Головна сторінка Огляд Довідка
Увійти
someonewithpc
/
gnu-social
відгалужено від diogo/gnu-social
Слідкувати 2
Зірка 0
Відгалуження 1
Файли
Дерево: e8e8000b16
Гілки Теги
gnu-social
/
docker
/
bootstrap
/
bootstrap.sh

bootstrap.sh 2.1 KB
Історія Запис

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162 
  1. #!/bin/sh
    2. 

  2. 

  3. . bootstrap.env
    4. 

  4. 

  5. sed -ri "s/%hostname%/${domain}/" /etc/nginx/conf.d/challenge.conf
    6. 

  6. 

  7. nginx
    8. 

  8. 

  9. rsa_key_size=4096
    10. 

  10. certbot_path="/var/www/certbot"
    11. 

  11. lets_path="/etc/letsencrypt"
    12. 

  12. 

  13. echo "Starting bootstrap"
    14. 

  14. 

  15. if [ ! -e "$lets_path/live//options-ssl-nginx.conf" ] ||  [ ! -e "$lets_path/live/ssl-dhparams.pem" ]
    16. 

  16. then
    17. 

  17. 

  18.   echo "### Downloading recommended TLS parameters ..."
    19. 

  19.   mkdir -p "${lets_path}/live/${domain_root}"
    20. 

  20. 

  21.   curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf >"$lets_path/options-ssl-nginx.conf"
    22. 

  22.   curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"$lets_path/ssl-dhparams.pem"
    23. 

  23. 

  24.   if [ ${signed} -eq 0 ]
    25. 

  25.   then
    26. 

  26.     echo "### Creating self signed certificate for ${domain_root} ..."
    27. 

  27.     openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 365 \
    28. 

  28.       -keyout "${lets_path}/live/${domain_root}/privkey.pem" \
    29. 

  29.       -out "${lets_path}/live/${domain_root}/fullchain.pem" -subj "/CN=${domain_root}"
    30. 

  30. 

  31.     nginx -s reload
    32. 

  32.   else
    33. 

  33.     echo "### Creating dummy certificate for ${domain_root} ..."
    34. 

  34.     openssl req -x509 -nodes -newkey rsa:1024 -days 1 \
    35. 

  35.       -keyout "${lets_path}/live/${domain_root}/privkey.pem" \
    36. 

  36.       -out "${lets_path}/live/${domain_root}/fullchain.pem" -subj '/CN=localhost'
    37. 

  37. 

  38.     nginx -s reload
    39. 

  39. 

  40.     rm -Rf "${lets_path}/live/${domain_root}"
    41. 

  41.     rm -Rf "${lets_path}/archive/${domain_root}"
    42. 

  42.     rm -Rf "${lets_path}/renewal/${domain_root}.conf"
    43. 

  43. 

  44.     echo "### Requesting Let's Encrypt certificate for ${domain_root} ..."
    45. 

  45.     # Format domain_args with the cartesian product of `domain_root` and `subdomains`
    46. 

  46. 

  47.     if [ "${domain_root}" = "${domain}" ]; then domain_arg="-d ${domain_root}"; else domain_arg="-d ${domain_root} -d ${domain}"; fi
    48. 

  48. 

  49.     # Ask Let's Encrypt to create certificates, if challenge passed
    50. 

  50.     certbot certonly --webroot -w "${certbot_path}" \
    51. 

  51.             --email "${email}" \
    52. 

  52.             ${domain_arg} \
    53. 

  53.             --non-interactive \
    54. 

  54.             --rsa-key-size "${rsa_key_size}" \
    55. 

  55.             --agree-tos \
    56. 

  56.             --force-renewal
    57. 

  57.   fi
    58. 

  58. 

  59. else
    60. 

  60.   echo "Certificate related files exists, exiting"
    61. 

  61. fi
    62. 

  62.