diff --git a/Dockerfile b/Dockerfile index e4e3bbf..c0d983f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -61,6 +61,7 @@ RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/* RUN update-ca-certificates RUN apk add --no-cache certbot certbot-nginx RUN apk update && apk add --no-cache dcron libcap +RUN apk add --no-cache bash RUN chown nginx:nginx /usr/sbin/crond \ && setcap cap_setgid=ep /usr/sbin/crond diff --git a/README.md b/README.md index fc6f142..ae6bc93 100644 --- a/README.md +++ b/README.md @@ -47,14 +47,16 @@ If you need to run this image on a different port for `HTTPS`, Eg: change to `44 ### Setup Free LetsEncrypt SSL with Automatic Certificate Renewal ***Requirements*** - PUBLIC IPV4 and/or IPV6 address. -- A domain name that resolves to speed test server's IP address. +- A domain name/s that resolves to speed test server's IP address/es. - Email ID -The following command will generate a Let's Encrypt certificate for your domain name and configure a cron job to automatically renew the certificate. +The following command will generate a Let's Encrypt certificate for your domain name/s and configure a cron job to automatically renew the certificate. ```` docker run -e ENABLE_LETSENCRYPT=True -e DOMAIN_NAME=speedtest.yourdomain.com -e USER_EMAIL=you@yourdomain.pro --restart=unless-stopped --name openspeedtest -d -p 80:3000 -p 443:3001 openspeedtest/latest ```` +DOMAIN_NAME may be a single value, Eg: 'speedtest.yourdomain.com' or a comma separated list, Eg: 'speedtest.yourdomain.com,ipv4.speedtest.yourdomain.com,ipv6.speedtest.yourdomain.com' + #### Or use docker-compose.yml ```` version: '3.3' diff --git a/files/entrypoint.sh b/files/entrypoint.sh index 6c5abdb..31a1b37 100644 --- a/files/entrypoint.sh +++ b/files/entrypoint.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash ip a | egrep -q 'inet6 ' if [[ $? -ne 0 ]]; then @@ -116,24 +116,24 @@ fi fi - -if [ "$DOMAIN_NAME" ]; then -sed -i "/\bYOURDOMAIN\b/c\ server_name _ localhost ${DOMAIN_NAME};" "${CONFIG}" +DOMAIN_ARRAY=() +if [ "$DOMAIN_NAME" != false ]; then + IFS=',' read -a DOMAIN_ARRAY <<< "$DOMAIN_NAME" + echo "Configuring domain name/s - ${DOMAIN_ARRAY[*]}" + sed -i "/\bYOURDOMAIN\b/c\ server_name _ localhost ${DOMAIN_ARRAY[*]};" "${CONFIG}" fi nginx -g 'daemon off;' & sleep 5 if [ "$ENABLE_LETSENCRYPT" = True ] && [ "$DOMAIN_NAME" ] && [ "$USER_EMAIL" ]; then - -fullchain_path="/var/log/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem" - -certbot certonly -n --webroot --webroot-path /usr/share/nginx/html --no-redirect --agree-tos --email "$USER_EMAIL" -d "$DOMAIN_NAME" --config-dir /var/log/letsencrypt/ --work-dir /var/log/letsencrypt/work --logs-dir /var/log/letsencrypt/log + fullchain_path="/var/log/letsencrypt/live/${DOMAIN_ARRAY[0]}/fullchain.pem" + certbot certonly -n --webroot --webroot-path /usr/share/nginx/html --no-redirect --agree-tos --email "$USER_EMAIL" --expand ${DOMAIN_ARRAY[@]/#/ -d } --config-dir /var/log/letsencrypt/ --work-dir /var/log/letsencrypt/work --logs-dir /var/log/letsencrypt/log if [ $? -eq 0 ]; then if [ -f "$fullchain_path" ]; then - sed -i "/\bssl_certificate\b/c\ssl_certificate \/var\/log\/letsencrypt\/live\/${DOMAIN_NAME}\/fullchain.pem;" "${CONFIG}" - sed -i "/\bssl_certificate_key\b/c\ssl_certificate_key \/var\/log\/letsencrypt\/live\/${DOMAIN_NAME}\/privkey.pem;" "${CONFIG}" + sed -i "/\bssl_certificate\b/c\ssl_certificate \/var\/log\/letsencrypt\/live\/${DOMAIN_ARRAY[0]}\/fullchain.pem;" "${CONFIG}" + sed -i "/\bssl_certificate_key\b/c\ssl_certificate_key \/var\/log\/letsencrypt\/live\/${DOMAIN_ARRAY[0]}\/privkey.pem;" "${CONFIG}" nginx -s reload echo "Let's Encrypt certificate obtained successfully." random_minute=$(shuf -i 0-59 -n 1) diff --git a/files/renew.sh b/files/renew.sh index be4b095..3d6e1c0 100644 --- a/files/renew.sh +++ b/files/renew.sh @@ -1,11 +1,12 @@ -#!/bin/sh +#!/bin/bash - -fullchain_path="/var/log/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem" +DOMAIN_ARRAY=() +IFS=',' read -a DOMAIN_ARRAY <<< "$DOMAIN_NAME" +fullchain_path="/var/log/letsencrypt/live/${DOMAIN_ARRAY[0]}/fullchain.pem" if [ "$ENABLE_LETSENCRYPT" = True ] && [ "$DOMAIN_NAME" ] && [ "$USER_EMAIL" ]; then -certbot certonly -n --webroot --webroot-path /usr/share/nginx/html --no-redirect --agree-tos --email "$USER_EMAIL" -d "$DOMAIN_NAME" --config-dir /var/log/letsencrypt/ --work-dir /var/log/letsencrypt/work --logs-dir /var/log/letsencrypt/log +certbot certonly -n --webroot --webroot-path /usr/share/nginx/html --no-redirect --agree-tos --email "$USER_EMAIL" --expand ${DOMAIN_ARRAY[@]/#/ -d } --config-dir /var/log/letsencrypt/ --work-dir /var/log/letsencrypt/work --logs-dir /var/log/letsencrypt/log if [ $? -eq 0 ]; then echo "certbot certonly -n... Executed." if [ -f "$fullchain_path" ]; then