commit fb8d66c3dd97536d65ff0b25bc87deb150d30dde Author: Blackwhitebear8 Date: Tue Dec 23 14:04:11 2025 +0100 Upload files to "/" diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..9fa0b4c --- /dev/null +++ b/.dockerignore @@ -0,0 +1,18 @@ +.git +.gitignore + +docker-compose.yml +Dockerfile +.dockerignore + +build.sh + +.env + +logs/ +config/ +www/ + +.DS_Store +.idea/ +.vscode/ \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9f18f56 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,37 @@ +FROM nginx:mainline-alpine + +ENV PUID=1000 \ + PGID=1000 \ + UMASK=022 \ + LOG_ROTATE_COUNT=7 \ + LOG_ROTATE_SIZE=10M \ + CERTBOT_EMAIL="" \ + CERTBOT_AGREE_TOS="true" + +RUN apk add --no-cache \ + certbot \ + certbot-nginx \ + dcron \ + logrotate \ + openssl && \ + \ + find /usr/lib/python* -name '__pycache__' -type d -exec rm -rf {} + && \ + find /usr/lib/python* -name '*.pyc' -delete && \ + find /usr/lib/python* -name '*.pyo' -delete && \ + rm -rf /usr/share/doc/* /usr/share/man/* && \ + \ + rm -f /var/log/nginx/access.log /var/log/nginx/error.log && \ + touch /var/log/nginx/access.log /var/log/nginx/error.log /var/log/nginx/error_log_stream && \ + \ + echo "0 3 * * * certbot renew --nginx --post-hook 'nginx -s reload' >> /var/log/letsencrypt/cron.log 2>&1" >> /etc/crontabs/root && \ + \ + cp -r /etc/nginx /etc/nginx.dist + +COPY entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh + +EXPOSE 80 443 443/udp +VOLUME ["/var/www", "/etc/nginx", "/etc/letsencrypt", "/var/log/nginx", "/var/log/letsencrypt"] + +ENTRYPOINT ["/entrypoint.sh"] +CMD ["nginx", "-g", "daemon off;"] \ No newline at end of file diff --git a/build.sh b/build.sh new file mode 100644 index 0000000..6333a8b --- /dev/null +++ b/build.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +set -e + +DOCKER_USER="blackwhitebear8" +REPO_NAME="nginx-quic-certbot" + +echo "Checking if you are logged in to Docker Hub..." +if ! docker system info | grep -q "Username"; then + echo "Not logged in. Starting 'docker login'..." + docker login +else + echo "Logged in as $(docker system info | grep "Username" | awk '{print $2}')" +fi + +echo "" +read -p "Enter the version/tag (e.g., 1.0.0 or latest): " VERSION + +if [ -z "$VERSION" ]; then + echo "Error: No version specified. Script aborted." + exit 1 +fi + +FULL_IMAGE_NAME="$DOCKER_USER/$REPO_NAME:$VERSION" + +if ! docker buildx inspect multiarch-builder > /dev/null 2>&1; then + echo "Creating new buildx builder 'multiarch-builder'..." + docker buildx create --use --name multiarch-builder +else + echo "Using existing builder 'multiarch-builder'..." + docker buildx use multiarch-builder +fi + +TAG_ARGS="-t $FULL_IMAGE_NAME" + +if [ "$VERSION" != "latest" ]; then + echo "Adding extra tag 'latest'..." + TAG_ARGS="$TAG_ARGS -t $DOCKER_USER/$REPO_NAME:latest" +fi + +echo "" +echo "Building and pushing for linux/amd64 and linux/arm64..." +echo "This may take a while..." + +docker buildx build \ + --platform linux/amd64,linux/arm64 \ + $TAG_ARGS \ + --push \ + . + +echo "" +echo "=======================================================" +echo "Done! Your multi-arch image is now on Docker Hub:" +echo "$FULL_IMAGE_NAME" +echo "Architectures: AMD64 & ARM64" +echo "=======================================================" \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..e843c37 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,21 @@ +services: + nginx-quic-certbot: + build: . + container_name: nginx-quic-certbot + restart: unless-stopped + environment: + - PUID=1000 + - PGID=1000 + - TZ=Europe/Amsterdam + - LOG_ROTATE_COUNT=7 + - LOG_ROTATE_SIZE=10M + ports: + - "80:80" + - "443:443/tcp" + - "443:443/udp" + volumes: + - ./www:/var/www + - ./config/nginx:/etc/nginx + - ./config/letsencrypt:/etc/letsencrypt + - ./logs/nginx:/var/log/nginx + - ./logs/letsencrypt:/var/log/letsencrypt \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..1197da4 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,82 @@ +#!/bin/sh +set -e + +: "${PUID:=1000}" +: "${PGID:=1000}" +: "${UMASK:=022}" +: "${LOG_ROTATE_COUNT:=7}" +: "${LOG_ROTATE_SIZE:=10M}" + +umask ${UMASK} + +CURRENT_UID=$(id -u nginx) +CURRENT_GID=$(id -g nginx) + +if [ "$PUID" != "$CURRENT_UID" ] || [ "$PGID" != "$CURRENT_GID" ]; then + echo "[Entrypoint] Switching Nginx PUID:PGID from $CURRENT_UID:$CURRENT_GID to $PUID:$PGID" + sed -i "s/^nginx:x:[0-9]*:/nginx:x:$PGID:/" /etc/group + sed -i "s/^nginx:x:[0-9]*:[0-9]*:/nginx:x:$PUID:$PGID:/" /etc/passwd +fi + +if [ ! -f /etc/nginx/nginx.conf ]; then + echo "[Entrypoint] Nginx config missing. Restoring defaults..." + cp -r /etc/nginx.dist/* /etc/nginx/ +fi + +echo "[Entrypoint] Configuring Logrotate ($LOG_ROTATE_COUNT files, $LOG_ROTATE_SIZE)..." +cat < /etc/logrotate.d/nginx-certbot +/var/log/nginx/*.log { + daily + missingok + rotate $LOG_ROTATE_COUNT + size $LOG_ROTATE_SIZE + compress + delaycompress + notifempty + create 0640 nginx nginx + sharedscripts + postrotate + if [ -f /var/run/nginx.pid ]; then + kill -USR1 \`cat /var/run/nginx.pid\` + fi + endscript +} + +/var/log/letsencrypt/*.log { + daily + missingok + rotate $LOG_ROTATE_COUNT + size $LOG_ROTATE_SIZE + compress + delaycompress + notifempty +} +EOF + +echo "[Entrypoint] Setting permissions for UID $PUID..." + +mkdir -p /var/www \ + /etc/letsencrypt \ + /var/log/nginx \ + /var/log/letsencrypt \ + /var/lib/nginx + +chown -R nginx:nginx \ + /var/www \ + /etc/nginx \ + /etc/letsencrypt \ + /var/log/nginx \ + /var/log/letsencrypt \ + /var/lib/nginx + +crond -b -l 8 + +echo "----------------------------------------------------------------" +echo " Nginx Optimized + Certbot Started" +echo " User: nginx (UID:${PUID} / GID:${PGID})" +echo "----------------------------------------------------------------" +echo " [Config Check]: nginx -t" +echo " [Reload Nginx]: nginx -s reload" +echo " [Certbot SSL]: certbot --nginx -d domain.com -m example@email.com --agree-tos -n" +echo "----------------------------------------------------------------" +exec "$@" \ No newline at end of file