Replies: 3 comments 3 replies
-
|
Nobody answered for so long, seems like by that time you would put some basic scripts into each folder that would write some text to a file, and you would come back 90 days later to if they got fired. Since nobody commented that's what I'm going to do, It would support mailu greatly without additional cron job to update TLS for mailu based on NMP. Great question! if you alerady know the answer please let me know, thanks! |
Beta Was this translation helpful? Give feedback.
-
|
My initial test is as follows. It doesn't work at least it didn't on neither pre, post, deploy hook, based on docs the files must be exec, so I did created test.sh and marked it chmod +x
Even if it worked, we have to think container, so my test script was like What I need for mailu is to be able to restart mailu, and thus script has to run in context of host not container. The work around would be to attach host's docker sock like Portainer does So script ran in NPM container could communicate with Host's docker and potentially restart another container (wather mounting docker.sock into a container is a security risk is a diffrent story) At the end so far hooks not executed, that could be cause by NPMs certbot having provided |
Beta Was this translation helpful? Give feedback.
-
|
I want to use those certbot hooks. I have one that generates a pfx file from the pem files just created and another that copies the files to other machines. Those hooks work fine when I run the command |
Beta Was this translation helpful? Give feedback.
-
|
I've learned it's easier to have a cron job on the host machine to copy certificates generated by NPM to other destinations. NPM is a great tool to automate certificate creation. I never use certbot |
Beta Was this translation helpful? Give feedback.
-
|
I'm just not fond of mounting shares on the host. I have the NFS share mounted in docker as a volume. So, the copy script only runs in the container. I since they took time to disable some default behaviour from certbot. Another advantage of using the deploy hook is that the pfx certs creation is done precisely when the pem certs are created. If, during a renovation, the cert is not renewed, the script won't run, and there are no unnecessary files created. But thanks for the help. I'll try that way. Regenerating the pfx files weekly and doing the back also weekly. |
Beta Was this translation helpful? Give feedback.
-
Not doing so is like going against the basic principle of using docker. The data is state-full the container is state less, create, kill, delete, recerate
not sure what does it mean, but if your host can't access the NSF, then run another container with a cron job to copy from NFS X location to NFS Y location. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I have a use case where my goal is the following:
Have NPM running via docker
Have a proxy host configured with NPM's letsencrypt support generating the SSL cert.
Have a script on the local host's file system in /npm-dir/letsencrypt/renewal-hooks/post/ which uses the cert generated via npm/certbot.
My understanding is that a standard install of certbot will automatically execute anything contained in /renewal-hooks/post/ without having to specify any extra config.
Does a dockerized NPM installation also do this, if a post-renewal script is placed into this folder? Or does it need to live inside of the container somehow?
Beta Was this translation helpful? Give feedback.
All reactions