chore: improve docs and log info

joseluisq · Apr 1, 2024 · edfca93 · edfca93
1 parent 6c03628
commit edfca93
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 <a href="https://hub.docker.com/r/joseluisq/docker-lets-encrypt/tags" title="Docker Image Size (tag)"><img src="https://img.shields.io/docker/image-size/joseluisq/docker-lets-encrypt/latest"></a> 
 <a href="https://hub.docker.com/r/joseluisq/docker-lets-encrypt/" title="Docker Image"><img src="https://img.shields.io/docker/pulls/joseluisq/docker-lets-encrypt.svg"></a> 
 
-> A multi-arch [Let's Encrypt](https://letsencrypt.org/) Docker image using [Lego CLI](https://go-acme.github.io/lego/) client with convenient environment variables support on top of the latest __Debian [12-slim](https://hub.docker.com/_/debian/tags?page=1&name=12-slim)__ ([Bookworm](https://www.debian.org/News/2023/20230610)).
+> A multi-arch [Let's Encrypt](https://letsencrypt.org/) Docker image using [Lego CLI](https://go-acme.github.io/lego/) client with convenient environment variables and auto-renewal support on top of the latest __Debian [12-slim](https://hub.docker.com/_/debian/tags?page=1&name=12-slim)__ ([Bookworm](https://www.debian.org/News/2023/20230610)).
 
 ## Usage
 
@@ -26,24 +26,30 @@ FROM joseluisq/docker-lets-encrypt
 # your stuff...
 ```
 
-## Example
+## Examples
 
 Below is an example of obtaining a **wildcard certificate** using the **Cloudflare** provider.
 
 In this case, make sure to create first a [Cloudflare API User Token](https://developers.cloudflare.com/fundamentals/api/get-started/create-token/) for your specific domain with the `DNS:Edit` permission.
 
+### Using Docker run
+
 ```sh
 docker run -it --rm \
+    # Lego CLI options
     -e ENV_LEGO_ENABLE=true \
     -e ENV_LEGO_ACCEPT_TOS=true \
     -e ENV_LEGO_EMAIL=email@domain.com \
     -e ENV_LEGO_DOMAINS="*.domain.com" \
-    # -e ENV_LEGO_PATH=/etc/ssl/.lego \
+    # Lego CLI DNS provider
     -e ENV_LEGO_DNS=cloudflare \
     -e CLOUDFLARE_EMAIL=email@domain.com \
     -e CLOUDFLARE_DNS_API_TOKEN= \
-    -w /root \
-    -v $PWD:/etc/ssl/.lego \
+    # TLS auto-renewal feature (optional)
+    -e ENV_CERT_AUTO_RENEW=true \
+    -e ENV_CERT_AUTO_RENEW_CRON_INTERVAL="0 0 * * *" \
+    # Directory mapping (bind mount) for certificate/key files
+    -v /etc/ssl/certs/domain.com:/etc/ssl/.lego \
     joseluisq/docker-lets-encrypt
 
 # 2024/01/01 00:00:30 [INFO] [*.domain.com] acme: Obtaining bundled SAN certificate
@@ -69,6 +75,40 @@ docker run -it --rm \
 - The container `.lego` directory will contain the certificates and keys, make sure to bind it to a specific host directory. See https://go-acme.github.io/lego/usage/cli/general-instructions/
 - See the **Cloudflare** provider options for more details https://go-acme.github.io/lego/dns/cloudflare/
 
+### Using Docker Compose
+
+Below is an equivalent example like above but using [Docker Compose](https://docs.docker.com/compose/intro/features-uses/).
+
+```yaml
+version: "3.3"
+
+services:
+  joseluisq-net:
+    image: joseluisq/docker-lets-encrypt:0.0.3
+    environment:
+      # Lego CLI options
+      - "ENV_LEGO_ENABLE=true"
+      - "ENV_LEGO_ACCEPT_TOS=true"
+      - "ENV_LEGO_EMAIL=${ENV_LEGO_EMAIL}"
+      - "ENV_LEGO_DOMAINS=*.domain.com"
+      # Lego CLI DNS provider
+      - "ENV_LEGO_DNS=cloudflare"
+      - "CLOUDFLARE_EMAIL=${CLOUDFLARE_EMAIL}"
+      - "CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN}"
+      # TLS auto-renewal feature (optional)
+      - "ENV_CERT_AUTO_RENEW=true"
+      - "ENV_CERT_AUTO_RENEW_CRON_INTERVAL=0 0 * * *"
+    volumes:
+      # Directory mapping (bind mount) for certificate/key files
+      - /etc/ssl/certs/domain.com:/etc/ssl/.lego
+    deploy:
+      replicas: 1
+      update_config:
+        parallelism: 1
+      restart_policy:
+        condition: on-failure
+```
+
 ## Environment variables
 
 The image provides environment variables support for several [Lego CLI](https://go-acme.github.io/lego/usage/cli/) arguments.

diff --git a/certificate_renew.sh b/certificate_renew.sh
@@ -2,7 +2,7 @@
 
 #
 # Custom script to renew a certificate before it expires.
-# This script can be run by a cron-tab to check for the certificate expiration programmatically.
+# This script will be run by a cron-tab to check for the certificate expiration programmatically.
 #
 
 echo "[info] Starting certificate check script..."

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -61,11 +61,12 @@ elif [[ -n "$ENV_LEGO_ENABLE" ]] && [[ "$ENV_LEGO_ENABLE" = "true" ]]; then
     ## Enable auto-renew on-demand
     if [[ -z "$ENV_LEGO_RENEW" ]] || [[ "$ENV_LEGO_RENEW" = "false" ]]; then
         if [[ -n "$ENV_CERT_AUTO_RENEW" ]] && [[ "$ENV_CERT_AUTO_RENEW" = "true" ]]; then
-            # Set the default crontab, redirect output to Docker stdout
+            # Set the default Crontab and redirect its output to Docker stdout
             declare -p | grep -Ev 'BASHOPTS|BASH_VERSINFO|EUID|PPID|SHELLOPTS|UID' > /container.env
             cmd="SHELL=/bin/bash BASH_ENV=/container.env /usr/local/bin/certificate_renew.sh > /proc/1/fd/1 2>&1"
             crontab -l | echo "$ENV_CERT_AUTO_RENEW_CRON_INTERVAL $cmd" | crontab -
-            echo "[info] The certificate auto-renew process is configured and waiting for the iteration..."
+            echo "[info] The certificate auto-renewal process is configured successfully!"
+            echo "[info] Waiting for the Crontab scheduler to run the task..."
             echo "[info]    Crontab interval: $ENV_CERT_AUTO_RENEW_CRON_INTERVAL"
             cron -f
             exit