(untested) make nginx run as non-root

website/entry.sh

@@ -1,32 +1,29 @@
 #!/bin/sh
 
-# server needs to be up to get certs
-nginx
-while [ ! -f /var/run/nginx.pid ]
-do
-    sleep 1
-done
-
 # get certs if needed
-certbot --nginx \
-    --webroot-path /var/www/matthewtran.com \
+certbot certonly --standalone \
+    --http-01-port 8080 \
+    --config-dir ~/certbot \
+    --work-dir ~/certbot/work \
+    --logs-dir ~/certbot/logs \
     --non-interactive --agree-tos -m matthewlamtran@berkeley.edu \
     -d matthewtran.com \
     -d www.matthewtran.com \
     -d git.matthewtran.com
-nginx -s reload
 
 # background process to renew certs and check ip changes
 update() {
-    certbot renew --quiet
+    certbot renew --quiet \
+        --config-dir ~/certbot \
+        --work-dir ~/certbot/work \
+        --logs-dir ~/certbot/logs
     sleep 86400
 }
 update &
 ./ip_update.py &
 
-# wait for termination
-cleanup() {
-    echo "stopping..."
-}
-trap 'cleanup' TERM
-wait $! # wait SIGTERM, other processes can just be killed
+# run server
+nginx -c ~/server.conf
+trap 'echo "stopping website..."' TERM
+tail -f /dev/null &
+wait $!