feat: add certificate renewal script and update Docker setup

yarlson · Nov 2, 2024 · 2a6cf53 · 2a6cf53
1 parent cf8ad33
commit 2a6cf53
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 15 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -15,8 +15,10 @@ RUN case $(uname -m) in \
     echo "Detected architecture: $ARCH" && \
     curl -L https://github.com/yarlson/zero/releases/download/${ZERO_VERSION}/zero_${ZERO_VERSION}_linux_${ARCH}.tar.gz | tar xz -C /usr/local/bin
 
-# Copy the entrypoint script
+# Copy the scripts
 COPY 00-install-certificates.sh /docker-entrypoint.d
+COPY renew-certificates.sh /
 
-# Make the entrypoint script executable
-RUN chmod +x /docker-entrypoint.d/00-install-certificates.sh
+# Make the scripts executable
+RUN chmod +x /docker-entrypoint.d/00-install-certificates.sh \
+    && chmod +x /renew-certificates.sh
diff --git a/README.md b/README.md
@@ -66,18 +66,8 @@ services:
     environment:
       - DOMAIN=example.com
       - [email protected]
-    entrypoint: ["/bin/sh", "-c"]
-    command:
-      - |
-        while true; do
-          sleep 1d
-          if zero -d $$DOMAIN -e $$EMAIL -c /etc/nginx/ssl --renew; then
-            echo "Certificate renewed. Restarting Nginx..."
-            docker exec zero-nginx nginx -s reload
-          else
-            echo "No renewal needed or renewal failed."
-          fi
-        done
+      - PROXY_CONTAINER_NAME=nginx
+    entrypoint: /renew-certificates.sh
     networks:
       - web
 

diff --git a/renew-certificates.sh b/renew-certificates.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# Check required environment variables
+for var in DOMAIN EMAIL PROXY_CONTAINER_NAME; do
+    if [[ -z "${!var}" ]]; then
+        echo "${var} environment variable is not set" >&2
+        exit 1
+    fi
+done
+
+# Check if proxy container is running
+if ! docker ps | grep -q "$PROXY_CONTAINER_NAME"; then
+    echo "Proxy container is not running. Exiting..." >&2
+    exit 1
+fi
+
+while true; do
+    sleep 1d
+    if zero -d "$DOMAIN" -e "$EMAIL" -c /etc/nginx/ssl --renew; then
+        echo "Certificate renewed. Restarting Nginx..."
+        docker exec "$PROXY_CONTAINER_NAME" nginx -s reload
+    else
+        echo "No renewal needed or renewal failed."
+    fi
+done