Update docker to obtain cert at runtime, not buildtime

since the latter doesn't work

res/docker-entrypoint.sh

@@ -1,11 +1,30 @@
-#!/bin/sh
+#!/bin/bash
 
-echo " >>> starting nginx <<< "
+echo " >>> Starting nginx <<< "
 
 mkdir /run/nginx # needed because of bug in package
 /usr/sbin/nginx -t
 /usr/sbin/nginx
 
-echo " >>> starting uwsgi <<< "
+echo " >>> Checking / Installing SSL certificate <<< "
+
+if [[ ${DOMAIN} ]]
+then
+	echo "Obtaining cert for '${DOMAIN}' ..."
+	echo "Registering with email '${LE_EMAIL}' ..."
+
+	certbot -n \
+		--nginx \
+		--keep-until-expiring \
+		--redirect \
+		--agree-tos \
+		--cert-name ${DOMAIN} \
+		-d ${DOMAIN} \
+		-m ${LE_EMAIL}
+
+	echo "Checked/Installed SSL certificate."
+fi
+
+echo " >>> Starting uwsgi <<< "
 
 /usr/sbin/uwsgi --ini /root/ftracker/res/ftracker.alpine.uwsgi.ini

res/ftracker.docker.nginx.conf

@@ -1,37 +0,0 @@
-server {
-
-	listen 443 ssl default_server;
-
-	root /var/www/html/ftracker;
-
-	index index.html index.htm;
-
-	location / {
-		# First attempt to serve request as file
-		# If no such file, pass to backend
-		try_files $uri $uri/ $uri.html @api;
-	}
-
-	location @api {
-		include uwsgi_params;
-		# Pass it to the uwsgi server
-		uwsgi_pass unix:///tmp/ftracker.sock;
-	}
-
-	# RIP
-	add_header X-Clacks-Overhead "GNU Terry Pratchett" always;
-
-	ssl_certificate CERT;
-	ssl_certificate_key KEY;
-
-}
-
-server {
-
-	listen 80 default_server;
-
-	# 308 instead of 301 to prohibit method change on redirect
-	# (some clients change POST to GET on 301, 308 does not allow that)
-	return 308 https://$host$request_uri;
-
-}