The previous version only installed acme.sh if it was not previously
installed. However, the check for a previous installation was based on
the existence of /config/acme.sh/acme.sh which is in the
external/persisted storage. The result was that acme.sh installation
would be skipped even for a new build of the web container if the
installation had been run on any previous build of the container. When
the web container is rebuilt, such as during an upgrade to a new stable
version, the new container would lack the cron job needed to
automatically updated the TLS certificates. Additionally, the version of
acme.sh installed in /config/acme.sh would never update even if the
pinned version in the Dockerfile was changed.
This patch sets the init script to always re-install acme.sh on
container start. The cron job installation from acme.sh is guarded by a
check for an existing job so there is no duplication. Re-installing also
has the effect of replacing the persisted /config/acme.sh/acme.sh with
the latest version set in the Dockerfile during upgrades.
Use 2 new environment variables to allow setting the number of nginx worker processes and connections. Add the variables to the docker-compose file and to the nginx-conf where default values are also set.
The former seems to be in a pretty bad state for usage with Debian based
containers:
- The Debian provided package is too old
- certbot-auto no longer works on Debian
- The recommended way of using snap is not Docker friendly
Thus, we are migrating to acme.sh, which has the advantage of also
making the web container slimmer.
certbot-auto will install both Python 2 and 3 packages thus resulting un
unnecessary image bloat. Also, there is no need to install compilers or
development libraries since Wheels are available for the required
packags.
Lukas1818
Prayag Singh
Hugo Renard
Saúl Ibarra Corretgé
Mathieu
Daniel Trierweiler
Kevin Conway
Ludovic Muller
Saúl Ibarra Corretgé
spprod35
Cosmo Myzrail Gorynych aka CoMiGo
shanehughes1990
karniemi
Mark
Jonathan Lennox
mammo0
Felix Geyer
D3473R
Jan-Otto Kröpke
Paul Tiedtke
Ludovic Muller
NullIsNot0
Aaron van Meerten
Jakub Onderka
Nickolay V. Shmyrev
Mathieu Brunot
Amin Vakil
Hanno Böck