From 3bf3b037f200951503b828a9791e24b564242283 Mon Sep 17 00:00:00 2001 From: Wolfgang Hottgenroth Date: Wed, 14 Sep 2022 13:25:11 +0200 Subject: [PATCH] letsencrypt volume --- Dockerfile | 4 +++- cert-deploy.sh | 12 ++++++++++++ mosquitto-start.sh | 5 ++++- mosquitto.conf-sample | 4 ++-- 4 files changed, 21 insertions(+), 4 deletions(-) create mode 100755 cert-deploy.sh diff --git a/Dockerfile b/Dockerfile index 40eeab4..cf9258d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,10 +23,12 @@ COPY etc/ /opt/etc COPY supervisor-mosquitto.conf /etc/supervisor/conf.d/ COPY crontab /etc/ COPY mosquitto.conf-sample /opt/etc/mosquitto/ +COPY cert-deploy.sh /opt/sbin/ VOLUME /opt/etc VOLUME /opt/data VOLUME /var/log/supervisor +VOLUME /etc/letsencrypt EXPOSE 80/TCP EXPOSE 443/TCP @@ -36,5 +38,5 @@ EXPOSE 9001/tcp WORKDIR /opt -CMD /usr/bin/openssl dhparam -out /opt/etc/mosquitto/dh.pem 1024 && /usr/bin/supervisord -c /etc/supervisor/supervisord.conf +CMD /usr/bin/openssl dhparam -out /opt/etc/mosquitto/dh.pem 2048 && /usr/bin/supervisord -c /etc/supervisor/supervisord.conf diff --git a/cert-deploy.sh b/cert-deploy.sh new file mode 100755 index 0000000..8108323 --- /dev/null +++ b/cert-deploy.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +MY_DOMAIN=example.com +CERTIFICATE_DIR=/opt/etc/mosquitto/ + +if [ "${RENEWED_DOMAINS}" = "${MY_DOMAIN}" ]; then + cp ${RENEWED_LINEAGE}/fullchain.pem ${CERTIFICATE_DIR}/server.crt + cp ${RENEWED_LINEAGE}/privkey.pem ${CERTIFICATE_DIR}/server.key + chown mosquitto: ${CERTIFICATE_DIR}/server.crt ${CERTIFICATE_DIR}/server.key + chmod 0600 ${CERTIFICATE_DIR}/server.crt ${CERTIFICATE_DIR}/server.key + supervisorctl restart mosquitto +fi diff --git a/mosquitto-start.sh b/mosquitto-start.sh index 18e9871..59fdcd7 100755 --- a/mosquitto-start.sh +++ b/mosquitto-start.sh @@ -3,11 +3,13 @@ IMAGE=registry.gitlab.com/wolutator/mosquitto-with-auth:latest VOLUME_CONFIG=mosquitto-config VOLUME_DATA=mosquitto-data -VOLUME_LOG +VOLUME_LOG=mosquitto-log +VOLUME_LETSENCRYPT=mosquitto-letsencrypt docker volume inspect $VOLUME_CONFIG > /dev/null || docker volume create $VOLUME_CONFIG docker volume inspect $VOLUME_DATA > /dev/null || docker volume create $VOLUME_DATA docker volume inspect $VOLUME_LOG > /dev/null || docker volume create $VOLUME_LOG +docker volume inspect $VOLUME_LETSENCRYPT > /dev/null || docker volume create $VOLUME_LETSENCRYPT docker pull $IMAGE @@ -22,6 +24,7 @@ docker run \ -v $VOLUME_CONFIG:/opt/etc/mosquitto \ -v $VOLUME_DATA:/opt/data \ -v $VOLUME_LOG:/var/log/supervisor \ + -v $VOLUME_LETSENCRYPT:/etc/letsencrypt \ --link mariadb \ --name mosquitto \ $IMAGE diff --git a/mosquitto.conf-sample b/mosquitto.conf-sample index e00c041..c4a51cd 100644 --- a/mosquitto.conf-sample +++ b/mosquitto.conf-sample @@ -12,8 +12,8 @@ listener 8883 protocol mqtt #allow_anonymous true allow_anonymous false -certfile /etc/letsencrypt/live/DOMAIN/fullchain.pem -keyfile /etc/letsencrypt/live/DOMAIN/privkey.pem +certfile /opt/etc/mosquitto/server.crt +keyfile /opt/etc/mosquitto/server.key dhparamfile /opt/etc/mosquitto/dh.pem tls_version tlsv1.2