Customization is still available via custom-interface_config.js. This
way we will slowly get rid of the deprecated interface_config.js as all
options move to config.js.
The previous version only installed acme.sh if it was not previously
installed. However, the check for a previous installation was based on
the existence of /config/acme.sh/acme.sh which is in the
external/persisted storage. The result was that acme.sh installation
would be skipped even for a new build of the web container if the
installation had been run on any previous build of the container. When
the web container is rebuilt, such as during an upgrade to a new stable
version, the new container would lack the cron job needed to
automatically updated the TLS certificates. Additionally, the version of
acme.sh installed in /config/acme.sh would never update even if the
pinned version in the Dockerfile was changed.
This patch sets the init script to always re-install acme.sh on
container start. The cron job installation from acme.sh is guarded by a
check for an existing job so there is no duplication. Re-installing also
has the effect of replacing the persisted /config/acme.sh/acme.sh with
the latest version set in the Dockerfile during upgrades.
The former seems to be in a pretty bad state for usage with Debian based
containers:
- The Debian provided package is too old
- certbot-auto no longer works on Debian
- The recommended way of using snap is not Docker friendly
Thus, we are migrating to acme.sh, which has the advantage of also
making the web container slimmer.
If TLS is terminated elsewhere and then connections are proxied over
HTTP, there is no need for it and it makes initialization a tad slower
on the first run.
