feat: 3.0.1

vbaidak · vbaidak · commit 891c54c890d6 · 2025-05-30T15:02:34.000+02:00
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -0,0 +1,38 @@
+name: Publish Docker image
+
+on:
+  push:
+    branches: [ "master" ]
+    tags:
+      - '**'
+  workflow_dispatch:
+
+jobs:
+  push_to_registry:
+    name: Push Docker image to Docker Hub
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v4
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: scalified/certbot-cloudflare
+          tags: |
+            type=raw,value=latest
+            type=semver,pattern={{version}}
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,13 @@
+FROM scalified/cron:1.37.0
+
+LABEL maintainer="Scalified <scalified@gmail.com>"
+
+RUN apk add --update --no-cache certbot \
+    certbot-dns-cloudflare \
+    docker-cli
+
+RUN echo "CERTBOT VERSIONS: $(apk list | grep certbot)"
+
+COPY init.d/ /init.d/
+COPY usr/ /usr/
+
diff --git a/README.md b/README.md
@@ -1 +1,54 @@
-# docker-certbot-cloudflare
+# Certbot Cloudflare Docker Image
+
+[![Release](https://img.shields.io/github/v/release/Scalified/docker-certbot-cloudflare?style=flat-square)](https://github.com/Scalified/docker-certbot-cloudflare/releases/latest)
+[![Docker Pulls](https://img.shields.io/docker/pulls/scalified/certbot-cloudflare.svg)](https://hub.docker.com/r/scalified/certbot-cloudflare)
+[![License](https://img.shields.io/badge/License-MIT-yellow.svg)](https://github.com/Scalified/docker-certbot-cloudflare/blob/master/LICENSE)
+
+## Overview
+
+[**Alpine**](https://www.alpinelinux.org/) [**Docker**](https://www.docker.com/) image with [**Certbot**](https://certbot.eff.org/) preconfigured to autorenew SSL certificates 
+using [**Cloudflare**](https://www.cloudflare.com) DNS. Built on top of the [**Scalified CRON**](https://github.com/Scalified/docker-cron) image
+
+[**Certbot**](https://certbot.eff.org/) is used in `certonly` mode and runs with the `--keep-until-expiring` flag, which ensures that an existing certificate is reused until it is 
+within 30 days of expiration. A CRON job is configured to run Certbot at container startup and once daily at night, helping to ensure that SSL certificates are always up to date
+
+## Usage
+
+1. Generate a [Cloudflare User API Token](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/) with `Zone:DNS:Edit` permissions
+2. Save the generated token in a [Cloudflare credentials](https://certbot-dns-cloudflare.readthedocs.io/en/stable/#credentials) file
+3. Launch the `scalified/certbot-cloudflare` Docker image:
+
+```bash
+docker run \
+    --name certbot \
+    -e CF_EMAIL="admin@example.com" \
+    -e CF_CREDENTIALS_FILE="/etc/certbot/cloudflare.ini" \
+    -e CF_PROPAGATION_SECONDS="60" \
+    -e DOMAINS="*.example.com example.com" \
+    -e LETSENCRYPT_DIR="/etc/letsencrypt" \
+    -e DEPLOY_HOOK="docker exec nginx nginx -s reload" \
+    -e CERTBOT_CRON_SCHEDULE="27 1 * * *" \
+    -v ./cloudflare.ini:/etc/certbot/cloudflare.ini:ro \
+    -v ./letsencrypt:/etc/letsencrypt \
+    -v /var/run/docker.sock:/var/run/docker.sock \
+    --detach \
+    --restart always \
+    scalified/certbot-cloudflare
+```
+
+| Environment Variable    | Description                                                                                     | Default Value                 |
+|-------------------------|-------------------------------------------------------------------------------------------------|-------------------------------|
+| `CF_EMAIL`              | Email address associated with **Cloudflare** account                                            |                               |
+| `CF_CREDENTIALS_FILE`   | Path to the **Cloudflare** credentials file used for DNS authentication                         | `/etc/certbot/cloudflare.ini` |
+| `CF_PROPAGATION_SECODS` | Number of seconds to wait for DNS propagation before requesting validation from the ACME server | `60`                          |
+| `LETSENCRYPT_DIR`       | Directory where Certbot stores the generated Let's Encrypt SSL certificates                     | `/etc/letsencrypt`            |
+| `DOMAINS`               | Space-separated list of domains for which SSL certificates should be generated                  |                               |
+| `DEPLOY_HOOK`           | Shell command to run once per successfully issued certificate                                   |                               |
+| `CERTBOT_CRON_SCHEDULE` | **CRON** expression that defines when to run the Certbot renewal                                | `27 1 * * *`                  |
+
+## Scalified Links
+
+* [Scalified](http://www.scalified.com)
+* [Scalified Official Facebook Page](https://www.facebook.com/scalified)
+* <a href="mailto:info@scalified.com?subject=[Docker Certbot Cloudflare]: Proposals And Suggestions">Scalified Support</a>
+
diff --git a/init.d/certbot-crontab.sh b/init.d/certbot-crontab.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+CERTBOT_CRON_SCHEDULE="${CERTBOT_CRON_SCHEDULE:-27 1 * * *}"
+
+append_cron_schedule() {
+    local schedule="$1"
+    local line="$schedule certbot-renew"
+    grep -qF "$line" $CRONTAB || echo "$line" >> $CRONTAB
+}
+
+echo "INFO Certbot CRON schedule is: $CERTBOT_CRON_SCHEDULE"
+
+append_cron_schedule "@reboot"
+append_cron_schedule "$CERTBOT_CRON_SCHEDULE"
+
diff --git a/usr/local/bin/certbot-renew b/usr/local/bin/certbot-renew
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+set -e
+
+CF_CREDENTIALS_FILE="${CF_CREDENTIALS_FILE:-/etc/certbot/cloudflare.ini}"
+CF_PROPAGATION_SECONDS="${CF_PROPAGATION_SECONDS:-60}"
+LETSENCRYPT_DIR="${LETSENCRYPT_DIR:-/etc/letsencrypt}"
+
+shutdown() {
+    kill -TERM 1
+    exit 1
+}
+
+if [ ! -f "$CF_CREDENTIALS_FILE" ]; then
+    echo "ERROR $CF_CREDENTIALS_FILE file not found"
+    shutdown
+fi
+
+if [ -z "$CF_EMAIL" ]; then
+    echo "ERROR 'CF_EMAIL' environment variable undefined"
+    shutdown
+fi
+
+if [ -z "$DOMAINS" ]; then
+    echo "ERROR 'DOMAINS' environment variable undefined"
+    shutdown
+fi
+
+echo "INFO Starting SSL certificates check / renew..."
+certbot certonly \
+    --dns-cloudflare \
+    --dns-cloudflare-credentials "$CF_CREDENTIALS_FILE" \
+    --dns-cloudflare-propagation-seconds "$CF_PROPAGATION_SECONDS" \
+    --email "$CF_EMAIL" \
+    --agree-tos \
+    --no-eff-email \
+    --keep-until-expiring \
+    --deploy-hook "$DEPLOY_HOOK" \
+    $(for domain in $DOMAINS; do echo "--domain $domain"; done)
+echo "INFO SSL certificates check / renew done"
+
