-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdockerfile
More file actions
68 lines (57 loc) · 2.24 KB
/
Copy pathdockerfile
File metadata and controls
68 lines (57 loc) · 2.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
FROM alpine:latest
LABEL org.opencontainers.image.title="GroBro-Ker"
LABEL org.opencontainers.image.description="Secure Mosquitto MQTT broker with integrated Certbot auto-renewal and automatic user provisioning."
LABEL org.opencontainers.image.authors="Diggen85 (B. Stark)"
LABEL org.opencontainers.image.licenses="MIT"
RUN apk add --no-cache \
bash \
certbot \
mosquitto \
mosquitto-clients \
supervisor \
tini \
dcron \
ca-certificates \
openssl
# Create directorys and volumes
RUN mkdir -p \
/etc/letsencrypt \
/etc/letsencrypt/renewal-hooks/deploy \
/etc/mosquitto/certs \
/var/lib/mosquitto \
/var/lib/letsencrypt \
/var/log/letsencrypt \
/var/spool/cron/crontabs
# Add User
RUN (getent group mosquitto || addgroup -S mosquitto) \
&& (id mosquitto || adduser -S -D -H -h /var/lib/mosquitto/ -s /sbin/nologin -G mosquitto mosquitto) \
&& (getent group certbot || addgroup -S certbot) \
&& (id certbot || adduser -S -D -H -h /var/lib/letsencrypt -s /sbin/nologin -G certbot certbot) \
&& addgroup certbot mosquitto 2>/dev/null || true
# Set rights
RUN chown -R certbot:certbot \
/etc/letsencrypt \
/var/lib/letsencrypt \
/var/log/letsencrypt
RUN chown -R mosquitto:mosquitto /etc/mosquitto/
RUN chown certbot:mosquitto /etc/mosquitto/certs
RUN chmod 750 /etc/mosquitto/certs
VOLUME /etc/letsencrypt /var/lib/mosquitto
COPY mosquitto.conf /etc/mosquitto/mosquitto.conf
COPY supervisord.conf /etc/supervisord.conf
COPY crontab /var/spool/cron/crontabs/certbot
COPY certbot-renew.sh /usr/local/bin/certbot-renew.sh
COPY create-mosquitto-users.sh /usr/local/bin/create-mosquitto-users.sh
COPY copy-mosquitto-cert.sh /usr/local/bin/copy-mosquitto-cert.sh
COPY start-mosquitto.sh /usr/local/bin/start-mosquitto.sh
COPY init-permissions.sh /usr/local/bin/init-permissions.sh
RUN chmod +x /usr/local/bin/certbot-renew.sh \
/usr/local/bin/create-mosquitto-users.sh \
/usr/local/bin/copy-mosquitto-cert.sh \
/usr/local/bin/start-mosquitto.sh \
/usr/local/bin/init-permissions.sh
RUN chmod 600 /var/spool/cron/crontabs/certbot
RUN chown certbot:certbot /var/spool/cron/crontabs/certbot
EXPOSE 8080 7006
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["supervisord", "-c", "/etc/supervisord.conf"]