Inicio Explorar Axuda
Iniciar sesión
tokarskiy
/
gnu-social
Fork de diogo/gnu-social
Seguir 1
Destacar 0
Fork 0
Ficheiros
Árbore: 5e8e58df1d
Ramas Etiquetas
gnu-social
/
docker
/
bootstrap
/
bootstrap.sh

bootstrap.sh 2.1 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. #!/bin/sh
    2. 

  2. 

  3. . bootstrap.env
    4. 

  4. 

  5. sed -ri "s/%hostname%/${domain}/" /etc/nginx/conf.d/challenge.conf
    6. 

  6. 

  7. nginx
    8. 

  8. 

  9. rsa_key_size=4096
    10. 

  10. certbot_path="/var/www/certbot"
    11. 

  11. lets_path="/etc/letsencrypt"
    12. 

  12. 

  13. echo "Starting bootstrap"
    14. 

  14. 

  15. if [ ! -e "$lets_path/live//options-ssl-nginx.conf" ] ||  [ ! -e "$lets_path/live/ssl-dhparams.pem" ]
    16. 

  16. then
    17. 

  17. 

  18.   echo "### Downloading recommended TLS parameters ..."
    19. 

  19.   mkdir -p "${lets_path}/live/${domain_root}"
    20. 

  20. 

  21.   curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf >"$lets_path/options-ssl-nginx.conf"
    22. 

  22.   curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"$lets_path/ssl-dhparams.pem"
    23. 

  23. 

  24.   if [ ${signed} -eq 0 ]
    25. 

  25.   then
    26. 

  26.     echo "### Creating self signed certificate for ${domain_root} ..."
    27. 

  27.     openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 365 \
    28. 

  28.       -keyout "${lets_path}/live/${domain_root}/privkey.pem" \
    29. 

  29.       -out "${lets_path}/live/${domain_root}/fullchain.pem" -subj "/CN=${domain_root}"
    30. 

  30. 

  31.   else
    32. 

  32.     echo "### Creating dummy certificate for ${domain_root} ..."
    33. 

  33.     openssl req -x509 -nodes -newkey rsa:1024 -days 1 \
    34. 

  34.       -keyout "${lets_path}/live/${domain_root}/privkey.pem" \
    35. 

  35.       -out "${lets_path}/live/${domain_root}/fullchain.pem" -subj '/CN=localhost'
    36. 

  36. 

  37.     nginx -s reload
    38. 

  38. 

  39.     rm -Rf "${lets_path}/live/${domain_root}"
    40. 

  40.     rm -Rf "${lets_path}/archive/${domain_root}"
    41. 

  41.     rm -Rf "${lets_path}/renewal/${domain_root}.conf"
    42. 

  42. 

  43.     echo "### Requesting Let's Encrypt certificate for ${domain_root} ..."
    44. 

  44.     # Format domain_args with the cartesian product of `domain_root` and `subdomains`
    45. 

  45. 

  46.     if [ "${domain_root}" = "${domain}" ]; then domain_arg="-d ${domain_root}"; else domain_arg="-d ${domain_root} -d ${domain}"; fi
    47. 

  47. 

  48.     # Ask Let's Encrypt to create certificates, if challenge passed
    49. 

  49.     certbot certonly --webroot -w "${certbot_path}" \
    50. 

  50.             --email "${email}" \
    51. 

  51.             ${domain_arg} \
    52. 

  52.             --non-interactive \
    53. 

  53.             --rsa-key-size "${rsa_key_size}" \
    54. 

  54.             --agree-tos \
    55. 

  55.             --force-renewal
    56. 

  56.   fi
    57. 

  57. 

  58. else
    59. 

  59.   echo "Certificate related files exists, exiting"
    60. 

  60. fi
    61. 

  61.