-
Notifications
You must be signed in to change notification settings - Fork 60
/
Dockerfile.certbot
76 lines (57 loc) · 1.98 KB
/
Dockerfile.certbot
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
ARG BASE_IMAGE=nginxproxymanager/nginx-full:latest
#############
# Certbot Builder
#############
FROM debian:bookworm-slim AS certbotbuilder
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN apt-get update
RUN apt-get install -y \
build-essential \
ca-certificates \
curl \
libaugeas0 \
libffi-dev \
libssl-dev \
openssl \
pkg-config \
python3 \
python3-dev \
python3-venv
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
# Yes, python compilation requires rust.
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
ENV PATH="/root/.cargo/bin:$PATH"
# It's all about pip now.
RUN python3 -m venv /opt/certbot/
ENV PATH="/opt/certbot/bin:$PATH"
RUN curl -L 'https://bootstrap.pypa.io/get-pip.py' | python3
RUN pip install --no-cache-dir --upgrade pyopenssl \
&& pip install --no-cache-dir cffi certbot cryptography \
&& pip install tldextract zope
#############
# Final Image
#############
FROM $BASE_IMAGE AS final
ARG BASE_IMAGE
ARG TARGETPLATFORM
LABEL maintainer="Jamie Curnow <[email protected]>"
RUN echo "Certbot: $BASE_IMAGE, ${TARGETPLATFORM:-linux/amd64}" >> /built-for-arch
COPY scripts/install-cert-prune /tmp/install-cert-prune
RUN /tmp/install-cert-prune "${TARGETPLATFORM:-linux/amd64}" && rm -f /tmp/install-cert-prune
# OpenResty uses LuaJIT which has a dependency on GCC
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
python3 \
python3-distutils \
python3-venv \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY ./files/.bashrc.certbot /root/.bashrc
# Copy certbot
COPY --from=certbotbuilder /opt/certbot /opt/certbot
ENV PATH="/opt/certbot/bin:$PATH"
RUN python3 -m venv /opt/certbot/ \
&& curl -L 'https://bootstrap.pypa.io/get-pip.py' | /opt/certbot/bin/python3 \
&& sed -i 's/include-system-site-packages = false/include-system-site-packages = true/g' -i /opt/certbot/pyvenv.cfg \
&& ln -s /opt/certbot/bin/certbot /usr/bin/certbot
LABEL org.label-schema.cmd="docker run --rm -ti nginxproxymanager/nginx-full:certbot"