Created
August 11, 2018 10:06
-
-
Save hoto17296/3e3d2e16e2c07341a0430ba96d91ce8f to your computer and use it in GitHub Desktop.
Docker で SSL アクセラレータ
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version: '3' | |
services: | |
app: | |
image: hoto17296/minimum-httpd | |
proxy: | |
build: . | |
ports: | |
- 80:80 | |
- 443:443 | |
environment: | |
DOMAIN: example.com | |
EMAIL: mail@example.com | |
UPSTREAM_HOST: app | |
UPSTREAM_PORT: 80 | |
volumes: | |
- certs:/etc/letsencrypt | |
depends_on: | |
- app | |
volumes: | |
certs: | |
driver: local |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM python:3-alpine | |
EXPOSE 80 443 | |
RUN apk add --no-cache --virtual .certbot-deps \ | |
libffi libssl1.0 openssl ca-certificates binutils | |
RUN apk add --no-cache --virtual .build-deps \ | |
gcc linux-headers openssl-dev musl-dev libffi-dev \ | |
&& pip install --no-cache-dir certbot \ | |
&& apk del .build-deps | |
RUN apk add --no-cache nmap-ncat | |
COPY run.sh / | |
CMD ["sh", "/run.sh"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
KEY=/etc/letsencrypt/live/${DOMAIN}/privkey.pem | |
CERT=/etc/letsencrypt/live/${DOMAIN}/fullchain.pem | |
if [[ $(certbot certificates -d ${DOMAIN} 2>/dev/null | grep -c "Certificate Name: ${DOMAIN}") -eq 0 ]] | |
then | |
certbot certonly --standalone -d ${DOMAIN} -n --agree-tos --email ${EMAIL} | |
else | |
certbot renew | |
fi | |
ncat -lk -p 80 -c "echo -e 'HTTP/1.1 301 Moved Permanently\nLocation: https://${DOMAIN}'" & | |
ncat -lk -p 443 --ssl-cert ${CERT} --ssl-key ${KEY} \ | |
-c "ncat ${UPSTREAM_HOST} ${UPSTREAM_PORT:-80}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment