Add nginx reverse proxy with Let's Encrypt SSL
- nginx as reverse proxy for dawarich frontend - Let's Encrypt certificate support with automatic renewal - HTTP to HTTPS redirect, gzip compression - Bootstrap config for initial certificate request Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
50
nginx/entrypoint.sh
Normal file
50
nginx/entrypoint.sh
Normal file
@@ -0,0 +1,50 @@
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
DOMAIN="location.butenostfreesen.de"
|
||||
EMAIL="${CERTBOT_EMAIL:-}"
|
||||
|
||||
# Entferne Standard-Config
|
||||
rm -f /etc/nginx/conf.d/default.conf
|
||||
|
||||
# Bootstrap-Config verwenden, wenn Zertifikate noch nicht existieren
|
||||
if [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; then
|
||||
echo "Zertifikate nicht gefunden. Starte mit Bootstrap-Config..."
|
||||
cp /etc/nginx/templates/nginx-bootstrap.conf /etc/nginx/conf.d/default.conf
|
||||
nginx -g "daemon off;" &
|
||||
NGINX_PID=$!
|
||||
|
||||
# Warte auf Backend
|
||||
echo "Warte auf Backend..."
|
||||
sleep 10
|
||||
|
||||
if [ -n "$EMAIL" ]; then
|
||||
echo "Fordere Let's Encrypt Zertifikat an..."
|
||||
if certbot certonly --webroot -w /var/www/certbot \
|
||||
--email "$EMAIL" \
|
||||
--agree-tos \
|
||||
--no-eff-email \
|
||||
--non-interactive \
|
||||
-d "$DOMAIN"; then
|
||||
echo "Zertifikat erfolgreich erstellt. Starte nginx mit HTTPS..."
|
||||
kill $NGINX_PID 2>/dev/null || true
|
||||
sleep 2
|
||||
cp /etc/nginx/templates/nginx.conf /etc/nginx/conf.d/default.conf
|
||||
else
|
||||
echo "Zertifikatsanforderung fehlgeschlagen. Laeufe mit HTTP (Port 80)."
|
||||
echo "Stelle sicher, dass location.butenostfreesen.de auf diesen Server zeigt."
|
||||
exec wait $NGINX_PID
|
||||
fi
|
||||
else
|
||||
echo "HINWEIS: CERTBOT_EMAIL nicht gesetzt. Starte ohne SSL."
|
||||
echo "Fuer Let's Encrypt: CERTBOT_EMAIL=deine@email.de setzen und Container neu starten."
|
||||
exec wait $NGINX_PID
|
||||
fi
|
||||
else
|
||||
cp /etc/nginx/templates/nginx.conf /etc/nginx/conf.d/default.conf
|
||||
fi
|
||||
|
||||
# Zertifikatserneuerung alle 12 Stunden im Hintergrund
|
||||
(while true; do sleep 12h; certbot renew --webroot -w /var/www/certbot --deploy-hook "nginx -s reload" 2>&1 | tee -a /var/log/certbot-renew.log; done) &
|
||||
|
||||
exec nginx -g "daemon off;"
|
||||
Reference in New Issue
Block a user