letsencrypt volume
This commit is contained in:
parent
39c65cedef
commit
3bf3b037f2
@ -23,10 +23,12 @@ COPY etc/ /opt/etc
|
||||
COPY supervisor-mosquitto.conf /etc/supervisor/conf.d/
|
||||
COPY crontab /etc/
|
||||
COPY mosquitto.conf-sample /opt/etc/mosquitto/
|
||||
COPY cert-deploy.sh /opt/sbin/
|
||||
|
||||
VOLUME /opt/etc
|
||||
VOLUME /opt/data
|
||||
VOLUME /var/log/supervisor
|
||||
VOLUME /etc/letsencrypt
|
||||
|
||||
EXPOSE 80/TCP
|
||||
EXPOSE 443/TCP
|
||||
@ -36,5 +38,5 @@ EXPOSE 9001/tcp
|
||||
|
||||
WORKDIR /opt
|
||||
|
||||
CMD /usr/bin/openssl dhparam -out /opt/etc/mosquitto/dh.pem 1024 && /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
|
||||
CMD /usr/bin/openssl dhparam -out /opt/etc/mosquitto/dh.pem 2048 && /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
|
||||
|
||||
|
12
cert-deploy.sh
Executable file
12
cert-deploy.sh
Executable file
@ -0,0 +1,12 @@
|
||||
#!/bin/sh
|
||||
|
||||
MY_DOMAIN=example.com
|
||||
CERTIFICATE_DIR=/opt/etc/mosquitto/
|
||||
|
||||
if [ "${RENEWED_DOMAINS}" = "${MY_DOMAIN}" ]; then
|
||||
cp ${RENEWED_LINEAGE}/fullchain.pem ${CERTIFICATE_DIR}/server.crt
|
||||
cp ${RENEWED_LINEAGE}/privkey.pem ${CERTIFICATE_DIR}/server.key
|
||||
chown mosquitto: ${CERTIFICATE_DIR}/server.crt ${CERTIFICATE_DIR}/server.key
|
||||
chmod 0600 ${CERTIFICATE_DIR}/server.crt ${CERTIFICATE_DIR}/server.key
|
||||
supervisorctl restart mosquitto
|
||||
fi
|
@ -3,11 +3,13 @@
|
||||
IMAGE=registry.gitlab.com/wolutator/mosquitto-with-auth:latest
|
||||
VOLUME_CONFIG=mosquitto-config
|
||||
VOLUME_DATA=mosquitto-data
|
||||
VOLUME_LOG
|
||||
VOLUME_LOG=mosquitto-log
|
||||
VOLUME_LETSENCRYPT=mosquitto-letsencrypt
|
||||
|
||||
docker volume inspect $VOLUME_CONFIG > /dev/null || docker volume create $VOLUME_CONFIG
|
||||
docker volume inspect $VOLUME_DATA > /dev/null || docker volume create $VOLUME_DATA
|
||||
docker volume inspect $VOLUME_LOG > /dev/null || docker volume create $VOLUME_LOG
|
||||
docker volume inspect $VOLUME_LETSENCRYPT > /dev/null || docker volume create $VOLUME_LETSENCRYPT
|
||||
|
||||
docker pull $IMAGE
|
||||
|
||||
@ -22,6 +24,7 @@ docker run \
|
||||
-v $VOLUME_CONFIG:/opt/etc/mosquitto \
|
||||
-v $VOLUME_DATA:/opt/data \
|
||||
-v $VOLUME_LOG:/var/log/supervisor \
|
||||
-v $VOLUME_LETSENCRYPT:/etc/letsencrypt \
|
||||
--link mariadb \
|
||||
--name mosquitto \
|
||||
$IMAGE
|
||||
|
@ -12,8 +12,8 @@ listener 8883
|
||||
protocol mqtt
|
||||
#allow_anonymous true
|
||||
allow_anonymous false
|
||||
certfile /etc/letsencrypt/live/DOMAIN/fullchain.pem
|
||||
keyfile /etc/letsencrypt/live/DOMAIN/privkey.pem
|
||||
certfile /opt/etc/mosquitto/server.crt
|
||||
keyfile /opt/etc/mosquitto/server.key
|
||||
dhparamfile /opt/etc/mosquitto/dh.pem
|
||||
tls_version tlsv1.2
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user