Add letsencrypt service and configuration to access .well-known direc…

…tory
dmp1ce · Nov 18, 2015 · 752687a · 752687a
1 parent bc56da5
commit 752687a
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 3 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -10,10 +10,14 @@ RUN apt-get update \
  && apt-get clean \
  && rm -r /var/lib/apt/lists/*
 
-# Get Let's Encrypt client
+# Get Let's Encrypt client source
 RUN git -C /opt clone https://github.com/letsencrypt/letsencrypt
-#RUN cd /opt/letsencrypt && ./letsencrypt-auto
-COPY letsencrypt.ini /etc/letsencrypt/cli.ini
+# Install letsencrypt
+RUN cd /opt/letsencrypt && ./letsencrypt-auto --help
+
+# Testing directory
+RUN mkdir -p /usr/share/nginx/html/.well-known \
+ && touch /usr/share/nginx/html/.well-known/testing
 
 # Configure Nginx and apply fix for very long server names
 RUN echo "daemon off;" >> /etc/nginx/nginx.conf \
@@ -35,6 +39,7 @@ WORKDIR /app/
 ENV DOCKER_HOST unix:///tmp/docker.sock
 
 VOLUME ["/etc/nginx/certs"]
+VOLUME ["/etc/letsencrypt"]
 
 ENTRYPOINT ["/app/docker-entrypoint.sh"]
 CMD ["forego", "start", "-r"]
diff --git a/Procfile b/Procfile
@@ -1,2 +1,3 @@
 nginx: nginx
 dockergen: docker-gen -watch -only-exposed -notify "nginx -s reload" /app/nginx.tmpl /etc/nginx/conf.d/default.conf
+letsencrypt: /app/letsencrypt_service
diff --git a/letsencrypt_service b/letsencrypt_service
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+echo 'Waiting'
+sleep 10
+
+# Wait some amount of time
+seconds_to_wait=100;
+while true; do
+  # for each configuration file,
+  for f in "/etc/letsencrypt/*.ini"; do 
+    [[ -f "$f" ]] || continue 
+    echo "letsencrypt ${f%.ini}"
+    domain="${f%.ini}"
+    # Wait until the threshold is reached for renewing certificate
+    # cat /etc/nginx/certs/ftl3.local.crt | openssl x509 -noout -dates
+
+    # Or if the certificate doesn't exist
+
+    /opt/letsencrypt/letsencrypt-auto certonly --authenticator webroot \
+      --webroot-path /usr/share/nginx/html -d $domain
+  done
+  date
+  sleep $seconds_to_wait
+done
+
+# Date difference in days
+datediff() {
+  d1=$(date -d "$1" +%s)
+  d2=$(date -d "$2" +%s)
+  echo $(( (d1 - d2) / 86400 ))
+}
diff --git a/nginx.tmpl b/nginx.tmpl
@@ -143,7 +143,17 @@ server {
 	include /etc/nginx/vhost.d/default;
 	{{ end }}
 
+	location /.well-known/ {
+		root /usr/share/nginx/html;
+		try_files $uri @proxy_pass;
+	}
+
+	# Redirect hack. See: http://stackoverflow.com/a/20694873/350221
 	location / {
+		error_page 418 = @proxy_pass; return 418;
+	}
+
+	location @proxy_pass {
 		proxy_pass {{ trim $proto }}://{{ trim $host }};
 		{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
 		auth_basic	"Restricted {{ $host }}";
@@ -169,7 +179,17 @@ server {
 	include /etc/nginx/vhost.d/default;
 	{{ end }}
 
+	location /.well-known/ {
+		root /usr/share/nginx/html;
+		try_files $uri @proxy_pass;
+	}
+
+	# Redirect hack. See: http://stackoverflow.com/a/20694873/350221
 	location / {
+		error_page 418 = @proxy_pass; return 418;
+	}
+
+	location @proxy_pass {
 		proxy_pass {{ trim $proto }}://{{ trim $host }};
 		{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }}
 		auth_basic	"Restricted {{ $host }}";