From 2bc227fb42172233edfe4cbf228b27c4845b41b2 Mon Sep 17 00:00:00 2001
From: hazza <hendra@yel.or.id>
Date: Sat, 19 Jul 2025 12:53:13 +0700
Subject: [PATCH] Add certbot with cloudflare dns challenge

---
 .env                |  3 +++
 Dockerfile          | 34 +++++++++++++++++++++++++++++-----
 docker-compose.yaml |  5 ++++-
 3 files changed, 36 insertions(+), 6 deletions(-)
 create mode 100644 .env

diff --git a/.env b/.env
new file mode 100644
index 0000000..851d32f
--- /dev/null
+++ b/.env
@@ -0,0 +1,3 @@
+RS_PUBLISHED_DOMAIN=dam.internal.yel.or.id
+RS_SERVERADMIN=hendra@yel.or.id
+DNS_CLOUDFLARE_API_TOKEN=3WedMWHhoDPxge5yMPJgQPFhRXCTp6zpasTIlaIu
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index da5ecc3..9655f0e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -30,7 +30,9 @@ RUN apt-get update && apt-get install -y \
     libopencv-dev \
     python3-opencv \
     python3 \
-    python3-pip \
+    certbot \
+    python3-certbot-dns-cloudflare \
+    python3-certbot-apache \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*
 
@@ -39,17 +41,39 @@ RUN sed -i -e "s/upload_max_filesize\s*=\s*2M/upload_max_filesize = 100M/g" /etc
  && sed -i -e "s/max_execution_time\s*=\s*30/max_execution_time = 300/g" /etc/php/8.3/apache2/php.ini \
  && sed -i -e "s/memory_limit\s*=\s*128M/memory_limit = 1G/g" /etc/php/8.3/apache2/php.ini
 
-RUN printf '<Directory /var/www/>\n\
+RUN mkdir -p ~/.secrets/certbot \
+    touch ~/.secrets/certbot/cloudflare.ini \
+    chmod 600 ~/.secrets/certbot/cloudflare.ini
+	
+RUN printf 'dns_cloudflare_api_token=$DNS_CLOUDFLARE_API_TOKEN' >>  ~/.secrets/certbot/cloudflare.ini
+
+RUN touch /etc/apache2/sites-available/$RS_PUBLISHED_DOMAIN.conf
+
+RUN printf '<VirtualHost *:80>\n\
+\tServerName $RS_PUBLISHED_DOMAIN\n\
+\tServerAdmin $RS_SERVERADMIN\n\
+\tDocumentRoot /var/www/html\n\
+\n\
+\tErrorLog ${APACHE_LOG_DIR}/$RS_PUBLISHED_DOMAIN.error.log\n\
+\tCustomLog ${APACHE_LOG_DIR}/$RS_PUBLISHED_DOMAIN.access.log combined\n\
+</VirtualHost>\n'\
+\n\
+<Directory /var/www/>\n'\
 \tOptions FollowSymLinks\n\
-</Directory>\n'\
->> /etc/apache2/sites-enabled/000-default.conf
+</VirtualHost>\n'\
+>> /etc/apache2/sites-available/$RS_PUBLISHED_DOMAIN.conf
+
+RUN a2ensite $RS_PUBLISHED_DOMAIN.conf \
+    service apache2 reload
+
+RUN certbot run --apache --non-interactive --agree-tos -m $RS_SERVERADMIN --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d $RS_PUBLISHED_DOMAIN
 
 ADD cronjob /etc/cron.daily/resourcespace
 
 WORKDIR /var/www/html
 
 RUN rm -f index.html \
- && svn co -q https://svn.resourcespace.com/svn/rs/releases/10.5 . \
+ && svn co -q https://svn.resourcespace.com/svn/rs/releases/10.6 . \
  && mkdir -p filestore \
  && chmod 777 filestore \
  && chmod -R 777 include/
diff --git a/docker-compose.yaml b/docker-compose.yaml
index d27e2a6..cdea3ef 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -6,6 +6,7 @@ services:
     depends_on:
       - mariadb
     volumes:
+      - usrhome:~
       - include:/var/www/html/include
       - filestore:/var/www/html/filestore
       - ./testdir:/srv/storage/testdir
@@ -14,6 +15,7 @@ services:
       - backend
     ports:
       - "80:80"
+      - "443:443"
 
   mariadb:
     image: mariadb
@@ -31,6 +33,7 @@ networks:
   backend:
 
 volumes:
+  usrhome:
   mariadb:
   include:
-  filestore:
+  filestore:
\ No newline at end of file