letsencrypt volume

This commit is contained in:
Wolfgang Hottgenroth 2022-09-14 13:25:11 +02:00
parent 39c65cedef
commit 3bf3b037f2
4 changed files with 21 additions and 4 deletions

View File

@ -23,10 +23,12 @@ COPY etc/ /opt/etc
COPY supervisor-mosquitto.conf /etc/supervisor/conf.d/
COPY crontab /etc/
COPY mosquitto.conf-sample /opt/etc/mosquitto/
COPY cert-deploy.sh /opt/sbin/
VOLUME /opt/etc
VOLUME /opt/data
VOLUME /var/log/supervisor
VOLUME /etc/letsencrypt
EXPOSE 80/TCP
EXPOSE 443/TCP
@ -36,5 +38,5 @@ EXPOSE 9001/tcp
WORKDIR /opt
CMD /usr/bin/openssl dhparam -out /opt/etc/mosquitto/dh.pem 1024 && /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
CMD /usr/bin/openssl dhparam -out /opt/etc/mosquitto/dh.pem 2048 && /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

12
cert-deploy.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/sh
MY_DOMAIN=example.com
CERTIFICATE_DIR=/opt/etc/mosquitto/
if [ "${RENEWED_DOMAINS}" = "${MY_DOMAIN}" ]; then
cp ${RENEWED_LINEAGE}/fullchain.pem ${CERTIFICATE_DIR}/server.crt
cp ${RENEWED_LINEAGE}/privkey.pem ${CERTIFICATE_DIR}/server.key
chown mosquitto: ${CERTIFICATE_DIR}/server.crt ${CERTIFICATE_DIR}/server.key
chmod 0600 ${CERTIFICATE_DIR}/server.crt ${CERTIFICATE_DIR}/server.key
supervisorctl restart mosquitto
fi

View File

@ -3,11 +3,13 @@
IMAGE=registry.gitlab.com/wolutator/mosquitto-with-auth:latest
VOLUME_CONFIG=mosquitto-config
VOLUME_DATA=mosquitto-data
VOLUME_LOG
VOLUME_LOG=mosquitto-log
VOLUME_LETSENCRYPT=mosquitto-letsencrypt
docker volume inspect $VOLUME_CONFIG > /dev/null || docker volume create $VOLUME_CONFIG
docker volume inspect $VOLUME_DATA > /dev/null || docker volume create $VOLUME_DATA
docker volume inspect $VOLUME_LOG > /dev/null || docker volume create $VOLUME_LOG
docker volume inspect $VOLUME_LETSENCRYPT > /dev/null || docker volume create $VOLUME_LETSENCRYPT
docker pull $IMAGE
@ -22,6 +24,7 @@ docker run \
-v $VOLUME_CONFIG:/opt/etc/mosquitto \
-v $VOLUME_DATA:/opt/data \
-v $VOLUME_LOG:/var/log/supervisor \
-v $VOLUME_LETSENCRYPT:/etc/letsencrypt \
--link mariadb \
--name mosquitto \
$IMAGE

View File

@ -12,8 +12,8 @@ listener 8883
protocol mqtt
#allow_anonymous true
allow_anonymous false
certfile /etc/letsencrypt/live/DOMAIN/fullchain.pem
keyfile /etc/letsencrypt/live/DOMAIN/privkey.pem
certfile /opt/etc/mosquitto/server.crt
keyfile /opt/etc/mosquitto/server.key
dhparamfile /opt/etc/mosquitto/dh.pem
tls_version tlsv1.2