I am working on this django docker project template with this certbot setup, Dockerfile
FROM certbot/certbot:v1.27.0
COPY certify-init.sh /opt/
RUN chmod +x /opt/certify-init.sh
ENTRYPOINT ["/opt/certify-init.sh"]
entrypoint
#!/bin/sh
set -e
echo "Getting certificate..."
certbot certonly \
--webroot \
--webroot-path "/vol/www/" \
-d "$DOMAIN" \
--email $EMAIL \
--rsa-key-size 4096 \
--agree-tos \
--noninteractive
if [ $? -ne 0 ]; then
echo "Certbot encountered an error. Exiting."
exit 1
fi
#for copying the certificate and configuration to the volume
if [ -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; then
echo "SSL cert exists, enabling HTTPS..."
envsubst '${DOMAIN}' < /etc/nginx/nginx.prod.conf > /etc/nginx/conf.d/default.conf
echo "Reloading Nginx configuration..."
nginx -s reload
else
echo "Certbot unable to get SSL cert,server HTTP only..."
fi
echo "Setting up auto-renewal..."
apk add --no-cache dcron
echo "0 12 * * * /usr/bin/certbot renew --quiet" | crontab -
crond -b
problem with this setup is,certbot exits after initial run of getting the certificate and when it’s renew time it require manual intervention.
Now There are two choices
-
set
restart: unless-stopped
in docker compose file so it keeps restarting the container and with cron job to renew the certificate when required. -
Set cron job in host machine to restart the container.
Are there any other/more option to tackle this situation.
with exec it throws
setpgid: operation not permitted
Due to permission issues with the Docker user group, will avoid using exec as it introduces a potential security risk, which isn’t a sensible trade-off just to keep a process running in the background.