mirror of
https://github.com/jupyter/docker-stacks.git
synced 2025-10-08 18:44:06 +00:00
49 lines
1.5 KiB
Bash
Executable File
49 lines
1.5 KiB
Bash
Executable File
#!/bin/bash
|
|
# Copyright (c) Jupyter Development Team.
|
|
# Distributed under the terms of the Modified BSD License.
|
|
|
|
# Use https://letsencrypt.org to create a certificate for a single domain
|
|
# and store it in a Docker volume.
|
|
|
|
set -e
|
|
|
|
# Get domain and email from environment
|
|
[ -z "${FQDN}" ] && \
|
|
echo "ERROR: Must set FQDN environment variable" && \
|
|
exit 1
|
|
|
|
[ -z "${EMAIL}" ] && \
|
|
echo "ERROR: Must set EMAIL environment variable" && \
|
|
exit 1
|
|
|
|
# letsencrypt certificate server type (default is production).
|
|
# Set `CERT_SERVER=--staging` for staging.
|
|
: "${CERT_SERVER=''}"
|
|
|
|
# Create Docker volume to contain the cert
|
|
: "${SECRETS_VOLUME:=my-notebook-secrets}"
|
|
docker volume create --name "${SECRETS_VOLUME}" 1>/dev/null
|
|
# Generate the cert and save it to the Docker volume
|
|
docker run -it --rm \
|
|
-p 80:80 \
|
|
-v "${SECRETS_VOLUME}":/etc/letsencrypt \
|
|
quay.io/letsencrypt/letsencrypt:latest \
|
|
certonly \
|
|
--non-interactive \
|
|
--keep-until-expiring \
|
|
--standalone \
|
|
--standalone-supported-challenges http-01 \
|
|
--agree-tos \
|
|
--domain "${FQDN}" \
|
|
--email "${EMAIL}" \
|
|
"${CERT_SERVER}"
|
|
|
|
# Set permissions so nobody can read the cert and key.
|
|
# Also symlink the certs into the root of the /etc/letsencrypt
|
|
# directory so that the FQDN doesn't have to be known later.
|
|
docker run -it --rm \
|
|
-v "${SECRETS_VOLUME}":/etc/letsencrypt \
|
|
ubuntu:22.04 \
|
|
bash -c "ln -s /etc/letsencrypt/live/${FQDN}/* /etc/letsencrypt/ && \
|
|
find /etc/letsencrypt -type d -exec chmod 755 {} +"
|