diff --git a/docker/auto_ssl_script.sh b/docker/auto_ssl_script.sh new file mode 100644 index 00000000..6980c625 --- /dev/null +++ b/docker/auto_ssl_script.sh @@ -0,0 +1,73 @@ +#!/bin/bash + +# ------------------------------------------------------------------------------ +# Developer Details +# ------------------------------------------------------------------------------ +# Name: Uday Kumar +# Contact: uday.kumar@bridgeconn.com +# Date: 21 Nov 2023 +# Description: This script sets up and manages Let's Encrypt SSL, including automatic certificate renewal. +# ------------------------------------------------------------------------------ + + +# Load environment variables +if [ -f prod.env ]; then + source prod.env +else + echo "prod.env file not found" + exit 1 +fi + +# Configuration variables +NGINX_CONTAINER_NAME="docker-web-server-with-cert-1" +SSL_CERTS_DIR="/certbot/conf" +WEBROOT_DIR="/certbot/www" + +# Generate SSL certificates +generate_certificates() { + echo "Generating SSL certificates for $DOMAIN..." + + docker run --rm -it \ + -v "$(pwd)${SSL_CERTS_DIR}:/etc/letsencrypt" \ + -p 80:80 \ + certbot/certbot certonly --standalone \ + --email "${CERTBOT_EMAIL}" --agree-tos --no-eff-email \ + -d "${VACHAN_DOMAIN}" --non-interactive --verbose + + if [ $? -ne 0 ]; then + echo "Error: Failed to generate SSL certificates." + exit 1 + fi +} + +# Renew SSL certificates +renew_certificates() { + echo "Renewing SSL certificates for $DOMAIN..." + + docker run --rm \ + -v "$(pwd)${SSL_CERTS_DIR}:/etc/letsencrypt" \ + certbot/certbot renew --non-interactive --verbose + + if [ $? -ne 0 ]; then + echo "Error: Failed to renew SSL certificates." + exit 1 + fi +} + +# Restart Nginx container +start_nginx_container() { + echo "Starting Nginx container: ${NGINX_CONTAINER_NAME}..." + docker restart "${NGINX_CONTAINER_NAME}" || { echo "Failed to start Nginx container"; exit 1; } +} + + +# Execute the functions +if [ ! -e "${SSL_CERTS_DIR}/live/${DOMAIN}/fullchain.pem" ]; then + generate_certificates + start_nginx_container +else + renew_certificates +fi + + +echo "Script completed successfully." \ No newline at end of file diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml index 02b74e45..44dcba82 100644 --- a/docker/docker-compose.yml +++ b/docker/docker-compose.yml @@ -267,25 +267,29 @@ services: volumes: - ./nginx/prod/app.conf.template:/etc/nginx/templates/default.conf.template:ro - ./certbot/www:/var/www/certbot/:ro - - ./certbot/conf/:/etc/nginx/ssl/:ro + - ./certbot/conf:/etc/nginx/certs/:ro - logs-vol:/var/log/nginx/ environment: - - VACHAN_DOMAIN=${VACHAN_DOMAIN} + - VACHAN_DOMAIN=${VACHAN_DOMAIN} profiles: - deployment networks: - VE-network certbot: - image: certbot/certbot:latest + image: certbot/certbot volumes: - - ./certbot/www/:/var/www/certbot/:rw - - ./certbot/conf/:/etc/letsencrypt/:rw + - ./certbot/conf:/etc/letsencrypt + - ./auto_ssl_script.sh:/auto_ssl_script.sh profiles: - deployment + entrypoint: /bin/sh -c ' + while :; do + /auto_ssl_script.sh; + sleep 80d; + done;' networks: - - VE-network - + - VE-network ofelia-scheduler: image: mcuadros/ofelia:v0.3.7 diff --git a/docker/nginx/prod/app.conf.template b/docker/nginx/prod/app.conf.template index d4f47161..fd367757 100644 --- a/docker/nginx/prod/app.conf.template +++ b/docker/nginx/prod/app.conf.template @@ -33,8 +33,8 @@ server { proxy_connect_timeout 300; proxy_send_timeout 300; - ssl_certificate /etc/nginx/ssl/live/${VACHAN_DOMAIN}/fullchain.pem; - ssl_certificate_key /etc/nginx/ssl/live/${VACHAN_DOMAIN}/privkey.pem; + ssl_certificate /etc/nginx/certs/live/${VACHAN_DOMAIN}/fullchain.pem; + ssl_certificate_key /etc/nginx/certs/live/${VACHAN_DOMAIN}/privkey.pem; location /graphql/ {