v1.2.6 (#13)

bfren · web-flow · commit 4f0b51497de2 · 2021-02-04T14:47:15.000Z
Minor update
* Removing request SSL certificates on init
diff --git a/Dockerfile b/Dockerfile
@@ -10,10 +10,10 @@ LABEL maintainer="Ben Green <ben@bcgdesign.com>" \
 EXPOSE 443
 
 ENV \
-    # clean all config and certificates before doing anything else
-    CLEAN_INSTALL=0 \
     # used for renewal notification emails
     LETS_ENCRYPT_EMAIL= \
+    # clean all config and certificates before doing anything else
+    CLEAN_INSTALL=0 \
     # set to 1 to use live instead of staging server
     LETS_ENCRYPT_LIVE=0 \
     # set to the number of bits to use for generating DHPARAM
@@ -22,8 +22,6 @@ ENV \
     SSL_REDIRECT_INSECURE=0 \
     # canonical domain name redirection
     SSL_REDIRECT_TO_CANONICAL=0 \
-    # automatically request certificates on startup - only use if you don't need any additional configuration
-    SSL_REQUEST_ON_STARTUP=0 \
     # set to true to skip local HTTP token check
     GETSSL_SKIP_HTTP_TOKEN_CHECK="false"
 
diff --git a/Dockerfile-automated b/Dockerfile-automated
@@ -10,10 +10,10 @@ LABEL maintainer="Ben Green <ben@bcgdesign.com>" \
 EXPOSE 443
 
 ENV \
-    # clean all config and certificates before doing anything else
-    CLEAN_INSTALL=0 \
     # used for renewal notification emails
     LETS_ENCRYPT_EMAIL= \
+    # clean all config and certificates before doing anything else
+    CLEAN_INSTALL=0 \
     # set to 1 to use live instead of staging server
     LETS_ENCRYPT_LIVE=0 \
     # set to the number of bits to use for generating DHPARAM
@@ -22,8 +22,6 @@ ENV \
     SSL_REDIRECT_INSECURE=0 \
     # canonical domain name redirection
     SSL_REDIRECT_TO_CANONICAL=0 \
-    # automatically request certificates on startup - only use if you don't need any additional configuration
-    SSL_REQUEST_ON_STARTUP=0 \
     # set to true to skip local HTTP token check
     GETSSL_SKIP_HTTP_TOKEN_CHECK="false"
 
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 
 [Docker Repository](https://hub.docker.com/r/bcgdesign/nginx-proxy) - [bcg|design ecosystem](https://github.com/bencgreen/docker)
 
-Nginx Proxy which uses [getssl](https://github.com/srvrco/getssl) to automate requesting and renewing SSL certificates via Let's Encrypt.  Certificates are checked for renewal every week - the last check can be viewed in the `/ssl` volume.
+Nginx Proxy which uses [getssl](https://github.com/srvrco/getssl) to automate requesting and renewing SSL certificates via Let's Encrypt.  Certificates are checked for renewal every day - the last check can be viewed in the `/ssl` volume.
 
 ## Contents
 
@@ -40,7 +40,6 @@ For SSL certificate requests to work correctly, ports 80 and 443 need mapping fr
 | `SSL_DHPARAM_BITS`             | A valid integer       | The size of your DHPARAM variables - adjust down only if you have limited processing resources.                                              | 4096                  |
 | `SSL_REDIRECT_INSECURE`        | 0 or 1                | If 1, all insecured (HTTP) requests will be upgraded by Nginx to secure (HTTPS).                                                             | 0                     |
 | `SSL_REDIRECT_TO_CANONICAL`    | 0 or 1                | If 1, all requests will be redirected to the primary domain (defined in `conf.sh`).                                                          | 0                     |
-| `SSL_REQUEST_ON_STARTUP`       | 0 or 1                | If 1, SSL certificates will be automatically requested - otherwise you'll need to use `ssl-request`.                                         | 0                     |
 | `GETSSL_SKIP_HTTP_TOKEN_CHECK` | true or false         | Set to true to enable `getssl`'s [skip HTTP token check](https://github.com/srvrco/getssl/wiki/Config-variables#skip_http_token_checkfalse). | false                 |
 
 ## Helper Functions
@@ -73,5 +72,5 @@ The image contains a handful of useful Nginx configuration 'helper' files, which
 
 ## Copyright
 
-> Copyright (c) 2021 Ben Green <https://bcgdesign.com>  
+> Copyright (c) 2021 Ben Green <https://bcgdesign.com>
 > Unless otherwise stated
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.2.5
+1.2.6
diff --git a/overlay/etc/cont-init.d/20-paths b/overlay/etc/cont-init.d/20-paths
@@ -34,7 +34,7 @@ add_env "SSL" ${SSL}
 
 SSL_CERTS=${SSL}/certs
 add_env "SSL_CERTS" "${SSL_CERTS}"
-add_env "SSL_DHPARAM" ${SSL_CERTS}/dhparam.pem
+add_env "SSL_DHPARAM" "${SSL_CERTS}/dhparam.pem"
 add_env "SSL_GLOBAL_CFG" "${SSL_CERTS}/${GETSSL_CFG}"
 
 add_env "SITES" "/sites"
diff --git a/overlay/usr/local/bin/ssl-init b/overlay/usr/local/bin/ssl-init
@@ -9,10 +9,3 @@ set -euo pipefail
 
 s6-setuidgid www /etc/ssl/init
 nginx-reload
-
-
-#======================================================================================================================
-# Request certificates
-#======================================================================================================================
-
-[[ "${SSL_REQUEST_ON_STARTUP}" = "1" ]] && ssl-request
