Fixes to support renewal with docker's new networking

Added new replacement variable for nginx-secure: ___NAMESERVER___. This is parsed out from the system resolv.conf and used to resolve the ip's of the containers dynamically Modified nginx-secure.conf to resolve certbot dynamically NOTE: if using `docker-compose run certbot ...`, set `--name certbot` so it can be resolved properly Added CMD /start.sh back in, guessing it was removed by accident
2024-11-22 09:36:52 +03:00 · 2016-07-25 13:14:18 -07:00 · 2016-07-25 13:14:18 -07:00 · b766b7c4bc
commit b766b7c4bc
parent 5827e7fdb2
3 changed files with 15 additions and 4 deletions
--- a/{{cookiecutter.project_slug}}/compose/nginx/Dockerfile
+++ b/{{cookiecutter.project_slug}}/compose/nginx/Dockerfile
@ -5,4 +5,5 @@ ADD nginx.conf /etc/nginx/nginx.conf
 ADD start.sh /start.sh
 ADD nginx-secure.conf /etc/nginx/nginx-secure.conf
 ADD dhparams.pem /etc/ssl/private/dhparams.pem
+CMD /start.sh
 {% endif %}
--- a/{{cookiecutter.project_slug}}/compose/nginx/nginx-secure.conf
+++ b/{{cookiecutter.project_slug}}/compose/nginx/nginx-secure.conf
@ -37,10 +37,12 @@ http {
 		server_name ___my.example.com___ www.___my.example.com___;

 		location /.well-known/acme-challenge {
-			proxy_pass http://certbot:80;
+			# Since the certbot container isn't up constantly, need to resolve ip dynamically using docker's dns
+			resolver ___NAMESERVER___;
+			set $certbot_addr_port certbot:80;
+			proxy_pass http://$certbot_addr_port;
 			proxy_set_header Host            $host;
 			proxy_set_header X-Forwarded-For $remote_addr;
-			proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Proto $scheme;
 		}

@ -66,7 +68,9 @@ http {
 		ssl_dhparam /etc/ssl/private/dhparams.pem;

 		location /.well-known/acme-challenge {
-			proxy_pass http://certbot:443;
+			resolver ___NAMESERVER___;
+			set $certbot_addr_port certbot:443;
+			proxy_pass http://$certbot_addr_port;
 			proxy_set_header Host            $host;
 			proxy_set_header X-Forwarded-For $remote_addr;
 			proxy_set_header X-Forwarded-Proto https;
--- a/{{cookiecutter.project_slug}}/compose/nginx/start.sh
+++ b/{{cookiecutter.project_slug}}/compose/nginx/start.sh
@ -49,8 +49,14 @@ echo replacing ___my.example.com___/$MY_DOMAIN_NAME
 # Put your domain name into the nginx reverse proxy config.
 sed -i "s/___my.example.com___/$MY_DOMAIN_NAME/g" /etc/nginx/nginx-secure.conf

+# Add the system's nameserver (the docker network dns) so we can resolve container names in nginx
+NAMESERVER=`cat /etc/resolv.conf | grep "nameserver" | awk '{print $2}' | tr '\n' ' '`
+echo replacing ___NAMESERVER___/$NAMESERVER
+sed -i "s/___NAMESERVER___/$NAMESERVER/g" /etc/nginx/nginx-secure.conf
+
+
 #go!
-kill $(ps aux | grep 'nginx' | awk '{print $2}')
+kill $(ps aux | grep 'nginx' | grep -v 'grep' | awk '{print $2}')
 cp /etc/nginx/nginx-secure.conf /etc/nginx/nginx.conf

 nginx -g 'daemon off;'