Align letsencrypt docker container to geonode-project (#9717) (#9769)

Co-authored-by: Alessio Fabiani <[email protected]>
GeoNode · Jul 27, 2022 · 4ccfb47 · 4ccfb47
1 parent 3a69026
commit 4ccfb47
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 10 deletions.
diff --git a/scripts/docker/letsencrypt/Dockerfile b/scripts/docker/letsencrypt/Dockerfile
@@ -1,4 +1,6 @@
-FROM certbot/certbot:v1.21.0
+FROM alpine:3.14
+
+RUN apk add --no-cache certbot 
 
 # Installing scripts
 ADD docker-entrypoint.sh /docker-entrypoint.sh
@@ -10,7 +12,6 @@ RUN /usr/bin/crontab /crontab && \
     rm /crontab
 
 # Setup the entrypoint
-WORKDIR /
 ENTRYPOINT ["./docker-entrypoint.sh"]
 
 # We run cron in foreground to update the certificates

diff --git a/scripts/docker/letsencrypt/README.md b/scripts/docker/letsencrypt/README.md
@@ -1,4 +1,4 @@
-# Letsencrypt service for SPCGeonode
+# Letsencrypt service for Geonode
 
 This service generates SSL certificates to be used by Nginx.
 

diff --git a/scripts/docker/letsencrypt/crontab b/scripts/docker/letsencrypt/crontab
@@ -1,8 +1,8 @@
-# ┌───────────── minute (0 - 59)
-# │     ┌───────────── hour (0 - 23)
-# │     │     ┌───────────── day of month (1 - 31)
-# │     │     │     ┌───────────── month (1 - 12)
-# │     │     │     │     ┌───────────── day of week (0 - 6) (Sunday to Saturday; 7 is also Sunday on some systems)
-# │     │     │     │     │
+# +------------- minute (0 - 59)
+# ¦     +------------- hour (0 - 23)
+# ¦     ¦     +------------- day of month (1 - 31)
+# ¦     ¦     ¦     +------------- month (1 - 12)
+# ¦     ¦     ¦     ¦     +------------- day of week (0 - 6) (Sunday to Saturday; 7 is also Sunday on some systems)
+# ¦     ¦     ¦     ¦     ¦
 
   0     0,12  *     *     *     date && echo "daily  " && /docker-entrypoint.sh
diff --git a/scripts/docker/letsencrypt/docker-entrypoint.sh b/scripts/docker/letsencrypt/docker-entrypoint.sh
@@ -17,10 +17,13 @@ set +e
 # We run the command
 if [ "$LETSENCRYPT_MODE" == "staging" ]; then
     printf "\nTrying to get STAGING certificate\n"
-    certbot --config-dir "/geonode-certificates/$LETSENCRYPT_MODE" certonly --webroot -w "/geonode-certificates" -d "$HTTPS_HOST" -m "$ADMIN_EMAIL" --agree-tos --non-interactive --staging
+    certbot --config-dir "/geonode-certificates/$LETSENCRYPT_MODE" certonly --webroot -w "/geonode-certificates" -d "$HTTPS_HOST" -m "$ADMIN_EMAIL" --agree-tos --non-interactive --test-cert
 elif [ "$LETSENCRYPT_MODE" == "production" ]; then
     printf "\nTrying to get PRODUCTION certificate\n"
     certbot --config-dir "/geonode-certificates/$LETSENCRYPT_MODE" certonly --webroot -w "/geonode-certificates" -d "$HTTPS_HOST" -m "$ADMIN_EMAIL" --agree-tos --non-interactive --server https://acme-v02.api.letsencrypt.org/directory
+elif [ "$LETSENCRYPT_MODE" == "disabled" ]; then
+    printf "\nNot trying to get certificate (because LETSENCRYPT_MODE variable is set to disabled) - and stop container\n"
+    exit 0
 else
     printf "\nNot trying to get certificate (simulating failure, because LETSENCRYPT_MODE variable was neither staging nor production\n"
     /bin/false