浏览代码

fix(docker): start crond and persist acme.sh state so cert renewal works

The image shipped busybox crond but the entrypoint never started it, and the acme.sh crontab entry vanished on every container recreation, so certificates issued via the panel's SSL menu silently expired after 90 days. The entrypoint now re-registers the acme.sh cron job and starts crond when acme.sh is installed, and docker-compose gains an acme volume so renewal state survives recreation.

Closes #5116
MHSanaei 9 小时之前
父节点
当前提交
a13a79b230
共有 2 个文件被更改,包括 12 次插入0 次删除
  1. 9 0
      DockerEntrypoint.sh
  2. 3 0
      docker-compose.yml

+ 9 - 0
DockerEntrypoint.sh

@@ -69,5 +69,14 @@ EOF
     fail2ban-client -x start
 fi
 
+# Certificate auto-renewal: acme.sh (installed by the panel's SSL menu) relies
+# on a root crontab entry, but the crontab is lost when the container is
+# recreated and crond was never started. Re-register the job and run crond so
+# renewals actually fire; mount /root/.acme.sh as a volume to keep acme state.
+if [ -f /root/.acme.sh/acme.sh ]; then
+    /root/.acme.sh/acme.sh --install-cronjob >/dev/null 2>&1
+    crond
+fi
+
 # Run x-ui
 exec /app/x-ui

+ 3 - 0
docker-compose.yml

@@ -18,6 +18,9 @@ services:
     volumes:
       - $PWD/db/:/etc/x-ui/
       - $PWD/cert/:/root/cert/
+      # Persists acme.sh state so certificate auto-renewal survives container
+      # recreation (the entrypoint re-registers the renewal cron job from it).
+      - $PWD/acme/:/root/.acme.sh/
     environment:
       XRAY_VMESS_AEAD_FORCED: "false"
       XUI_ENABLE_FAIL2BAN: "true"