-
Notifications
You must be signed in to change notification settings - Fork 19
/
entrypoint.sh
24 lines (18 loc) · 1.1 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#!/bin/sh
# Create a self signed default certificate, so Ngix can start before we have
# any real certificates.
#Ensure we have folders available
if [[ ! -f /usr/share/nginx/certificates/fullchain.pem ]];then
mkdir -p /usr/share/nginx/certificates
fi
if [[ ! -f /usr/share/nginx/certificates/cert.crt ]]; then
openssl genrsa -out /usr/share/nginx/certificates/privkey.pem 4096
openssl req -new -key /usr/share/nginx/certificates/privkey.pem -out /usr/share/nginx/certificates/cert.csr -nodes -subj \
"/C=PT/ST=World/L=World/O=${DOMAIN:-ilhicas.com}/OU=Ilhicas/CN=${DOMAIN:-ilhicas.com}/EMAIL=${EMAIL:[email protected]}"
openssl x509 -req -days 365 -in /usr/share/nginx/certificates/cert.csr -signkey /usr/share/nginx/certificates/privkey.pem -out /usr/share/nginx/certificates/fullchain.pem
fi
### Send certbot Emission/Renewal to background
$(while :; do /opt/certbot.sh; sleep "${RENEW_INTERVAL:-12h}"; done;) &
### Check for changes in the certificate (i.e renewals or first start)
$(while inotifywait -e close_write /usr/share/nginx/certificates; do nginx -s reload; done) &
nginx -g "daemon off;"