Spaces:
Running
Running
File size: 1,850 Bytes
344e369 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | #!/bin/bash
# ββββββββββββββββββββββββββββββββββββββββββββββββββββββ
# ΨͺΨ¨ΩΨ§Ω Ψ§ΩΨ·Ψ¨Ω β Let's Encrypt Initial Certificate Setup
# Run ONCE on the server after DNS points to this IP
#
# Usage:
# chmod +x nginx/init-letsencrypt.sh
# DOMAIN=yourdomain.com EMAIL=you@email.com bash nginx/init-letsencrypt.sh
# ββββββββββββββββββββββββββββββββββββββββββββββββββββββ
set -e
DOMAIN="${DOMAIN:-example.com}"
EMAIL="${EMAIL:-admin@example.com}"
COMPOSE="docker compose -f docker-compose.prod.yml"
echo "βββ Let's Encrypt Setup for $DOMAIN βββ"
# 1. Replace DOMAIN placeholder in nginx.conf
sed -i "s/DOMAIN/$DOMAIN/g" nginx/nginx.conf
echo "β nginx.conf updated with domain: $DOMAIN"
# 2. Start nginx in HTTP-only mode (needs 80 open for ACME challenge)
# Temporarily use a self-signed cert so nginx can start
mkdir -p nginx/certs
if [ ! -f nginx/certs/fullchain.pem ]; then
openssl req -x509 -nodes -newkey rsa:2048 \
-keyout nginx/certs/privkey.pem \
-out nginx/certs/fullchain.pem \
-days 1 -subj "/CN=$DOMAIN" 2>/dev/null
echo "β Temporary self-signed cert created"
fi
# Start nginx
$COMPOSE up -d nginx
sleep 3
# 3. Get real certificate
docker compose -f docker-compose.prod.yml run --rm certbot certonly \
--webroot \
--webroot-path=/var/www/certbot \
--email "$EMAIL" \
--agree-tos \
--no-eff-email \
-d "$DOMAIN" \
-d "www.$DOMAIN"
echo "β Certificate obtained!"
# 4. Reload nginx with real cert
$COMPOSE exec nginx nginx -s reload
echo "β Nginx reloaded with Let's Encrypt certificate"
echo ""
echo "βββ Done! Site available at https://$DOMAIN βββ"
|