Added certbot container

2016-10-09 21:01:49 -04:00 · 2016-10-09 21:01:49 -04:00 · 4030cc2f26
parent 5e9ae56a7f
commit 4030cc2f26
6 changed files with 31 additions and 0 deletions
--- a/certbot/Dockerfile
+++ b/certbot/Dockerfile
@ -0,0 +1,8 @@
+FROM phusion/baseimage:latest
+
+COPY run-certbot.sh /root/certbot/run-certbot.sh
+
+RUN apt-get update
+RUN apt-get install -y letsencrypt
+
+ENTRYPOINT bash -c "bash /root/certbot/run-certbot.sh && sleep infinity"
--- a/certbot/letsencrypt/.gitkeep
+++ b/certbot/letsencrypt/.gitkeep
--- a/certbot/letsencrypt/.well-known/.gitkeep
+++ b/certbot/letsencrypt/.well-known/.gitkeep
--- a/certbot/run-certbot.sh
+++ b/certbot/run-certbot.sh
@ -0,0 +1,6 @@
+#!/bin/bash
+
+letsencrypt certonly --webroot -w /var/www/letsencrypt -d "$CN" --agree-tos --email "$EMAIL" --non-interactive --text
+
+cp /etc/letsencrypt/archive/"$CN"/cert1.pem /var/certs/cert1.pem
+cp /etc/letsencrypt/archive/"$CN"/privkey1.pem /var/certs/privkey1.pem
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -312,8 +312,21 @@ services:
        links:
            - php-fpm
            
+### Certbot Container ##################################
+            
+    certbot:
+        build:
+            context: ./certbot
+        volumes:
+            - ./data/certbot/certs/:/var/certs
+            - ./certbot/letsencrypt/:/var/www/letsencrypt
+        environment:
+            CN: "fake.domain.com"
+            EMAIL: "fake.email@gmail.com"
+
 ### Volumes Setup ###########################################

+
 volumes:
    mysql:
        driver: "local"
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -23,6 +23,10 @@ http {
  error_log /var/log/nginx/error.log;
  gzip on;
  gzip_disable "msie6";
+  
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+  
  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-available/*;
  open_file_cache max=100;