Add SSL setup script for Dockerized Nginx with Let's Encrypt

docker/auto_ssl_script.sh

@@ -0,0 +1,73 @@
+#!/bin/bash
+
+# ------------------------------------------------------------------------------
+# Developer Details
+# ------------------------------------------------------------------------------
+# Name: Uday Kumar
+# Contact: uday.kumar@bridgeconn.com
+# Date: 21 Nov 2023
+# Description: This script sets up and manages Let's Encrypt SSL, including automatic certificate renewal.
+# ------------------------------------------------------------------------------
+
+
+# Load environment variables
+if [ -f prod.env ]; then
+    source prod.env
+else
+    echo "prod.env file not found"
+    exit 1
+fi
+
+# Configuration variables
+NGINX_CONTAINER_NAME="docker-web-server-with-cert-1"
+SSL_CERTS_DIR="/certbot/conf"
+WEBROOT_DIR="/certbot/www"
+
+# Generate SSL certificates
+generate_certificates() {
+    echo "Generating SSL certificates for $DOMAIN..."
+
+    docker run --rm -it \
+        -v "$(pwd)${SSL_CERTS_DIR}:/etc/letsencrypt" \
+        -p 80:80 \
+        certbot/certbot certonly --standalone \
+        --email "${CERTBOT_EMAIL}" --agree-tos --no-eff-email \
+        -d "${VACHAN_DOMAIN}" --non-interactive --verbose
+
+    if [ $? -ne 0 ]; then
+        echo "Error: Failed to generate SSL certificates."
+        exit 1
+    fi
+}
+
+# Renew SSL certificates
+renew_certificates() {
+    echo "Renewing SSL certificates for $DOMAIN..."
+
+    docker run --rm \
+        -v "$(pwd)${SSL_CERTS_DIR}:/etc/letsencrypt" \
+        certbot/certbot renew --non-interactive --verbose
+
+    if [ $? -ne 0 ]; then
+        echo "Error: Failed to renew SSL certificates."
+        exit 1
+    fi
+}
+
+# Restart Nginx container
+start_nginx_container() {
+    echo "Starting Nginx container: ${NGINX_CONTAINER_NAME}..."
+    docker restart "${NGINX_CONTAINER_NAME}" || { echo "Failed to start Nginx container"; exit 1; }
+}
+
+
+# Execute the functions
+if [ ! -e "${SSL_CERTS_DIR}/live/${DOMAIN}/fullchain.pem" ]; then
+    generate_certificates
+    start_nginx_container
+else
+    renew_certificates
+fi
+
+
+echo "Script completed successfully."

docker/docker-compose.yml

@@ -267,25 +267,29 @@ services:
   volumes:
    - ./nginx/prod/app.conf.template:/etc/nginx/templates/default.conf.template:ro
    - ./certbot/www:/var/www/certbot/:ro
-   - ./certbot/conf/:/etc/nginx/ssl/:ro
+   - ./certbot/conf:/etc/nginx/certs/:ro
    - logs-vol:/var/log/nginx/
   environment:
-    - VACHAN_DOMAIN=${VACHAN_DOMAIN}
+   - VACHAN_DOMAIN=${VACHAN_DOMAIN}
   profiles:
    - deployment
   networks:
    - VE-network
 
  certbot:
-  image: certbot/certbot:latest
+  image: certbot/certbot
   volumes:
-   - ./certbot/www/:/var/www/certbot/:rw
-   - ./certbot/conf/:/etc/letsencrypt/:rw
+    - ./certbot/conf:/etc/letsencrypt
+    - ./auto_ssl_script.sh:/auto_ssl_script.sh
   profiles:
    - deployment
+  entrypoint: /bin/sh -c '
+    while :; do
+      /auto_ssl_script.sh;
+      sleep 80d;
+    done;'
   networks:
-   - VE-network
-
+   - VE-network 
 
  ofelia-scheduler:
     image: mcuadros/ofelia:v0.3.7

docker/nginx/prod/app.conf.template

@@ -33,8 +33,8 @@ server {
     proxy_connect_timeout 300;
     proxy_send_timeout 300;
 
-    ssl_certificate /etc/nginx/ssl/live/${VACHAN_DOMAIN}/fullchain.pem;
-    ssl_certificate_key /etc/nginx/ssl/live/${VACHAN_DOMAIN}/privkey.pem;
+    ssl_certificate /etc/nginx/certs/live/${VACHAN_DOMAIN}/fullchain.pem;
+    ssl_certificate_key /etc/nginx/certs/live/${VACHAN_DOMAIN}/privkey.pem;
 
 
     location /graphql/ {