Use certbot for let's encrypt certificate
diff --git a/nginx/Dockerfile.entrypoint b/nginx/Dockerfile.entrypoint
index 0c2ff96..515301c 100644
--- a/nginx/Dockerfile.entrypoint
+++ b/nginx/Dockerfile.entrypoint
@@ -4,8 +4,17 @@
{
domain=${SA_PUBLIC_DOMAIN_NAME:-miau.local}
+ live=/etc/nginx/certs/live
html=/var/www/html
+ if [ ! -f ${live}/${domain}/privkey.pem ]; then
+ mkdir -p ${live}/${domain}
+ cp /etc/ssl/private/sa-selfsigned.key ${live}/${domain}/privkey.pem
+ cp /etc/ssl/certs/sa-selfsigned.crt ${live}/${domain}/fullchain.pem
+ cp /etc/ssl/certs/sa-selfsigned.crt ${live}/${domain}/chain.pem
+ cp /etc/ssl/certs/sa-selfsigned.crt ${live}/${domain}/cert.pem
+ fi
+
rm -rf ${html}
cp -a /var/www/simpleid ${html}
@@ -22,6 +31,6 @@
chown -R nginx:nginx /var/www/html/
-chmod -R a-w /etc/nginx/conf.d/sa.conf /var/www/html/
+chmod -R a-w /etc/nginx/certs/ /etc/nginx/conf.d/sa.conf /var/www/html/
exec /docker-entrypoint.sh "$@"
diff --git a/nginx/sa.conf b/nginx/sa.conf
index 2bef474..6d2105f 100644
--- a/nginx/sa.conf
+++ b/nginx/sa.conf
@@ -2,7 +2,13 @@
listen 80;
listen [::]:80;
- return 301 https://$host$request_uri;
+ location /.well-known/acme-challenge/ {
+ root /var/www/certbot;
+ }
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
}
server {
@@ -26,8 +32,8 @@
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
- ssl_certificate /etc/ssl/certs/sa-selfsigned.crt;
- ssl_certificate_key /etc/ssl/private/sa-selfsigned.key;
+ ssl_certificate /etc/nginx/certs/live/miau.local/fullchain.pem;
+ ssl_certificate_key /etc/nginx/certs/live/miau.local/privkey.pem;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers on;
#ssl_dhparam /etc/nginx/dhparam.pem;