Nicolas Duchon
67d4194fb6
feat: use pre generated RFC7919 DH groups
...
Co-authored-by: polarathene <5098581+polarathene@users.noreply.github.com>
2021-12-14 23:32:39 +01:00
Nicolas Duchon
e9abac8b12
chore: project name change
2021-04-05 00:27:52 +02:00
Nicolas Duchon
8052f04b07
Store and use image version based on git describe
2020-11-27 14:46:47 +01:00
Nicolas Duchon
cfc274642b
Reload nginx after creating the default cert
2020-11-27 14:46:46 +01:00
Nicolas Duchon
3e4b0a43dd
Linefeed typo
2020-11-27 14:46:45 +01:00
Nicolas Duchon
0c165134b9
Update docs and comments
2020-11-27 14:46:45 +01:00
Gilles Filippini
3b6d87e8c2
Use default config for empty DEFAULT_EMAIL only
2020-11-27 14:46:44 +01:00
Gilles Filippini
4504e3b4ca
Remove unused function from entrypoint
2020-11-27 14:46:44 +01:00
Nicolas Duchon
c821d809f6
Change ACME client to acme.sh
2020-11-27 14:44:01 +01:00
Maarten de Jong
04d2c32b91
Fix typo
...
People (like me) will think they should add a dot to the end of their label.
2020-09-25 20:42:33 +02:00
Nicolas Duchon
8a936cc4fe
Add standalone certificate feature
...
Standalone certificates are generated from a static user provided
configuration file rather than from the dynamicaly generated (from
running containers environment variables) letsencrypt_service_data file.
2020-05-10 19:35:59 +02:00
Nicolas Duchon
e49c2d5213
Shellcheck linting ( #641 )
2020-03-23 08:20:46 +01:00
Nicolas Duchon
57fae83e70
ACME v2 compatibility
...
Use simp_le master branch for now
2019-10-10 11:50:14 +02:00
Nicolas Duchon
48b4b450ce
Fix DH parameters overwrite issue ( #545 )
...
fix #543
2019-05-20 17:16:37 +02:00
Nicolas Duchon
70405ffde9
Simplify the self cid discovery mechanism
...
Also remove the hard requirement that the container get its
self cid during entrypoint as it is only used to produce a warning
and to get the nginx-proxy container id through --volumes-from,
which is only one of the three methods.
The fact that the LE container could get an nginx-proxy container id
is independently verified by the entrypoint script anyway and this
hard requirement on getting its self cid has been known to cause
troubles with containers running under orchestrators such as Amazon ECS
or Kubernetes.
2019-01-09 20:49:11 +01:00
Nicolas Duchon
5ac2ba963e
Make the DEBUG env var case insensitive ( #480 )
...
bug spotted by @desimaniac
2018-12-14 09:49:51 +01:00
Nicolas Duchon
5e10577638
Change ownership of public files too
2018-10-29 13:32:37 +01:00
Nicolas Duchon
c5d59e0c45
Ownership and permissions configuration
2018-10-29 00:43:45 +01:00
Nicolas Duchon
cd5729ce02
Check & enforce perms on sensitive files
...
fix #412
2018-09-16 09:20:58 +02:00
Nicolas Duchon
782763bec5
Always reload_nginx during init
...
This ensure that nginx always use latest certs, keys, etc even on
container restart.
2018-08-12 23:56:31 +02:00
Nicolas Duchon
7ac961b092
Create default cert and key if absent
2018-08-02 22:56:59 +02:00
Nicolas Duchon
8dc65787d5
Remove set -x for debug ( #403 )
2018-08-02 00:01:21 +02:00
Nicolas Duchon
11ce7d1c98
Compare DH param with sha256 instead of md5 ( #406 )
2018-06-15 08:45:20 +02:00
Nicolas Duchon
7c07356e42
Use background DH group creation ( #394 )
...
Credits to @kamermans for most of the idea
2018-06-08 15:09:50 +02:00
Nicolas Duchon
af48249ede
Check deprecated env var at container init only ( #392 )
2018-06-05 09:43:24 +02:00
Nicolas Duchon
5da685795b
Check for unsupported ACME v2 endpoints ( #389 )
2018-06-04 10:44:19 +02:00
Nicolas Duchon
aca144c6ef
Move the self ID retrieval to /app/functions.sh ( #382 )
...
