|
- #jinja2: lstrip_blocks: "True"
- #!/bin/bash
-
- # For renewal to work, matrix-nginx-proxy (or another webserver, if matrix-nginx-proxy is disabled)
- # need to forward requests for `/.well-known/acme-challenge` to the certbot container.
- #
- # This can happen inside the container network by proxying to `http://matrix-certbot:8080`
- # or outside (on the host) by proxying to `http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}`.
-
- docker run \
- --rm \
- --name=matrix-certbot \
- --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \
- --cap-drop=ALL \
- --network="{{ matrix_nginx_proxy_container_network }}" \
- -p 127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}:8080 \
- --mount type=bind,src={{ matrix_ssl_config_dir_path }},dst=/etc/letsencrypt \
- --mount type=bind,src={{ matrix_ssl_log_dir_path }},dst=/var/log/letsencrypt \
- {{ matrix_ssl_lets_encrypt_certbot_docker_image }} \
- renew \
- --non-interactive \
- --work-dir=/tmp \
- --http-01-port 8080 \
- {% if matrix_ssl_lets_encrypt_staging %}
- --staging \
- {% endif %}
- --key-type {{ matrix_ssl_lets_encrypt_key_type }} \
- --standalone \
- --preferred-challenges http \
- --agree-tos \
- --email={{ matrix_ssl_lets_encrypt_support_email }} \
- --no-random-sleep-on-renew
|
