9a251e4e46
Continuation of 1f0cc92b33.
As an explanation for the problem:
when saying `localhost` on the host, it sometimes gets resolved to `::1`
and sometimes to `127.0.0.1`. On the unfortunate occassions that
it gets resolved to `::1`, the container won't be able to serve the
request, because Docker containers don't have IPv6 enabled by default.
To avoid this problem, we simply prevent any lookups from happening
and explicitly use `127.0.0.1`.
31 lines
1.1 KiB
Django/Jinja
31 lines
1.1 KiB
Django/Jinja
#!/bin/bash
|
|
|
|
# For renewal to work, matrix-nginx-proxy (or another webserver, if matrix-nginx-proxy is disabled)
|
|
# need to forward requests for `/.well-known/acme-challenge` to the certbot container.
|
|
#
|
|
# This can happen inside the container network by proxying to `http://matrix-certbot:8080`
|
|
# or outside (on the host) by proxying to `http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}`.
|
|
|
|
docker run \
|
|
--rm \
|
|
--name=matrix-certbot \
|
|
--user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
|
|
--cap-drop=ALL \
|
|
--network="{{ matrix_docker_network }}" \
|
|
-p 127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}:8080 \
|
|
-v {{ matrix_ssl_config_dir_path }}:/etc/letsencrypt \
|
|
-v {{ matrix_ssl_log_dir_path }}:/var/log/letsencrypt \
|
|
{{ matrix_ssl_lets_encrypt_certbot_docker_image }} \
|
|
renew \
|
|
--non-interactive \
|
|
--work-dir=/tmp \
|
|
--http-01-port 8080 \
|
|
{% if matrix_ssl_lets_encrypt_staging %}
|
|
--staging \
|
|
{% endif %}
|
|
--quiet \
|
|
--standalone \
|
|
--preferred-challenges http \
|
|
--agree-tos \
|
|
--email={{ matrix_ssl_lets_encrypt_support_email }}
|