letsencrypt volume

This commit is contained in:
Wolfgang Hottgenroth 2022-09-14 13:25:11 +02:00
parent 39c65cedef
commit 3bf3b037f2
4 changed files with 21 additions and 4 deletions

View File

@ -23,10 +23,12 @@ COPY etc/ /opt/etc
COPY supervisor-mosquitto.conf /etc/supervisor/conf.d/ COPY supervisor-mosquitto.conf /etc/supervisor/conf.d/
COPY crontab /etc/ COPY crontab /etc/
COPY mosquitto.conf-sample /opt/etc/mosquitto/ COPY mosquitto.conf-sample /opt/etc/mosquitto/
COPY cert-deploy.sh /opt/sbin/
VOLUME /opt/etc VOLUME /opt/etc
VOLUME /opt/data VOLUME /opt/data
VOLUME /var/log/supervisor VOLUME /var/log/supervisor
VOLUME /etc/letsencrypt
EXPOSE 80/TCP EXPOSE 80/TCP
EXPOSE 443/TCP EXPOSE 443/TCP
@ -36,5 +38,5 @@ EXPOSE 9001/tcp
WORKDIR /opt WORKDIR /opt
CMD /usr/bin/openssl dhparam -out /opt/etc/mosquitto/dh.pem 1024 && /usr/bin/supervisord -c /etc/supervisor/supervisord.conf CMD /usr/bin/openssl dhparam -out /opt/etc/mosquitto/dh.pem 2048 && /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

12
cert-deploy.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/sh
MY_DOMAIN=example.com
CERTIFICATE_DIR=/opt/etc/mosquitto/
if [ "${RENEWED_DOMAINS}" = "${MY_DOMAIN}" ]; then
cp ${RENEWED_LINEAGE}/fullchain.pem ${CERTIFICATE_DIR}/server.crt
cp ${RENEWED_LINEAGE}/privkey.pem ${CERTIFICATE_DIR}/server.key
chown mosquitto: ${CERTIFICATE_DIR}/server.crt ${CERTIFICATE_DIR}/server.key
chmod 0600 ${CERTIFICATE_DIR}/server.crt ${CERTIFICATE_DIR}/server.key
supervisorctl restart mosquitto
fi

View File

@ -3,11 +3,13 @@
IMAGE=registry.gitlab.com/wolutator/mosquitto-with-auth:latest IMAGE=registry.gitlab.com/wolutator/mosquitto-with-auth:latest
VOLUME_CONFIG=mosquitto-config VOLUME_CONFIG=mosquitto-config
VOLUME_DATA=mosquitto-data VOLUME_DATA=mosquitto-data
VOLUME_LOG VOLUME_LOG=mosquitto-log
VOLUME_LETSENCRYPT=mosquitto-letsencrypt
docker volume inspect $VOLUME_CONFIG > /dev/null || docker volume create $VOLUME_CONFIG docker volume inspect $VOLUME_CONFIG > /dev/null || docker volume create $VOLUME_CONFIG
docker volume inspect $VOLUME_DATA > /dev/null || docker volume create $VOLUME_DATA docker volume inspect $VOLUME_DATA > /dev/null || docker volume create $VOLUME_DATA
docker volume inspect $VOLUME_LOG > /dev/null || docker volume create $VOLUME_LOG docker volume inspect $VOLUME_LOG > /dev/null || docker volume create $VOLUME_LOG
docker volume inspect $VOLUME_LETSENCRYPT > /dev/null || docker volume create $VOLUME_LETSENCRYPT
docker pull $IMAGE docker pull $IMAGE
@ -22,6 +24,7 @@ docker run \
-v $VOLUME_CONFIG:/opt/etc/mosquitto \ -v $VOLUME_CONFIG:/opt/etc/mosquitto \
-v $VOLUME_DATA:/opt/data \ -v $VOLUME_DATA:/opt/data \
-v $VOLUME_LOG:/var/log/supervisor \ -v $VOLUME_LOG:/var/log/supervisor \
-v $VOLUME_LETSENCRYPT:/etc/letsencrypt \
--link mariadb \ --link mariadb \
--name mosquitto \ --name mosquitto \
$IMAGE $IMAGE

View File

@ -12,8 +12,8 @@ listener 8883
protocol mqtt protocol mqtt
#allow_anonymous true #allow_anonymous true
allow_anonymous false allow_anonymous false
certfile /etc/letsencrypt/live/DOMAIN/fullchain.pem certfile /opt/etc/mosquitto/server.crt
keyfile /etc/letsencrypt/live/DOMAIN/privkey.pem keyfile /opt/etc/mosquitto/server.key
dhparamfile /opt/etc/mosquitto/dh.pem dhparamfile /opt/etc/mosquitto/dh.pem
tls_version tlsv1.2 tls_version tlsv1.2