首頁 探索 說明
登入
DelilahHoare
/
gnu-social
派生自 diogo/gnu-social
關註 1
讚好 0
複刻 0
Files
分支: experimental
分支列表 標籤列表
gnu-social
/
docker
/
bootstrap
/
bootstrap.sh

bootstrap.sh 2.5 KB
永久連結 文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. #!/bin/sh
    2. 

  2. 

  3. # This script is intended to run inside the bootstrap container. It
    4. 

  4. # should work outside, but that use case is not tested.
    5. 

  5. 

  6. . bootstrap.env
    7. 

  7. 

  8. # TODO: Add mail domain when implemented
    9. 

  9. rm -f /etc/nginx/conf.d/default.conf
    10. 

  10. sed -ri "s/%hostname%/${WEB_DOMAIN}/" /etc/nginx/conf.d/challenge.conf
    11. 

  11. 

  12. nginx
    13. 

  13. 

  14. # TODO Expose these in the configuration utility
    15. 

  15. RSA_KEY_SIZE=4096
    16. 

  16. PREFIX="/etc/letsencrypt"
    17. 

  17. SELF_SIGNED_CERTIFICATE_TTL=365
    18. 

  18. 

  19. echo "Starting bootstrap"
    20. 

  20. 

  21. obtain_certificates () {
    22. 

  22.     DOMAIN="$1"
    23. 

  23.     if [ ! -e "${PREFIX}/live/${DOMAIN}" ] ||  [ ! -e "${PREFIX}/live/ssl-dhparams.pem" ];then
    24. 

  24.         echo "### Downloading recommended TLS parameters ..."
    25. 

  25.         mkdir -p "${PREFIX}/live/${DOMAIN}"
    26. 

  26. 

  27.         curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "${PREFIX}/options-ssl-nginx.conf"
    28. 

  28.         curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"${PREFIX}/ssl-dhparams.pem"
    29. 

  29. 

  30.         if [ ${SIGNED} -eq 0 ]; then
    31. 

  31.             echo "### Creating self signed certificate for ${DOMAIN} ..."
    32. 

  32.             openssl req -x509 -nodes -newkey "rsa:${RSA_KEY_SIZE}" -days "${SELF_SIGNED_CERTIFICATE_TTL}" \
    33. 

  33.                     -keyout "${PREFIX}/live/${DOMAIN}/privkey.pem" \
    34. 

  34.                     -out "${PREFIX}/live/${DOMAIN}/fullchain.pem" -subj "/CN=${DOMAIN}"
    35. 

  35.         else
    36. 

  36.             echo "### Creating dummy certificate for ${DOMAIN} ..."
    37. 

  37.             openssl req -x509 -nodes -newkey rsa:1024 -days 1 \
    38. 

  38.                     -keyout "${PREFIX}/live/${DOMAIN}/privkey.pem" \
    39. 

  39.                     -out "${PREFIX}/live/${DOMAIN}/fullchain.pem" -subj '/CN=localhost'
    40. 

  40. 

  41.             nginx -s reload
    42. 

  42. 

  43.             rm -Rf "${PREFIX}/live/${DOMAIN}"
    44. 

  44.             rm -Rf "${PREFIX}/archive/${DOMAIN}"
    45. 

  45.             rm -Rf "${PREFIX}/renewal/${DOMAIN}.conf"
    46. 

  46. 

  47.             echo "### Requesting Let's Encrypt certificate for ${DOMAIN} ..."
    48. 

  48. 

  49.             # Ask Let's Encrypt to create certificates, if challenge passes
    50. 

  50.             certbot certonly --webroot -w "/var/www/certbot" \
    51. 

  51.                     --email "${EMAIL}" \
    52. 

  52.                     -d "${DOMAIN}" \
    53. 

  53.                     --non-interactive \
    54. 

  54.                     --rsa-key-size "${RSA_KEY_SIZE}" \
    55. 

  55.                     --agree-tos \
    56. 

  56.                     --force-renewal
    57. 

  57.         fi
    58. 

  58.     else
    59. 

  59.         echo "Certificate related files exists, exiting"
    60. 

  60.     fi
    61. 

  61. }
    62. 

  62. 

  63. obtain_certificates "${WEB_DOMAIN}"
    64. 

  64. #TODO: Uncomment when implemented (:
    65. 

  65. #obtain_certificates "${MAIL_DOMAIN}"
    66. 

  66.