[TOOLS][DOCKER] Rewrite the configuration script to use whiptail/dialog, and refactor

2021-03-20 23:09:50 +00:00
parent ea6623f029
commit 2f570fcc2a
18 changed files with 594 additions and 525 deletions
--- a/docker/bootstrap/bootstrap.sh
+++ b/docker/bootstrap/bootstrap.sh
@@ -2,7 +2,7 @@

 . bootstrap.env

-sed -ri "s/%hostname%/${domain}/" /etc/nginx/conf.d/challenge.conf
+sed -ri "s/%hostname%/${DOMAIN}/" /etc/nginx/conf.d/challenge.conf

 nginx

@@ -12,49 +12,45 @@ lets_path="/etc/letsencrypt"

 echo "Starting bootstrap"

-if [ ! -e "$lets_path/live//options-ssl-nginx.conf" ] ||  [ ! -e "$lets_path/live/ssl-dhparams.pem" ]
-then
+if [ ! -e "$lets_path/live//options-ssl-nginx.conf" ] ||  [ ! -e "$lets_path/live/ssl-dhparams.pem" ];then
+    echo "### Downloading recommended TLS parameters ..."
+    mkdir -p "${lets_path}/live/${DOMAIN}"

-  echo "### Downloading recommended TLS parameters ..."
-  mkdir -p "${lets_path}/live/${domain_root}"
+    curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf >"$lets_path/options-ssl-nginx.conf"
+    curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"$lets_path/ssl-dhparams.pem"

-  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf >"$lets_path/options-ssl-nginx.conf"
-  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"$lets_path/ssl-dhparams.pem"
+    if [ ${SIGNED} -eq 0 ]; then
+        echo "### Creating self signed certificate for ${DOMAIN} ..."
+        openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 365 \
+                -keyout "${lets_path}/live/${DOMAIN}/privkey.pem" \
+                -out "${lets_path}/live/${DOMAIN}/fullchain.pem" -subj "/CN=${DOMAIN}"
+    else
+        echo "### Creating dummy certificate for ${DOMAIN} ..."
+        openssl req -x509 -nodes -newkey rsa:1024 -days 1 \
+                -keyout "${lets_path}/live/${DOMAIN}/privkey.pem" \
+                -out "${lets_path}/live/${DOMAIN}/fullchain.pem" -subj '/CN=localhost'

-  if [ ${signed} -eq 0 ]
-  then
-    echo "### Creating self signed certificate for ${domain_root} ..."
-    openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 365 \
-      -keyout "${lets_path}/live/${domain_root}/privkey.pem" \
-      -out "${lets_path}/live/${domain_root}/fullchain.pem" -subj "/CN=${domain_root}"
+        nginx -s reload

-  else
-    echo "### Creating dummy certificate for ${domain_root} ..."
-    openssl req -x509 -nodes -newkey rsa:1024 -days 1 \
-      -keyout "${lets_path}/live/${domain_root}/privkey.pem" \
-      -out "${lets_path}/live/${domain_root}/fullchain.pem" -subj '/CN=localhost'
+        rm -Rf "${lets_path}/live/${DOMAIN}"
+        rm -Rf "${lets_path}/archive/${DOMAIN}"
+        rm -Rf "${lets_path}/renewal/${DOMAIN}.conf"

-    nginx -s reload
+        echo "### Requesting Let's Encrypt certificate for ${DOMAIN} ..."
+        # Format domain_args with the cartesian product of `domain_root` and `subdomains`

-    rm -Rf "${lets_path}/live/${domain_root}"
-    rm -Rf "${lets_path}/archive/${domain_root}"
-    rm -Rf "${lets_path}/renewal/${domain_root}.conf"
-
-    echo "### Requesting Let's Encrypt certificate for ${domain_root} ..."
-    # Format domain_args with the cartesian product of `domain_root` and `subdomains`
-
-    if [ "${domain_root}" = "${domain}" ]; then domain_arg="-d ${domain_root}"; else domain_arg="-d ${domain_root} -d ${domain}"; fi
-
-    # Ask Let's Encrypt to create certificates, if challenge passed
-    certbot certonly --webroot -w "${certbot_path}" \
-            --email "${email}" \
-            ${domain_arg} \
-            --non-interactive \
-            --rsa-key-size "${rsa_key_size}" \
-            --agree-tos \
-            --force-renewal
-  fi
+        # if [ "${DOMAIN_ROOT}" = "${DOMAIN}" ]; then domain_arg="-d ${DOMAIN_ROOT}"; else domain_arg="-d ${DOMAIN_ROOT} -d ${DOMAIN}"; fi
+        # ${domain_arg} \

+        # Ask Let's Encrypt to create certificates, if challenge passed
+        certbot certonly --webroot -w "${certbot_path}" \
+                --email "${EMAIL}" \
+                -d "${DOMAIN}" \
+                --non-interactive \
+                --rsa-key-size "${rsa_key_size}" \
+                --agree-tos \
+                --force-renewal
+    fi
 else
-  echo "Certificate related files exists, exiting"
+    echo "Certificate related files exists, exiting"
 fi