +51,15 @@ echo ""
 echo "Create certificate"
 lego \
 	--path ./data/.lego \
-	--http.port :8080 \
-	--tls.port :8443 \
+	--accept-tos \
 	--email="acme@base23.de" \
 	--domains="sso.base23.de" \
 	--http run
 
 # Link certificates to correct directory
 
+ln -s ../../.lego/certificates/sso.base23.de.crt ./data/nginx/certs/sso.base23.de.crt
+ln -s ../../.lego/certificates/sso.base23.de.issuer.crt ./data/nginx/certs/sso.base23.de.issuer.crt
+ln -s ../../.lego/certificates/sso.base23.de.key ./data/nginx/certs/sso.base23.de.key
+
 # Setup cronjob to automatically renew certificates