diff --git a/Dockerfile b/Dockerfile index 8d85b83bce..dd45b7873d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -73,7 +73,17 @@ RUN \ rm -f /etc/zulip/zulip-secrets.conf /etc/zulip/settings.py && \ apt-get -qq autoremove --purge -y && \ apt-get -qq clean && \ - rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* + rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \ + mv /etc/letsencrypt /etc/letsencrypt.zulip +# ^ Zulip Server installs LetsEncrypt with some default settings. We want to +# allow /etc/letsencrypt to be volume mountable from the host while retaining +# these settings unless overridden, so let's unclobber this path so that +# entrypoint.sh can symlink from the volume mount and repopulate any missing +# default files. +# +# This incantation must be part of the same layer that creates +# /etc/letsencrypt/renewal-hooks to avoid Directory Not Empty / Invalid +# Argument errors attempting to rename or unlink it. COPY entrypoint.sh /sbin/entrypoint.sh COPY certbot-deploy-hook /sbin/certbot-deploy-hook diff --git a/entrypoint.sh b/entrypoint.sh index 77ff692bd0..cb8b34f8e1 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -51,7 +51,15 @@ SETTINGS_PY="/etc/zulip/settings.py" # === initialConfiguration === prepareDirectories() { mkdir -p "$DATA_DIR" "$DATA_DIR/backups" "$DATA_DIR/certs" "$DATA_DIR/letsencrypt" "$DATA_DIR/uploads" - [ -e /etc/letsencrypt ] || ln -ns "$DATA_DIR/letsencrypt" /etc/letsencrypt + + # See commentary in the Dockerfile about this process. + if [ -e /etc/letsencrypt ]; then + echo "Found unexpected /etc/letsencrypt in the Docker image, are you using the latest build?" >&2 + exit 1 + fi + ln -ns "${DATA_DIR}/letsencrypt" /etc/letsencrypt + cp -an /etc/letsencrypt.zulip/* /etc/letsencrypt/ + echo "Preparing and linking the uploads folder ..." rm -rf /home/zulip/uploads ln -sfT "$DATA_DIR/uploads" /home/zulip/uploads