web: replace certbot with acme.sh

The former seems to be in a pretty bad state for usage with Debian based containers: - The Debian provided package is too old - certbot-auto no longer works on Debian - The recommended way of using snap is not Docker friendly Thus, we are migrating to acme.sh, which has the advantage of also making the web container slimmer.
2020-12-02 10:38:10 +01:00
parent 43f678d967
commit 06012127e9
6 changed files with 40 additions and 42 deletions
--- a/web/Dockerfile
+++ b/web/Dockerfile
@@ -1,13 +1,12 @@
 ARG JITSI_REPO=jitsi
 FROM ${JITSI_REPO}/base

-ADD https://dl.eff.org/certbot-auto /usr/local/bin/
-
+ADD https://raw.githubusercontent.com/acmesh-official/acme.sh/2.8.8/acme.sh /opt
 COPY rootfs/ /

 RUN \
 	apt-dpkg-wrap apt-get update && \
-	apt-dpkg-wrap apt-get install -y cron nginx-extras jitsi-meet-web python3-venv && \
+	apt-dpkg-wrap apt-get install -y cron nginx-extras jitsi-meet-web socat && \
 	apt-dpkg-wrap apt-get -d install -y jitsi-meet-web-config && \
    dpkg -x /var/cache/apt/archives/jitsi-meet-web-config*.deb /tmp/pkg && \
    mv /tmp/pkg/usr/share/jitsi-meet-web-config/config.js /defaults && \
@@ -16,10 +15,6 @@ RUN \
 	apt-cleanup && \
 	rm -rf /tmp/pkg /var/cache/apt

-RUN \
-	chmod a+x /usr/local/bin/certbot-auto && \
-	USE_PYTHON_3=1 certbot-auto --noninteractive --install-only --no-bootstrap
-
 EXPOSE 80 443

-VOLUME ["/config", "/etc/letsencrypt", "/usr/share/jitsi-meet/transcripts"]
+VOLUME ["/config", "/usr/share/jitsi-meet/transcripts"]