letsencrypt volume
This commit is contained in:
parent
39c65cedef
commit
3bf3b037f2
@ -23,10 +23,12 @@ COPY etc/ /opt/etc
|
|||||||
COPY supervisor-mosquitto.conf /etc/supervisor/conf.d/
|
COPY supervisor-mosquitto.conf /etc/supervisor/conf.d/
|
||||||
COPY crontab /etc/
|
COPY crontab /etc/
|
||||||
COPY mosquitto.conf-sample /opt/etc/mosquitto/
|
COPY mosquitto.conf-sample /opt/etc/mosquitto/
|
||||||
|
COPY cert-deploy.sh /opt/sbin/
|
||||||
|
|
||||||
VOLUME /opt/etc
|
VOLUME /opt/etc
|
||||||
VOLUME /opt/data
|
VOLUME /opt/data
|
||||||
VOLUME /var/log/supervisor
|
VOLUME /var/log/supervisor
|
||||||
|
VOLUME /etc/letsencrypt
|
||||||
|
|
||||||
EXPOSE 80/TCP
|
EXPOSE 80/TCP
|
||||||
EXPOSE 443/TCP
|
EXPOSE 443/TCP
|
||||||
@ -36,5 +38,5 @@ EXPOSE 9001/tcp
|
|||||||
|
|
||||||
WORKDIR /opt
|
WORKDIR /opt
|
||||||
|
|
||||||
CMD /usr/bin/openssl dhparam -out /opt/etc/mosquitto/dh.pem 1024 && /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
|
CMD /usr/bin/openssl dhparam -out /opt/etc/mosquitto/dh.pem 2048 && /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
|
||||||
|
|
||||||
|
12
cert-deploy.sh
Executable file
12
cert-deploy.sh
Executable file
@ -0,0 +1,12 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
MY_DOMAIN=example.com
|
||||||
|
CERTIFICATE_DIR=/opt/etc/mosquitto/
|
||||||
|
|
||||||
|
if [ "${RENEWED_DOMAINS}" = "${MY_DOMAIN}" ]; then
|
||||||
|
cp ${RENEWED_LINEAGE}/fullchain.pem ${CERTIFICATE_DIR}/server.crt
|
||||||
|
cp ${RENEWED_LINEAGE}/privkey.pem ${CERTIFICATE_DIR}/server.key
|
||||||
|
chown mosquitto: ${CERTIFICATE_DIR}/server.crt ${CERTIFICATE_DIR}/server.key
|
||||||
|
chmod 0600 ${CERTIFICATE_DIR}/server.crt ${CERTIFICATE_DIR}/server.key
|
||||||
|
supervisorctl restart mosquitto
|
||||||
|
fi
|
@ -3,11 +3,13 @@
|
|||||||
IMAGE=registry.gitlab.com/wolutator/mosquitto-with-auth:latest
|
IMAGE=registry.gitlab.com/wolutator/mosquitto-with-auth:latest
|
||||||
VOLUME_CONFIG=mosquitto-config
|
VOLUME_CONFIG=mosquitto-config
|
||||||
VOLUME_DATA=mosquitto-data
|
VOLUME_DATA=mosquitto-data
|
||||||
VOLUME_LOG
|
VOLUME_LOG=mosquitto-log
|
||||||
|
VOLUME_LETSENCRYPT=mosquitto-letsencrypt
|
||||||
|
|
||||||
docker volume inspect $VOLUME_CONFIG > /dev/null || docker volume create $VOLUME_CONFIG
|
docker volume inspect $VOLUME_CONFIG > /dev/null || docker volume create $VOLUME_CONFIG
|
||||||
docker volume inspect $VOLUME_DATA > /dev/null || docker volume create $VOLUME_DATA
|
docker volume inspect $VOLUME_DATA > /dev/null || docker volume create $VOLUME_DATA
|
||||||
docker volume inspect $VOLUME_LOG > /dev/null || docker volume create $VOLUME_LOG
|
docker volume inspect $VOLUME_LOG > /dev/null || docker volume create $VOLUME_LOG
|
||||||
|
docker volume inspect $VOLUME_LETSENCRYPT > /dev/null || docker volume create $VOLUME_LETSENCRYPT
|
||||||
|
|
||||||
docker pull $IMAGE
|
docker pull $IMAGE
|
||||||
|
|
||||||
@ -22,6 +24,7 @@ docker run \
|
|||||||
-v $VOLUME_CONFIG:/opt/etc/mosquitto \
|
-v $VOLUME_CONFIG:/opt/etc/mosquitto \
|
||||||
-v $VOLUME_DATA:/opt/data \
|
-v $VOLUME_DATA:/opt/data \
|
||||||
-v $VOLUME_LOG:/var/log/supervisor \
|
-v $VOLUME_LOG:/var/log/supervisor \
|
||||||
|
-v $VOLUME_LETSENCRYPT:/etc/letsencrypt \
|
||||||
--link mariadb \
|
--link mariadb \
|
||||||
--name mosquitto \
|
--name mosquitto \
|
||||||
$IMAGE
|
$IMAGE
|
||||||
|
@ -12,8 +12,8 @@ listener 8883
|
|||||||
protocol mqtt
|
protocol mqtt
|
||||||
#allow_anonymous true
|
#allow_anonymous true
|
||||||
allow_anonymous false
|
allow_anonymous false
|
||||||
certfile /etc/letsencrypt/live/DOMAIN/fullchain.pem
|
certfile /opt/etc/mosquitto/server.crt
|
||||||
keyfile /etc/letsencrypt/live/DOMAIN/privkey.pem
|
keyfile /opt/etc/mosquitto/server.key
|
||||||
dhparamfile /opt/etc/mosquitto/dh.pem
|
dhparamfile /opt/etc/mosquitto/dh.pem
|
||||||
tls_version tlsv1.2
|
tls_version tlsv1.2
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user