eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

[DOCKER][BOOTSTRAP] Add option to use a self signed cert

Browse Source
This commit is contained in:
Diogo Cordeiro
2020-05-10 22:33:03 +01:00
committed by Hugo Sales
parent cb7518a750
commit f60e37ba3d
5 changed files with 71 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
docker/bootstrap/bootstrap.sh
View File

@@ -1,6 +1,8 @@
#!/bin/sh
sed -ri "s/%hostname%/$domain/" /etc/nginx/conf.d/challenge.conf
. bootstrap.env
sed -ri "s/%hostname%/${domain}/" /etc/nginx/conf.d/challenge.conf
nginx
@@ -10,43 +12,50 @@ lets_path="/etc/letsencrypt"
echo "Starting bootstrap"
if [ ! -e "${lets_path}/live//options-ssl-nginx.conf" ] \
|| [ ! -e "${lets_path}/live/ssl-dhparams.pem" ]; then
if [ ! -e "$lets_path/live//options-ssl-nginx.conf" ] || [ ! -e "$lets_path/live/ssl-dhparams.pem" ]
then
echo "### Downloading recommended TLS parameters ..."
mkdir -p "${lets_path}/live"
echo "### Downloading recommended TLS parameters ..."
mkdir -p "${lets_path}/live/${domain_root}"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > \
"${lets_path}/options-ssl-nginx.conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > \
"${lets_path}/ssl-dhparams.pem"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf >"$lets_path/options-ssl-nginx.conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"$lets_path/ssl-dhparams.pem"
echo "### Creating dummy certificate for ${root_domain} ..."
openssl req -x509 -nodes -newkey rsa:1024 -days 1\
-keyout "${lets_path}/live/privkey.pem" \
-out "${lets_path}/live/fullchain.pem" -subj '/CN=localhost'
if [ ${signed} -eq 0 ]
then
echo "### Creating self signed certificate for ${domain_root} ..."
openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 365 \
-keyout "${lets_path}/live/${domain_root}/privkey.pem" \
-out "${lets_path}/live/${domain_root}/fullchain.pem" -subj "/CN=${domain_root}"
nginx -s reload
else
echo "### Creating dummy certificate for ${domain_root} ..."
openssl req -x509 -nodes -newkey rsa:1024 -days 1 \
-keyout "${lets_path}/live/${domain_root}/privkey.pem" \
-out "${lets_path}/live/${domain_root}/fullchain.pem" -subj '/CN=localhost'
nginx -s reload
rm -Rf "${lets_path}/live/${root_domain}"
rm -Rf "${lets_path}/archive/${root_domain}"
rm -Rf "${lets_path}/renewal/${root_domain}.conf"
rm -Rf "${lets_path}/live/${domain_root}"
rm -Rf "${lets_path}/archive/${domain_root}"
rm -Rf "${lets_path}/renewal/${domain_root}.conf"
echo "### Requesting Let's Encrypt certificate for $root_domain ..."
# Format domain_args with the cartesian product of `root_domain` and `subdomains`
echo "### Requesting Let's Encrypt certificate for ${domain_root} ..."
# Format domain_args with the cartesian product of `domain_root` and `subdomains`
email_arg="--email ${email}"
domain_arg=$([ "${domain_root}" = "${domain}" ] && printf "-d ${domain_root}" || printf "-d ${domain_root} -d ${domain}")
if [ "${domain_root}" = "${domain}" ]; then domain_arg="-d ${domain_root}"; else domain_arg="-d ${domain_root} -d ${domain}"; fi
# Ask Let's Encrypt to create certificates, if challenge passed
certbot certonly --webroot -w /var/www/certbot \
${email_arg} \
certbot certonly --webroot -w "${certbot_path}" \
--email "${email}" \
${domain_arg} \
--non-interactive \
--rsa-key-size ${rsa_key_size} \
--rsa-key-size "${rsa_key_size}" \
--agree-tos \
--force-renewal
fi
else
echo "Certificate related files exists, exiting"
echo "Certificate related files exists, exiting"
fi