[DOCKER][BOOTSTRAP] Add option to use a self signed cert

docker/bootstrap/bootstrap.sh

@@ -1,6 +1,8 @@
 #!/bin/sh
 
-sed -ri "s/%hostname%/$domain/" /etc/nginx/conf.d/challenge.conf
+. bootstrap.env
+
+sed -ri "s/%hostname%/${domain}/" /etc/nginx/conf.d/challenge.conf
 
 nginx
 
@@ -10,43 +12,50 @@ lets_path="/etc/letsencrypt"
 
 echo "Starting bootstrap"
 
-if [ ! -e "${lets_path}/live//options-ssl-nginx.conf" ] \
-    || [ ! -e "${lets_path}/live/ssl-dhparams.pem" ]; then
+if [ ! -e "$lets_path/live//options-ssl-nginx.conf" ] ||  [ ! -e "$lets_path/live/ssl-dhparams.pem" ]
+then
 
-    echo "### Downloading recommended TLS parameters ..."
-    mkdir -p "${lets_path}/live"
+  echo "### Downloading recommended TLS parameters ..."
+  mkdir -p "${lets_path}/live/${domain_root}"
 
-    curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > \
-         "${lets_path}/options-ssl-nginx.conf"
-    curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > \
-         "${lets_path}/ssl-dhparams.pem"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf >"$lets_path/options-ssl-nginx.conf"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"$lets_path/ssl-dhparams.pem"
 
-    echo "### Creating dummy certificate for ${root_domain} ..."
-    openssl req -x509 -nodes -newkey rsa:1024 -days 1\
-            -keyout "${lets_path}/live/privkey.pem" \
-            -out "${lets_path}/live/fullchain.pem" -subj '/CN=localhost'
+  if [ ${signed} -eq 0 ]
+  then
+    echo "### Creating self signed certificate for ${domain_root} ..."
+    openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 365 \
+      -keyout "${lets_path}/live/${domain_root}/privkey.pem" \
+      -out "${lets_path}/live/${domain_root}/fullchain.pem" -subj "/CN=${domain_root}"
+
+    nginx -s reload
+  else
+    echo "### Creating dummy certificate for ${domain_root} ..."
+    openssl req -x509 -nodes -newkey rsa:1024 -days 1 \
+      -keyout "${lets_path}/live/${domain_root}/privkey.pem" \
+      -out "${lets_path}/live/${domain_root}/fullchain.pem" -subj '/CN=localhost'
 
     nginx -s reload
 
-    rm -Rf "${lets_path}/live/${root_domain}"
-    rm -Rf "${lets_path}/archive/${root_domain}"
-    rm -Rf "${lets_path}/renewal/${root_domain}.conf"
+    rm -Rf "${lets_path}/live/${domain_root}"
+    rm -Rf "${lets_path}/archive/${domain_root}"
+    rm -Rf "${lets_path}/renewal/${domain_root}.conf"
 
-    echo "### Requesting Let's Encrypt certificate for $root_domain ..."
-    # Format domain_args with the cartesian product of `root_domain` and `subdomains`
+    echo "### Requesting Let's Encrypt certificate for ${domain_root} ..."
+    # Format domain_args with the cartesian product of `domain_root` and `subdomains`
 
-    email_arg="--email ${email}"
-    domain_arg=$([ "${domain_root}" = "${domain}" ] && printf "-d ${domain_root}" || printf "-d ${domain_root} -d ${domain}")
+    if [ "${domain_root}" = "${domain}" ]; then domain_arg="-d ${domain_root}"; else domain_arg="-d ${domain_root} -d ${domain}"; fi
 
     # Ask Let's Encrypt to create certificates, if challenge passed
-    certbot certonly --webroot -w /var/www/certbot \
-            ${email_arg} \
+    certbot certonly --webroot -w "${certbot_path}" \
+            --email "${email}" \
             ${domain_arg} \
             --non-interactive \
-            --rsa-key-size ${rsa_key_size} \
+            --rsa-key-size "${rsa_key_size}" \
             --agree-tos \
             --force-renewal
+  fi
 
 else
-    echo "Certificate related files exists, exiting"
+  echo "Certificate related files exists, exiting"
 fi