gnu-social/docker/bootstrap/bootstrap.sh

#!/bin/sh

. bootstrap.env

sed -ri "s/%hostname%/${domain}/" /etc/nginx/conf.d/challenge.conf

nginx

rsa_key_size=4096
certbot_path="/var/www/certbot"
lets_path="/etc/letsencrypt"

echo "Starting bootstrap"

if [ ! -e "$lets_path/live//options-ssl-nginx.conf" ] ||  [ ! -e "$lets_path/live/ssl-dhparams.pem" ]
then

  echo "### Downloading recommended TLS parameters ..."
  mkdir -p "${lets_path}/live/${domain_root}"

  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf >"$lets_path/options-ssl-nginx.conf"
  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"$lets_path/ssl-dhparams.pem"

  if [ ${signed} -eq 0 ]
  then
    echo "### Creating self signed certificate for ${domain_root} ..."
    openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 365 \
      -keyout "${lets_path}/live/${domain_root}/privkey.pem" \
      -out "${lets_path}/live/${domain_root}/fullchain.pem" -subj "/CN=${domain_root}"

  else
    echo "### Creating dummy certificate for ${domain_root} ..."
    openssl req -x509 -nodes -newkey rsa:1024 -days 1 \
      -keyout "${lets_path}/live/${domain_root}/privkey.pem" \
      -out "${lets_path}/live/${domain_root}/fullchain.pem" -subj '/CN=localhost'

    nginx -s reload

    rm -Rf "${lets_path}/live/${domain_root}"
    rm -Rf "${lets_path}/archive/${domain_root}"
    rm -Rf "${lets_path}/renewal/${domain_root}.conf"

    echo "### Requesting Let's Encrypt certificate for ${domain_root} ..."
    # Format domain_args with the cartesian product of `domain_root` and `subdomains`

    if [ "${domain_root}" = "${domain}" ]; then domain_arg="-d ${domain_root}"; else domain_arg="-d ${domain_root} -d ${domain}"; fi

    # Ask Let's Encrypt to create certificates, if challenge passed
    certbot certonly --webroot -w "${certbot_path}" \
            --email "${email}" \
            ${domain_arg} \
            --non-interactive \
            --rsa-key-size "${rsa_key_size}" \
            --agree-tos \
            --force-renewal
  fi

else
  echo "Certificate related files exists, exiting"
fi
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 01:23:55 +00:00			`#!/bin/sh`

[DOCKER][BOOTSTRAP] Add option to use a self signed cert 2020-05-10 22:33:03 +01:00			`. bootstrap.env`

			`sed -ri "s/%hostname%/${domain}/" /etc/nginx/conf.d/challenge.conf`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 01:23:55 +00:00
			`nginx`

			`rsa_key_size=4096`
			`certbot_path="/var/www/certbot"`
			`lets_path="/etc/letsencrypt"`

			`echo "Starting bootstrap"`

[DOCKER][BOOTSTRAP] Add option to use a self signed cert 2020-05-10 22:33:03 +01:00			`if [ ! -e "$lets_path/live//options-ssl-nginx.conf" ] \|\| [ ! -e "$lets_path/live/ssl-dhparams.pem" ]`
			`then`

			`echo "### Downloading recommended TLS parameters ..."`
			`mkdir -p "${lets_path}/live/${domain_root}"`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 01:23:55 +00:00
[DOCKER][BOOTSTRAP] Add option to use a self signed cert 2020-05-10 22:33:03 +01:00			`curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf >"$lets_path/options-ssl-nginx.conf"`
			`curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"$lets_path/ssl-dhparams.pem"`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 01:23:55 +00:00
[DOCKER][BOOTSTRAP] Add option to use a self signed cert 2020-05-10 22:33:03 +01:00			`if [ ${signed} -eq 0 ]`
			`then`
			`echo "### Creating self signed certificate for ${domain_root} ..."`
			`openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 365 \`
			`-keyout "${lets_path}/live/${domain_root}/privkey.pem" \`
			`-out "${lets_path}/live/${domain_root}/fullchain.pem" -subj "/CN=${domain_root}"`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 01:23:55 +00:00
[DOCKER][BOOTSTRAP] Add option to use a self signed cert 2020-05-10 22:33:03 +01:00			`else`
			`echo "### Creating dummy certificate for ${domain_root} ..."`
			`openssl req -x509 -nodes -newkey rsa:1024 -days 1 \`
			`-keyout "${lets_path}/live/${domain_root}/privkey.pem" \`
			`-out "${lets_path}/live/${domain_root}/fullchain.pem" -subj '/CN=localhost'`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 01:23:55 +00:00
			`nginx -s reload`

[DOCKER][BOOTSTRAP] Add option to use a self signed cert 2020-05-10 22:33:03 +01:00			`rm -Rf "${lets_path}/live/${domain_root}"`
			`rm -Rf "${lets_path}/archive/${domain_root}"`
			`rm -Rf "${lets_path}/renewal/${domain_root}.conf"`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 01:23:55 +00:00
[DOCKER][BOOTSTRAP] Add option to use a self signed cert 2020-05-10 22:33:03 +01:00			`echo "### Requesting Let's Encrypt certificate for ${domain_root} ..."`
			# Format domain_args with the cartesian product of `domain_root` and `subdomains`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 01:23:55 +00:00
[DOCKER][BOOTSTRAP] Add option to use a self signed cert 2020-05-10 22:33:03 +01:00			`if [ "${domain_root}" = "${domain}" ]; then domain_arg="-d ${domain_root}"; else domain_arg="-d ${domain_root} -d ${domain}"; fi`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 01:23:55 +00:00
			`# Ask Let's Encrypt to create certificates, if challenge passed`
[DOCKER][BOOTSTRAP] Add option to use a self signed cert 2020-05-10 22:33:03 +01:00			`certbot certonly --webroot -w "${certbot_path}" \`
			`--email "${email}" \`
[DOCKER] Small fixes to docker setup, imported from V2 2020-05-07 21:56:39 +00:00			`${domain_arg} \`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 01:23:55 +00:00			`--non-interactive \`
[DOCKER][BOOTSTRAP] Add option to use a self signed cert 2020-05-10 22:33:03 +01:00			`--rsa-key-size "${rsa_key_size}" \`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 01:23:55 +00:00			`--agree-tos \`
			`--force-renewal`
[DOCKER][BOOTSTRAP] Add option to use a self signed cert 2020-05-10 22:33:03 +01:00			`fi`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 01:23:55 +00:00
			`else`
[DOCKER][BOOTSTRAP] Add option to use a self signed cert 2020-05-10 22:33:03 +01:00			`echo "Certificate related files exists, exiting"`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 01:23:55 +00:00			`fi`