From da756422d9734d1d704e0cbcd248c17c30cd4f90 Mon Sep 17 00:00:00 2001
From: Yuqian Yang <crupest@crupest.life>
Date: Fri, 21 Feb 2025 00:36:11 +0800
Subject: feat(nginx): move certbot to nginx.

---
 docker/nginx/Dockerfile         | 3 +++
 docker/nginx/certbot.bash       | 9 +++++++++
 docker/nginx/nginx-wrapper.bash | 7 +++++++
 3 files changed, 19 insertions(+)
 create mode 100644 docker/nginx/certbot.bash
 create mode 100644 docker/nginx/nginx-wrapper.bash

(limited to 'docker/nginx')

diff --git a/docker/nginx/Dockerfile b/docker/nginx/Dockerfile
index 86052b9..67d41d1 100644
--- a/docker/nginx/Dockerfile
+++ b/docker/nginx/Dockerfile
@@ -7,3 +7,6 @@ RUN pnpm install --frozen-lockfile && pnpm run build
 FROM nginx:mainline
 COPY --from=build-www /sites/www/dist /srv/www
 ADD sites/www/favicon.ico /srv/www/favicon.ico
+RUN apt update && apt-get install -y tini certbot && rm -rf /var/lib/apt/lists/*
+ADD --chmod=755 certbot.bash nginx-wrapper.bash /app/
+CMD ["/usr/bin/tini", "--", "/app/nginx-wrapper.bash"]
diff --git a/docker/nginx/certbot.bash b/docker/nginx/certbot.bash
new file mode 100644
index 0000000..0b8e3b7
--- /dev/null
+++ b/docker/nginx/certbot.bash
@@ -0,0 +1,9 @@
+#!/usr/bin/bash
+
+set -e
+
+while true; do
+    certbot renew --deploy-hook "nginx -s reload"
+    echo "Sleep one day before next certbot renew."
+    sleep 1d
+done
diff --git a/docker/nginx/nginx-wrapper.bash b/docker/nginx/nginx-wrapper.bash
new file mode 100644
index 0000000..bd566aa
--- /dev/null
+++ b/docker/nginx/nginx-wrapper.bash
@@ -0,0 +1,7 @@
+#!/usr/bin/bash
+
+set -e
+
+/app/certbot.bash &
+
+nginx "-g" "daemon off;"
-- 
cgit v1.2.3