Bladeren bron

fix(docker): start crond and persist acme.sh state so cert renewal works

The image shipped busybox crond but the entrypoint never started it, and the acme.sh crontab entry vanished on every container recreation, so certificates issued via the panel's SSL menu silently expired after 90 days. The entrypoint now re-registers the acme.sh cron job and starts crond when acme.sh is installed, and docker-compose gains an acme volume so renewal state survives recreation.

Closes #5116
MHSanaei 9 uur geleden
bovenliggende
commit
a13a79b230
2 gewijzigde bestanden met toevoegingen van 12 en 0 verwijderingen
  1. 9 0
      DockerEntrypoint.sh
  2. 3 0
      docker-compose.yml

+ 9 - 0
DockerEntrypoint.sh

@@ -69,5 +69,14 @@ EOF
     fail2ban-client -x start
 fi
 
+# Certificate auto-renewal: acme.sh (installed by the panel's SSL menu) relies
+# on a root crontab entry, but the crontab is lost when the container is
+# recreated and crond was never started. Re-register the job and run crond so
+# renewals actually fire; mount /root/.acme.sh as a volume to keep acme state.
+if [ -f /root/.acme.sh/acme.sh ]; then
+    /root/.acme.sh/acme.sh --install-cronjob >/dev/null 2>&1
+    crond
+fi
+
 # Run x-ui
 exec /app/x-ui

+ 3 - 0
docker-compose.yml

@@ -18,6 +18,9 @@ services:
     volumes:
       - $PWD/db/:/etc/x-ui/
       - $PWD/cert/:/root/cert/
+      # Persists acme.sh state so certificate auto-renewal survives container
+      # recreation (the entrypoint re-registers the renewal cron job from it).
+      - $PWD/acme/:/root/.acme.sh/
     environment:
       XRAY_VMESS_AEAD_FORCED: "false"
       XUI_ENABLE_FAIL2BAN: "true"