From 3ff63cb5082359c57266c5c2eaf3578e397701dc Mon Sep 17 00:00:00 2001 From: Bishwarupjee Date: Thu, 16 Jun 2022 06:43:44 +0800 Subject: [PATCH] web: use certbot-auto --- web/Dockerfile | 7 ++++++- web/rootfs/defaults/letsencrypt-renew | 2 +- web/rootfs/etc/cont-init.d/10-config | 4 +++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/web/Dockerfile b/web/Dockerfile index 5925db6..22b9ae3 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -1,12 +1,13 @@ ARG JITSI_REPO=jitsi FROM ${JITSI_REPO}/base +ADD https://dl.eff.org/certbot-auto /usr/local/bin/ + COPY rootfs/ / RUN \ apt-dpkg-wrap apt-get update && \ apt-dpkg-wrap apt-get install -y cron nginx-extras jitsi-meet-web && \ - apt-dpkg-wrap apt-get install -y -t stretch-backports certbot && \ apt-dpkg-wrap apt-get -d install -y jitsi-meet-web-config && \ dpkg -x /var/cache/apt/archives/jitsi-meet-web-config*.deb /tmp/pkg && \ mv /tmp/pkg/usr/share/jitsi-meet-web-config/config.js /defaults && \ @@ -15,6 +16,10 @@ RUN \ rm -f /etc/nginx/conf.d/default.conf && \ rm -rf /tmp/pkg /var/cache/apt +RUN \ + chmod a+x /usr/local/bin/certbot-auto && \ + certbot-auto --noninteractive --install-only + EXPOSE 80 443 VOLUME ["/config", "/etc/letsencrypt", "/usr/share/jitsi-meet/transcripts"] diff --git a/web/rootfs/defaults/letsencrypt-renew b/web/rootfs/defaults/letsencrypt-renew index 348cf4d..76a3a5d 100755 --- a/web/rootfs/defaults/letsencrypt-renew +++ b/web/rootfs/defaults/letsencrypt-renew @@ -4,7 +4,7 @@ s6-svc -d /var/run/s6/services/nginx # renew cert -certbot -n renew >> /config/le-renew.log +certbot-auto --no-self-upgrade -n renew >> /config/le-renew.log # start nginx s6-svc -u /var/run/s6/services/nginx diff --git a/web/rootfs/etc/cont-init.d/10-config b/web/rootfs/etc/cont-init.d/10-config index b0cd722..8e9c8a0 100644 --- a/web/rootfs/etc/cont-init.d/10-config +++ b/web/rootfs/etc/cont-init.d/10-config @@ -11,7 +11,9 @@ mkdir -p \ if [[ $DISABLE_HTTPS -ne 1 ]]; then if [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then if [[ ! -f /etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then - if ! certbot certonly \ + if ! certbot-auto \ + certonly \ + --no-self-upgrade \ --noninteractive \ --standalone \ --preferred-challenges http \