summaryrefslogtreecommitdiff
path: root/images/router/service
diff options
context:
space:
mode:
Diffstat (limited to 'images/router/service')
-rw-r--r--images/router/service/letsencrypt/run19
-rw-r--r--images/router/service/nginx/run16
2 files changed, 35 insertions, 0 deletions
diff --git a/images/router/service/letsencrypt/run b/images/router/service/letsencrypt/run
new file mode 100644
index 0000000..7fcc76d
--- /dev/null
+++ b/images/router/service/letsencrypt/run
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# wait for nginx to startup, for http challenge
+sv start nginx || exit 1
+sleep 10
+
+# half a day, 60 * 60 * 12
+INTERVAL=43200
+
+mkdir -p /data/wellknown/acme-challenge
+
+/app/dehydrated/dehydrated --register --accept-terms --config /app/letsencrypt/config
+
+while true; do
+ echo "Updating certificates"
+ /app/dehydrated/dehydrated --cron --config /app/letsencrypt/config
+ nginx -s reload # certificates might have changed
+ sleep $INTERVAL
+done
diff --git a/images/router/service/nginx/run b/images/router/service/nginx/run
new file mode 100644
index 0000000..bfc6e24
--- /dev/null
+++ b/images/router/service/nginx/run
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+ln -sf /dev/stdout /var/log/nginx/access.log
+ln -sf /dev/stderr /var/log/nginx/error.log
+
+# nginx doesn't start without certificates,
+# so generate untrusted ones for startup
+if [ ! -d "/data/certs/tx0.co" ]; then
+ echo "Generating dummy certificates"
+ mkdir -p /data/certs/tx0.co
+ openssl req -x509 -nodes -batch -newkey rsa:512 -days 0 \
+ -keyout /data/certs/tx0.co/privkey.pem \
+ -out /data/certs/tx0.co/fullchain.pem
+fi
+
+exec nginx -g 'daemon off;'