Externalizing all parameters through .env file

.gitignore

@@ -1 +1,3 @@
 /data/certbot
+/data/nginx/app.conf
+.env

README.md

@@ -15,8 +15,12 @@ application.
 2. Clone this repository: `git clone https://github.com/wmnnd/nginx-certbot.git .`
 
 3. Modify configuration:
-- Add domains and email addresses to init-letsencrypt.sh
-- Replace all occurrences of example.org with primary domain (the first one you added to init-letsencrypt.sh) in data/nginx/app.conf
+- Create a .env file and add domains and email addresses using the env variables defined below 
+- NGINX_DOMAIN_LIST - [REQUIRED] the list of domains for nginx (also used by letsencrypt); each domain name should be separated by a space; the first domain name will be taken as the primary domain unless NGINX_PRIMARY_DOMAIN env variable is also provided; defaults to "example.org www.example.org"
+- NGINX_PRIMARY_DOMAIN - [OPTIONAL] the primary domain name to use for certificate registration; defaults to "example.org"
+- NGINX_PROXY_PASS - [REQUIRED] the url to route all incoming requests on ports 80, 443; for example "http://localhost:8080" to forward all incoming to localhost:8080; defaults to "http://example.org"
+- LETSENCRYPT_EMAIL - [OPTIONAL] the email id to use for LetsEncrypt registration; defaults to ""
+- LETSENCRYPT_STAGING - [OPTIONAL] Set to 1 if you're testing your setup to avoid hitting request limits; defaults to 0
 
 4. Run the init script:
 

init-letsencrypt.sh

@@ -5,11 +5,26 @@ if ! [ -x "$(command -v docker-compose)" ]; then
   exit 1
 fi
 
-domains=(example.org www.example.org)
+if [ -f ./.env ]; then
+  source ./.env
+else
+  echo "No .env file found, using defaults."
+fi
+
+
+domains_env="${NGINX_DOMAIN_LIST:-"example.org www.example.org"}"
+IFS=' ' read -r -a domains <<< "$domains_env"
+primary_domain=${domains[0]:-$NGINX_PRIMARY_DOMAIN}
 rsa_key_size=4096
 data_path="./data/certbot"
-email="" # Adding a valid address is strongly recommended
-staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
+email=${LETSENCRYPT_EMAIL:-""} # Adding a valid address is strongly recommended
+staging=${LETSENCRYPT_STAGING:-0} # Set to 1 if you're testing your setup to avoid hitting request limits
+proxy_pass=${NGINX_PROXY_PASS:-"http://example.org"}
+escaped_proxy_pass=$(printf '%s\n' "$proxy_pass" | sed -e 's/[\/&]/\\&/g')
+
+echo "### Creating nginx app.conf from template ..."
+sed "s/\${NGINX_DOMAIN_LIST}/${domains_env}/g; s/\${NGINX_PRIMARY_DOMAIN}/${primary_domain}/g; s/\${NGINX_PROXY_PASS}/${escaped_proxy_pass}/g" ./templates/nginx/app.conf.template > ./data/nginx/app.conf
+echo
 
 if [ -d "$data_path" ]; then
   read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision

data/nginx/app.conf → templates/nginx/app.conf.template

@@ -1,6 +1,6 @@
 server {
     listen 80;
-    server_name example.org;
+    server_name ${NGINX_DOMAIN_LIST};
     server_tokens off;
 
     location /.well-known/acme-challenge/ {
@@ -14,16 +14,16 @@ server {
 
 server {
     listen 443 ssl;
-    server_name example.org;
+    server_name ${NGINX_DOMAIN_LIST};
     server_tokens off;
 
-    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/${NGINX_PRIMARY_DOMAIN}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/${NGINX_PRIMARY_DOMAIN}/privkey.pem;
     include /etc/letsencrypt/options-ssl-nginx.conf;
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     location / {
-        proxy_pass  http://example.org;
+        proxy_pass  ${NGINX_PROXY_PASS};
         proxy_set_header    Host                $http_host;
         proxy_set_header    X-Real-IP           $remote_addr;
         proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;