3 files changed, 19 insertions, 0 deletions

diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
index 86052b9..67d41d1 100644
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@@ -7,3 +7,6 @@ RUN pnpm install --frozen-lockfile && pnpm run build
 FROM nginx:mainline
 COPY --from=build-www /sites/www/dist /srv/www
 ADD sites/www/favicon.ico /srv/www/favicon.ico
+RUN apt update && apt-get install -y tini certbot && rm -rf /var/lib/apt/lists/*
+ADD --chmod=755 certbot.bash nginx-wrapper.bash /app/
+CMD ["/usr/bin/tini", "--", "/app/nginx-wrapper.bash"]
diff --git a/docker/nginx/certbot.bash b/docker/nginx/certbot.bash
new file mode 100644
index 0000000..0b8e3b7
--- /dev/null
+++ b/docker/nginx/certbot.bash
@@ -0,0 +1,9 @@
+#!/usr/bin/bash
+
+set -e
+
+while true; do
+    certbot renew --deploy-hook "nginx -s reload"
+    echo "Sleep one day before next certbot renew."
+    sleep 1d
+done
diff --git a/docker/nginx/nginx-wrapper.bash b/docker/nginx/nginx-wrapper.bash
new file mode 100644
index 0000000..bd566aa
--- /dev/null
+++ b/docker/nginx/nginx-wrapper.bash
@@ -0,0 +1,7 @@
+#!/usr/bin/bash
+
+set -e
+
+/app/certbot.bash &
+
+nginx "-g" "daemon off;"