eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity
Files
adb6680a0146f290716945778af1ff087cf3e9fc
gnu-social/docker/bootstrap/bootstrap.sh

63 lines
2.4 KiB
Bash
Raw Normal View History

[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt
2020-05-05 01:23:55 +00:00
#!/bin/sh
[DOKER][MAIL][BOOTSTRAP] Make bootstrap generate separate certificates for the web root and the mail server
2021-03-24 11:48:45 +00:00
# This script is intended to run inside the bootstrap container. It
# should work outside, but that use case is not tested.
[DOCKER][BOOTSTRAP] Add option to use a self signed cert
2020-05-10 22:33:03 +01:00
. bootstrap.env
[DOCKER][MAIL] Update config and change the way mail docker handles it, so the edits aren't visible from the outside, polluting the git staging area
2021-03-24 22:31:43 +00:00
sed -ri "s/%hostname%/${MAIL_DOMAIN}/" /etc/nginx/conf.d/challenge.conf
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt
2020-05-05 01:23:55 +00:00
nginx
[DOKER][MAIL][BOOTSTRAP] Make bootstrap generate separate certificates for the web root and the mail server
2021-03-24 11:48:45 +00:00
# TODO Expose these in the configuration utility
RSA_KEY_SIZE=4096
PREFIX="/etc/letsencrypt"
SELF_SIGNED_CERTIFICATE_TTL=365
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt
2020-05-05 01:23:55 +00:00
echo "Starting bootstrap"
[DOKER][MAIL][BOOTSTRAP] Make bootstrap generate separate certificates for the web root and the mail server
2021-03-24 11:48:45 +00:00
obtain_certificates () {
DOMAIN="$1"
if [ ! -e "${PREFIX}/live/${DOMAIN}" ] || [ ! -e "${PREFIX}/live/ssl-dhparams.pem" ];then
echo "### Downloading recommended TLS parameters ..."
mkdir -p "${PREFIX}/live/${DOMAIN}"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "${PREFIX}/options-ssl-nginx.conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"${PREFIX}/ssl-dhparams.pem"
if [ ${SIGNED} -eq 0 ]; then
echo "### Creating self signed certificate for ${DOMAIN} ..."
openssl req -x509 -nodes -newkey "rsa:${RSA_KEY_SIZE}" -days "${SELF_SIGNED_CERTIFICATE_TTL}" \
-keyout "${PREFIX}/live/${DOMAIN}/privkey.pem" \
-out "${PREFIX}/live/${DOMAIN}/fullchain.pem" -subj "/CN=${DOMAIN}"
else
echo "### Creating dummy certificate for ${DOMAIN} ..."
openssl req -x509 -nodes -newkey rsa:1024 -days 1 \
-keyout "${PREFIX}/live/${DOMAIN}/privkey.pem" \
-out "${PREFIX}/live/${DOMAIN}/fullchain.pem" -subj '/CN=localhost'
nginx -s reload
rm -Rf "${PREFIX}/live/${DOMAIN}"
rm -Rf "${PREFIX}/archive/${DOMAIN}"
rm -Rf "${PREFIX}/renewal/${DOMAIN}.conf"
echo "### Requesting Let's Encrypt certificate for ${DOMAIN} ..."
# Ask Let's Encrypt to create certificates, if challenge passes
certbot certonly --webroot -w "/var/www/certbot" \
--email "${EMAIL}" \
-d "${DOMAIN}" \
--non-interactive \
--rsa-key-size "${RSA_KEY_SIZE}" \
--agree-tos \
--force-renewal
fi
[TOOLS][DOCKER] Rewrite the configuration script to use whiptail/dialog, and refactor
2021-03-20 23:09:50 +00:00
else
[DOKER][MAIL][BOOTSTRAP] Make bootstrap generate separate certificates for the web root and the mail server
2021-03-24 11:48:45 +00:00
echo "Certificate related files exists, exiting"
[TOOLS][DOCKER] Rewrite the configuration script to use whiptail/dialog, and refactor
2021-03-20 23:09:50 +00:00
fi
[DOKER][MAIL][BOOTSTRAP] Make bootstrap generate separate certificates for the web root and the mail server
2021-03-24 11:48:45 +00:00
}
obtain_certificates "${WEB_DOMAIN}"
obtain_certificates "${MAIL_DOMAIN}"
Reference in New Issue Copy Permalink