Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a variable to specify certbot related IP binding #634

Closed
Aaron-Ritter opened this issue Jan 5, 2020 · 5 comments
Closed

Create a variable to specify certbot related IP binding #634

Aaron-Ritter opened this issue Jan 5, 2020 · 5 comments
Labels
devops stale

Comments

@Aaron-Ritter
Copy link

Aaron-Ritter commented Jan 5, 2020
edited
Loading

Hi,

Similar to issue #125 it would be good to allow the same for the letsencrypt certbot container, could you please add a bind IP question during the bitwarden.sh install part in the letsencrypt section.

server/scripts/run.sh

Lines 65 to 77 in 36e97cc

if [ "$LETS_ENCRYPT" == "y" ]
then
echo -e -n "${CYAN}(!)${NC} Enter your email address (Let's Encrypt will send you certificate expiration reminders): "
read EMAIL
echo ""
mkdir -p $OUTPUT_DIR/letsencrypt
docker pull certbot/certbot
docker run -it --rm --name certbot -p 80:80 -v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \
certonly --standalone --noninteractive --agree-tos --preferred-challenges http \
--email $EMAIL -d $DOMAIN --logs-dir /etc/letsencrypt/logs
fi
fi

And something similar with (or storing the information for later in the previous step):

server/scripts/run.sh

Lines 116 to 123 in 36e97cc

function updateLetsEncrypt() {
if [ -d "${OUTPUT_DIR}/letsencrypt/live" ]
then
docker pull certbot/certbot
docker run -i --rm --name certbot -p 443:443 -p 80:80 \
-v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \
renew --logs-dir /etc/letsencrypt/logs
fi

or maybe instead making it part of the docker-compose.yml?

Thanks
Aaron
@Aaron-Ritter
Copy link
Author

e.g.

        if [ "$LETS_ENCRYPT" == "y" ]
        then
            echo -e -n "${CYAN}(!)${NC} Enter your email address (Let's Encrypt will send you certificate expiration reminders): "
            read EMAIL
            echo ""
            echo -e -n "${CYAN}(!)${NC} Specify an IP for certbot to listen on, otherwhise leave blank: "
            read CERTBOTIPINPUT
            echo ""
            if [ -z "$CERTBOTIPINPUT" ]
            then
                CERTBOTIP=0.0.0.0
            else
                CERTBOTIP=$CERTBOTIPINPUT
            fi

            mkdir -p $OUTPUT_DIR/letsencrypt
            docker pull certbot/certbot
            docker run -it --rm --name certbot -p $CERTBOTIP:80:80 -v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \
                certonly --standalone --noninteractive  --agree-tos --preferred-challenges http \
                --email $EMAIL -d $DOMAIN --logs-dir /etc/letsencrypt/logs
        fi
    fi

@PeterSurda
Copy link

I second this. Please fix. If you have a system with multiple IP addresses, this prevents you from running any other webserver on the other IPs.

@dmascord
Copy link

Agree, this needs to be fixed for servers with multiple IPs.

@cscharf cscharf added the devops label Mar 30, 2021
@cscharf
Copy link
Contributor

cscharf commented Mar 30, 2021

Added to our DevOps board. Thanks!

@bitwarden-bot
Copy link

Hi @Aaron-Ritter,
We're cleaning up our repositories in preparation for a major reorganization. Issues from last year will be marked as stale and closed after two weeks. If you still need help, comment to let us know and we'll look into it.
Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
devops stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@dmascord @PeterSurda @cscharf @Aaron-Ritter @joseph-flinn @bitwarden-bot @patrick-bitwarden