rpi_docker_home_server/images/haproxy/startup.sh

#!/bin/bash

CFG_FILE=/etc/haproxy/haproxy.cfg
CFG_LE_FILE=/etc/haproxy/haproxy_letsencrypt.cfg
LETSENCRYPT_PORT=8888

mkdir -p /etc/letsencrypt/haproxy

# Let's Encrypt

# Following these instructions:
# https://serversforhackers.com/c/letsencrypt-with-haproxy

# Start temporary HAProxy
haproxy -f $CFG_LE_FILE -D -p /tmp/haproxy.pid

# Get Let's Encrypt certificates
HAPROXY_CERTS=""
for domain in ${DOMAINS}; do
    for server_name in ${NEXTCLOUD_SERVER_NAME} ${GOGS_SERVER_NAME}; do
        _URL=${server_name}.${domain};
        echo ${_URL}
        HAPROXY_CERTS="${HAPROXY_CERTS} crt /etc/letsencrypt/haproxy/${_URL}.pem";
        if [[ ! -s /etc/letsencrypt/haproxy/${_URL}.pem ]]; then
            # Query Let's Encrypt
            certbot certonly -d ${_URL} \
                    --email ${ADMIN_EMAIL} --non-interactive --agree-tos \
                    --standalone --http-01-port=${LETSENCRYPT_PORT}
            if [ $? -eq 0 ]; then
                cat /etc/letsencrypt/live/${_URL}/fullchain.pem \
                    /etc/letsencrypt/live/${_URL}/privkey.pem \
                    > /etc/letsencrypt/haproxy/${_URL}.pem
            fi
        fi
    done
done

#sed -i "s/\${NEXTCLOUD_URL}/${NEXTCLOUD_URL}/g" $CFG_FILE
#sed -i "s/\${GOGS_URL}/${GOGS_URL}/g" $CFG_FILE
sed -i "s/\${NEXTCLOUD_SERVER_NAME}/${NEXTCLOUD_SERVER_NAME}/g" $CFG_FILE
sed -i "s/\${GOGS_SERVER_NAME}/${GOGS_SERVER_NAME}/g" $CFG_FILE
echo sed -i "s/\${HAPROXY_CERTS}/${HAPROXY_CERTS}/g" ${CFG_FILE}
sed -i "s/\${HAPROXY_CERTS}/${HAPROXY_CERTS//\//\\/}/g" ${CFG_FILE}

cat ${CFG_FILE}

echo Killing haproxy `cat /tmp/haproxy.pid`
kill -SIGTERM `cat /tmp/haproxy.pid`
rm /tmp/haproxy.pid

# Create renew cron job
mv /usr/local/bin/letsencrypt.cron /etc/cron.monthly/letsencrypt
# remove default cron job
mv /etc/cron.d/certbot /tmp

service cron status || service cron start

# Start HAProxy
haproxy -f $CFG_FILE