renew: include top level domain name

3 years ago · 64efdf9211
parent 831964b707
commit 64efdf9211
2 changed files with 48 additions and 4 deletions
--- a/nginx/certbot-renew
+++ b/nginx/certbot-renew
@ -2,7 +2,7 @@
 source ../env.production
 source ./env.production
-domain_args="-d $KEYCLOAK_HOSTNAME,$HEDGEDOC_HOSTNAME,$MASTODON_HOSTNAME,$NEXTCLOUD_HOSTNAME"
+domain_args="-d $DOMAIN_NAME,$KEYCLOAK_HOSTNAME,$HEDGEDOC_HOSTNAME,$MASTODON_HOSTNAME,$NEXTCLOUD_HOSTNAME"
 rsa_key_size=2048
 set -x
@ -10,8 +10,11 @@ set -x
 docker-compose run --rm certbot \
  certonly --webroot -w /var/www/certbot \
    $staging_arg \
-    $email_arg \
+    --email "admin@$DOMAIN_NAME" \
    $domain_args \
    --rsa-key-size $rsa_key_size \
    --agree-tos \
-    --force-renewal
+    --force-renewal \
    $domain_args \
 || die "unable to renew!"
 docker-compose exec nginx nginx -s reload
--- a/nginx/data/nginx/templates/000-default.conf.template
+++ b/nginx/data/nginx/templates/000-default.conf.template
@ -0,0 +1,41 @@
 server {
 	listen 80;
 	server_name ${DOMAIN_NAME};
 	location / {
 		return 301 https://$host$request_uri;
 	}
 }
 server {
 	server_name ${DOMAIN_NAME};
 	client_max_body_size 128m;
 	sendfile on;
 	tcp_nopush on;
 	tcp_nodelay on;
 	keepalive_timeout 65;
 	types_hash_max_size 2048;
 	#include /etc/nginx/mime.types;
 	#default_type application/octet-stream;
 	gzip on;
 	gzip_disable "msie6";
 	proxy_read_timeout 1800s;
 	# required to avoid HTTP 411: see Issue #1486 (https://github.com/dotcloud/docker/issues/1486)
 	chunked_transfer_encoding on;
 	location / {
 	}
 	listen 443 ssl;
 	ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
 	include /etc/letsencrypt/options-ssl-nginx.conf;
 	include /etc/letsencrypt/challenge.conf;
 	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 }