elpatron/dawaric-nginx-ssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Configure FQDN centrally via .env

Browse Source 
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
elpatron
2026-02-15 12:24:42 +01:00
parent 7272017ff8
commit 397d8e7d29
5 changed files with 22 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
nginx/entrypoint.sh
View File

@@ -1,16 +1,19 @@
#!/bin/sh
set -e
DOMAIN="location.butenostfreesen.de"
DOMAIN="${FQDN:-location.butenostfreesen.de}"
EMAIL="${CERTBOT_EMAIL:-}"
# FQDN in Config ersetzen
subst() { sed "s/__FQDN__/$DOMAIN/g" "$1"; }
# Entferne Standard-Config
rm -f /etc/nginx/conf.d/default.conf
# Bootstrap-Config verwenden, wenn Zertifikate noch nicht existieren
if [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; then
echo "Zertifikate nicht gefunden. Starte mit Bootstrap-Config..."
cp /etc/nginx/templates/nginx-bootstrap.conf /etc/nginx/conf.d/default.conf
subst /etc/nginx/templates/nginx-bootstrap.conf > /etc/nginx/conf.d/default.conf
nginx -g "daemon off;" &
NGINX_PID=$!
@@ -29,10 +32,10 @@ if [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; then
echo "Zertifikat erfolgreich erstellt. Starte nginx mit HTTPS..."
kill $NGINX_PID 2>/dev/null || true
sleep 2
cp /etc/nginx/templates/nginx.conf /etc/nginx/conf.d/default.conf
subst /etc/nginx/templates/nginx.conf > /etc/nginx/conf.d/default.conf
else
echo "Zertifikatsanforderung fehlgeschlagen. Laeufe mit HTTP (Port 80)."
echo "Stelle sicher, dass location.butenostfreesen.de auf diesen Server zeigt."
echo "Stelle sicher, dass ${DOMAIN} auf diesen Server zeigt."
exec wait $NGINX_PID
fi
else
@@ -41,7 +44,7 @@ if [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; then
exec wait $NGINX_PID
fi
else
cp /etc/nginx/templates/nginx.conf /etc/nginx/conf.d/default.conf
subst /etc/nginx/templates/nginx.conf > /etc/nginx/conf.d/default.conf
fi
# Zertifikatserneuerung alle 12 Stunden im Hintergrund

2
nginx/nginx-bootstrap.conf
View File

@@ -2,7 +2,7 @@
server {
listen 80;
listen [::]:80;
server_name location.butenostfreesen.de;
server_name __FQDN__;
location /.well-known/acme-challenge/ {
root /var/www/certbot;

8
nginx/nginx.conf
View File

@@ -1,7 +1,7 @@
server {
listen 80;
listen [::]:80;
server_name location.butenostfreesen.de;
server_name __FQDN__;
# ACME-Challenge für Let's Encrypt Zertifikatserneuerung
location /.well-known/acme-challenge/ {
@@ -17,11 +17,11 @@ server {
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
server_name location.butenostfreesen.de;
server_name __FQDN__;
# Let's Encrypt Zertifikate
ssl_certificate /etc/letsencrypt/live/location.butenostfreesen.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/location.butenostfreesen.de/privkey.pem;
ssl_certificate /etc/letsencrypt/live/__FQDN__/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/__FQDN__/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;