Fix #375
This enable the /app/force_renew script to get the LE companion
container ID, which is required to check if the nginx container
is running (#321 ) when using the --volumes-from method.
2018-05-20 18:15:10 +02:00
Nicolas Duchon
16f0222532
Additional check for docker-gen
2018-03-16 18:34:26 +01:00
Nicolas Duchon
866dda12b9
Rework nginx-proxy and docker-gen cid acquisition
...
Make #321 work with three containers setups too.
2018-03-16 18:34:26 +01:00
Nicolas Duchon
3b212f2bf3
Minor edits for coding style consistency
2018-03-16 18:34:26 +01:00
Nicolas Duchon
400a7da28c
Update simp_le to 0.7.0
...
This version implicitly and automatically agree to the ACME CA ToS.
The code related to the ToS hash was consequently removed.
2018-02-19 12:43:36 +01:00
Nicolas Duchon
3af5ae8b16
Change ambiguous variable and function names
2018-02-19 12:43:34 +01:00
Pan Teparak
e8cc09db04
Add ability to override default DH_PARAM_SIZE
2018-02-10 10:03:14 +01:00
Jason Bailey
1e81aa6aca
Fix log typo when checking writable directories
2018-02-09 17:11:24 -06:00
myoung34
da5cc2becf
Modify to work with AWS ECS ( #300 )
...
+ add foundation for future support of other container management services
2018-01-14 21:45:17 +01:00
Nicolas Duchon
83174ed375
Shell linting
...
https://github.com/koalaman/shellcheck/wiki
start.sh:
Fix SC2173 on line 14.
letsencrypt_service:
Ignore SC2120 and SC1090.
Fix SC1087 on line 54, SC2068 on lines 54 and 124.
Fix SC2034 on lines 12, 13, 19 and 20.
+ use pushd / popd to change the CWD back to /etc/nginx/certs after simp_le execution.
functions.sh:
Ignore SC2155.
Add the missing shebang.
entrypoint.sh:
Ignore SC2155.
2017-11-22 18:27:39 +01:00
Helder Correia
27d433cb63
Complete support for dynamic container names ( #231 )
...
* Allow setting NGINX_DOCKER_GEN_CONTAINER from a label
* Find labeled cid in runtime instead of startup time
2017-07-13 12:44:02 +02:00
Yves Blusseau
86ee8793a4
Use CONTAINER_ID instead of HOSTNAME variable when using docker_api
2017-05-18 13:36:00 +02:00
Emmet O'Grady
a1af285d46
Use fully qualified label name
2017-04-13 12:09:13 +01:00
Emmet O'Grady
3c877181d8
Get nginx container id from labelled container
2017-03-04 14:15:15 -06:00
ryneeverett
fa2a85c60d
Warn if volumes don't appear to be setup correctly
...
Assuming they're following a conventional setup, this will warn users
that they likely didn't set their volumes up correctly. It's not an
error though because they may have done something like mount the entire
/etc/nginx directory.
2016-08-17 22:31:23 -04:00
ryneeverett
7c16aaa2a1
functions.lib -> functions.sh
...
This way any editor can figure out the file type automatically.
2016-06-25 18:31:15 -04:00
JrCs
a3803dd10d
Add a note about generation of Diffie-Hellman group file
2016-02-26 19:11:03 +01:00
Yves Blusseau
0d6d105270
Allow to use the official nginx image and docker-gen in separate containers
2016-02-17 16:27:45 +01:00
JrCs
ed47d83a92
Improve method to get own container id
...
Close #6
2016-01-08 12:40:42 +01:00
JrCs
6f731e4716
Call docker API directly
...
No need to have the docker binary
2016-01-06 19:37:04 +01:00
JrCs
acf517e1b4
Automatically create Diffie-Hellman group
2016-01-05 14:31:00 +01:00
JrCs
1c6d70b93f
Add new DEBUG environment variable
2016-01-03 12:42:29 +01:00
JrCs
ffca62742c
Properly retrieve nginx-proxy container ID
...
docker inspect command return a leading :ro or :rw string when use with
docker-compose. This fix remove the leading string to get only the
container ID. Thanks anoopr.
Fix #1 and close #2 .
2016-01-03 12:31:41 +01:00
JrCs
459b1ed3c9
Create location configurations automatically
2016-01-01 14:35:03 +01:00