Skip to content

Commit

Permalink
docker: Restore ability to generate SSL certs with LetsEncrypt.
Browse files Browse the repository at this point in the history
Zulip Server 4.9+ regressed Docker setups by always creating a
/etc/letsencrypt directory in the top layer of the Docker container,
meaning it couldn't be symlinked over from the volume mount. Since that
volume mount has useful properties (providing and/or overriding
LetsEncrypt setting), restore it and copy the in-image configs into the
volume as defaults if and only if those files don't already exist in the
volume.

Fixes zulip#381.
  • Loading branch information
klardotsh committed Feb 28, 2023
1 parent d9bc5bb commit 36974e2
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 2 deletions.
12 changes: 11 additions & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,17 @@ RUN \
rm -f /etc/zulip/zulip-secrets.conf /etc/zulip/settings.py && \
apt-get -qq autoremove --purge -y && \
apt-get -qq clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
mv /etc/letsencrypt /etc/letsencrypt.zulip
# ^ Zulip Server installs LetsEncrypt with some default settings. We want to
# allow /etc/letsencrypt to be volume mountable from the host while retaining
# these settings unless overridden, so let's unclobber this path so that
# entrypoint.sh can symlink from the volume mount and repopulate any missing
# default files.
#
# This incantation must be part of the same layer that creates
# /etc/letsencrypt/renewal-hooks to avoid Directory Not Empty / Invalid
# Argument errors attempting to rename or unlink it.

COPY entrypoint.sh /sbin/entrypoint.sh
COPY certbot-deploy-hook /sbin/certbot-deploy-hook
Expand Down
10 changes: 9 additions & 1 deletion entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,15 @@ SETTINGS_PY="/etc/zulip/settings.py"
# === initialConfiguration ===
prepareDirectories() {
mkdir -p "$DATA_DIR" "$DATA_DIR/backups" "$DATA_DIR/certs" "$DATA_DIR/letsencrypt" "$DATA_DIR/uploads"
[ -e /etc/letsencrypt ] || ln -ns "$DATA_DIR/letsencrypt" /etc/letsencrypt

# See commentary in the Dockerfile about this process.
if [ -e /etc/letsencrypt ]; then
echo "Found unexpected /etc/letsencrypt in the Docker image, are you using the latest build?" >&2
exit 1
fi
ln -ns "${DATA_DIR}/letsencrypt" /etc/letsencrypt
cp -an /etc/letsencrypt.zulip/* /etc/letsencrypt/

echo "Preparing and linking the uploads folder ..."
rm -rf /home/zulip/uploads
ln -sfT "$DATA_DIR/uploads" /home/zulip/uploads
Expand Down

0 comments on commit 36974e2

Please sign in to comment.