Certs volume.

2026-02-04 13:14:27 +03:00
parent 6341d5e707
commit 94a293d34d
2 changed files with 10 additions and 3 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -25,6 +25,7 @@ services:
      - ./data/prosody:/var/lib/prosody
      - ./logs/prosody:/var/log/prosody
      - ./data/prosody/configuration:/etc/prosody/conf.d
+      - /etc/letsencrypt/live/xmpp.guschin.info:/etc/prosody/certs/letsencrypt:ro
    restart: unless-stopped
    mem_limit: 200M
    healthcheck:
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -38,12 +38,18 @@ fi
 # (directories are already created in Dockerfile with proper ownership)
 touch /var/log/prosody/prosody.log /var/log/prosody/prosody.err 2>/dev/null || true

-# Generate self-signed certificate if needed
+# Use Let's Encrypt certificate if available, otherwise generate self-signed
 CERT_PATH="/etc/prosody/certs/xmpp.guschin.info.crt"
 KEY_PATH="/etc/prosody/certs/xmpp.guschin.info.key"
+LETSENCRYPT_CERT="/etc/prosody/certs/letsencrypt/fullchain.pem"
+LETSENCRYPT_KEY="/etc/prosody/certs/letsencrypt/privkey.pem"

-if [ ! -f "$CERT_PATH" ] || [ ! -f "$KEY_PATH" ]; then
-    echo "Generating self-signed certificate..."
+if [ -f "$LETSENCRYPT_CERT" ] && [ -f "$LETSENCRYPT_KEY" ]; then
+    echo "Using Let's Encrypt certificate..."
+    ln -sf "$LETSENCRYPT_CERT" "$CERT_PATH"
+    ln -sf "$LETSENCRYPT_KEY" "$KEY_PATH"
+elif [ ! -f "$CERT_PATH" ] || [ ! -f "$KEY_PATH" ]; then
+    echo "Let's Encrypt certificate not found, generating self-signed certificate..."
    openssl req -x509 -newkey rsa:4096 -keyout "$KEY_PATH" -out "$CERT_PATH" \
        -days 365 -nodes -subj "/CN=xmpp.guschin.info"
    chmod 600 "$KEY_PATH"