Головна сторінка Огляд Довідка
Увійти
ajdunevent
/
gnu-social
відгалужено від diogo/gnu-social
Слідкувати 1
Зірка 0
Відгалуження 0
Файли
Гілка: v3
Гілки Теги
gnu-social
/
docker
/
bootstrap
/
bootstrap.sh

bootstrap.sh 2.4 KB
Постійне посилання Історія Запис

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. #!/bin/sh
    2. 

  2. 

  3. # This script is intended to run inside the bootstrap container. It
    4. 

  4. # should work outside, but that use case is not tested.
    5. 

  5. 

  6. . bootstrap.env
    7. 

  7. 

  8. sed -ri "s/%hostname%/${MAIL_DOMAIN}/" /etc/nginx/conf.d/challenge.conf
    9. 

  9. 

  10. nginx
    11. 

  11. 

  12. # TODO Expose these in the configuration utility
    13. 

  13. RSA_KEY_SIZE=4096
    14. 

  14. PREFIX="/etc/letsencrypt"
    15. 

  15. SELF_SIGNED_CERTIFICATE_TTL=365
    16. 

  16. 

  17. echo "Starting bootstrap"
    18. 

  18. 

  19. obtain_certificates () {
    20. 

  20.     DOMAIN="$1"
    21. 

  21.     if [ ! -e "${PREFIX}/live/${DOMAIN}" ] ||  [ ! -e "${PREFIX}/live/ssl-dhparams.pem" ];then
    22. 

  22.         echo "### Downloading recommended TLS parameters ..."
    23. 

  23.         mkdir -p "${PREFIX}/live/${DOMAIN}"
    24. 

  24. 

  25.         curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "${PREFIX}/options-ssl-nginx.conf"
    26. 

  26.         curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"${PREFIX}/ssl-dhparams.pem"
    27. 

  27. 

  28.         if [ ${SIGNED} -eq 0 ]; then
    29. 

  29.             echo "### Creating self signed certificate for ${DOMAIN} ..."
    30. 

  30.             openssl req -x509 -nodes -newkey "rsa:${RSA_KEY_SIZE}" -days "${SELF_SIGNED_CERTIFICATE_TTL}" \
    31. 

  31.                     -keyout "${PREFIX}/live/${DOMAIN}/privkey.pem" \
    32. 

  32.                     -out "${PREFIX}/live/${DOMAIN}/fullchain.pem" -subj "/CN=${DOMAIN}"
    33. 

  33.         else
    34. 

  34.             echo "### Creating dummy certificate for ${DOMAIN} ..."
    35. 

  35.             openssl req -x509 -nodes -newkey rsa:1024 -days 1 \
    36. 

  36.                     -keyout "${PREFIX}/live/${DOMAIN}/privkey.pem" \
    37. 

  37.                     -out "${PREFIX}/live/${DOMAIN}/fullchain.pem" -subj '/CN=localhost'
    38. 

  38. 

  39.             nginx -s reload
    40. 

  40. 

  41.             rm -Rf "${PREFIX}/live/${DOMAIN}"
    42. 

  42.             rm -Rf "${PREFIX}/archive/${DOMAIN}"
    43. 

  43.             rm -Rf "${PREFIX}/renewal/${DOMAIN}.conf"
    44. 

  44. 

  45.             echo "### Requesting Let's Encrypt certificate for ${DOMAIN} ..."
    46. 

  46. 

  47.             # Ask Let's Encrypt to create certificates, if challenge passes
    48. 

  48.             certbot certonly --webroot -w "/var/www/certbot" \
    49. 

  49.                     --email "${EMAIL}" \
    50. 

  50.                     -d "${DOMAIN}" \
    51. 

  51.                     --non-interactive \
    52. 

  52.                     --rsa-key-size "${RSA_KEY_SIZE}" \
    53. 

  53.                     --agree-tos \
    54. 

  54.                     --force-renewal
    55. 

  55.         fi
    56. 

  56.     else
    57. 

  57.         echo "Certificate related files exists, exiting"
    58. 

  58.     fi
    59. 

  59. }
    60. 

  60. 

  61. obtain_certificates "${WEB_DOMAIN}"
    62. 

  62. obtain_certificates "${MAIL_DOMAIN}"
    63. 

  63.