From 7866c190075914b529e69d4f419a3bde3592575c Mon Sep 17 00:00:00 2001 From: Alex Date: Fri, 28 Jan 2022 18:32:33 +0200 Subject: [PATCH] feat(docker): automated certificate renewal with certbot (#3916) * feat(docker): automated certificate renewal with certbot Executes cron on the first day of every month at 23:00 to reduce the load on LE when everyone else is doing it at 00. Certificate that expires in less than 30 days will be renewed. closes #3907 --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 73f79bf86..2c743cab2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,7 +14,7 @@ FROM --platform=$TARGETOS/$TARGETARCH php:7.4-fpm-alpine WORKDIR /app COPY . ./ COPY --from=0 /app/public/assets ./public/assets -RUN apk add --no-cache --update ca-certificates dcron curl git supervisor tar unzip nginx libpng-dev libxml2-dev libzip-dev certbot \ +RUN apk add --no-cache --update ca-certificates dcron curl git supervisor tar unzip nginx libpng-dev libxml2-dev libzip-dev certbot certbot-nginx \ && docker-php-ext-configure zip \ && docker-php-ext-install bcmath gd pdo_mysql zip \ && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer \ @@ -27,6 +27,7 @@ RUN apk add --no-cache --update ca-certificates dcron curl git supervisor tar un RUN rm /usr/local/etc/php-fpm.conf \ && echo "* * * * * /usr/local/bin/php /app/artisan schedule:run >> /dev/null 2>&1" >> /var/spool/cron/crontabs/root \ + && echo "0 23 * * * certbot renew --nginx --quiet" >> /var/spool/cron/crontabs/root \ && sed -i s/ssl_session_cache/#ssl_session_cache/g /etc/nginx/nginx.conf \ && mkdir -p /var/run/php /var/run/nginx @@ -35,5 +36,5 @@ COPY .github/docker/www.conf /usr/local/etc/php-fpm.conf COPY .github/docker/supervisord.conf /etc/supervisord.conf EXPOSE 80 443 -ENTRYPOINT ["/bin/ash", ".github/docker/entrypoint.sh"] +ENTRYPOINT [ "/bin/ash", ".github/docker/entrypoint.sh" ] CMD [ "supervisord", "-n", "-c", "/etc/supervisord.conf" ]