gnu-social/docker/bootstrap/bootstrap.sh

#!/bin/sh

. bootstrap.env

sed -ri "s/%hostname%/${DOMAIN}/" /etc/nginx/conf.d/challenge.conf

nginx

rsa_key_size=4096
certbot_path="/var/www/certbot"
lets_path="/etc/letsencrypt"

echo "Starting bootstrap"

if [ ! -e "${lets_path}/live/${DOMAIN}/options-ssl-nginx.conf" ] ||  [ ! -e "$lets_path/live/ssl-dhparams.pem" ];then
    echo "### Downloading recommended TLS parameters ..."
    mkdir -p "${lets_path}/live/${DOMAIN}"

    curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf >"$lets_path/options-ssl-nginx.conf"
    curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"$lets_path/ssl-dhparams.pem"

    if [ ${SIGNED} -eq 0 ]; then
        echo "### Creating self signed certificate for ${DOMAIN} ..."
        openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 365 \
                -keyout "${lets_path}/live/${DOMAIN}/privkey.pem" \
                -out "${lets_path}/live/${DOMAIN}/fullchain.pem" -subj "/CN=${DOMAIN}"
    else
        echo "### Creating dummy certificate for ${DOMAIN} ..."
        openssl req -x509 -nodes -newkey rsa:1024 -days 1 \
                -keyout "${lets_path}/live/${DOMAIN}/privkey.pem" \
                -out "${lets_path}/live/${DOMAIN}/fullchain.pem" -subj '/CN=localhost'

        nginx -s reload

        rm -Rf "${lets_path}/live/${DOMAIN}"
        rm -Rf "${lets_path}/archive/${DOMAIN}"
        rm -Rf "${lets_path}/renewal/${DOMAIN}.conf"

        echo "### Requesting Let's Encrypt certificate for ${DOMAIN} ..."
        # Format domain_args with the cartesian product of `domain_root` and `subdomains`

        # if [ "${DOMAIN_ROOT}" = "${DOMAIN}" ]; then domain_arg="-d ${DOMAIN_ROOT}"; else domain_arg="-d ${DOMAIN_ROOT} -d ${DOMAIN}"; fi
        # ${domain_arg} \

        # Ask Let's Encrypt to create certificates, if challenge passed
        certbot certonly --webroot -w "${certbot_path}" \
                --email "${EMAIL}" \
                -d "${DOMAIN}" \
                --non-interactive \
                --rsa-key-size "${rsa_key_size}" \
                --agree-tos \
                --force-renewal
    fi
else
    echo "Certificate related files exists, exiting"
fi
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 10:23:55 +09:00			`#!/bin/sh`

[DOCKER][BOOTSTRAP] Add option to use a self signed cert 2020-05-11 06:33:03 +09:00			`. bootstrap.env`

[TOOLS][DOCKER] Rewrite the configuration script to use whiptail/dialog, and refactor 2021-03-21 08:09:50 +09:00			`sed -ri "s/%hostname%/${DOMAIN}/" /etc/nginx/conf.d/challenge.conf`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 10:23:55 +09:00
			`nginx`

			`rsa_key_size=4096`
			`certbot_path="/var/www/certbot"`
			`lets_path="/etc/letsencrypt"`

			`echo "Starting bootstrap"`

[DOCKER] Remove quotes from docker env files, as docker (or at least docker-compose) include them in the actual value 2021-03-24 02:28:52 +09:00			`if [ ! -e "${lets_path}/live/${DOMAIN}/options-ssl-nginx.conf" ] \|\| [ ! -e "$lets_path/live/ssl-dhparams.pem" ];then`
[TOOLS][DOCKER] Rewrite the configuration script to use whiptail/dialog, and refactor 2021-03-21 08:09:50 +09:00			`echo "### Downloading recommended TLS parameters ..."`
			`mkdir -p "${lets_path}/live/${DOMAIN}"`

			`curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf >"$lets_path/options-ssl-nginx.conf"`
			`curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem >"$lets_path/ssl-dhparams.pem"`

			`if [ ${SIGNED} -eq 0 ]; then`
			`echo "### Creating self signed certificate for ${DOMAIN} ..."`
			`openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 365 \`
			`-keyout "${lets_path}/live/${DOMAIN}/privkey.pem" \`
			`-out "${lets_path}/live/${DOMAIN}/fullchain.pem" -subj "/CN=${DOMAIN}"`
			`else`
			`echo "### Creating dummy certificate for ${DOMAIN} ..."`
			`openssl req -x509 -nodes -newkey rsa:1024 -days 1 \`
			`-keyout "${lets_path}/live/${DOMAIN}/privkey.pem" \`
			`-out "${lets_path}/live/${DOMAIN}/fullchain.pem" -subj '/CN=localhost'`

			`nginx -s reload`

			`rm -Rf "${lets_path}/live/${DOMAIN}"`
			`rm -Rf "${lets_path}/archive/${DOMAIN}"`
			`rm -Rf "${lets_path}/renewal/${DOMAIN}.conf"`

			`echo "### Requesting Let's Encrypt certificate for ${DOMAIN} ..."`
			# Format domain_args with the cartesian product of `domain_root` and `subdomains`

			`# if [ "${DOMAIN_ROOT}" = "${DOMAIN}" ]; then domain_arg="-d ${DOMAIN_ROOT}"; else domain_arg="-d ${DOMAIN_ROOT} -d ${DOMAIN}"; fi`
			`# ${domain_arg} \`

			`# Ask Let's Encrypt to create certificates, if challenge passed`
			`certbot certonly --webroot -w "${certbot_path}" \`
			`--email "${EMAIL}" \`
			`-d "${DOMAIN}" \`
			`--non-interactive \`
			`--rsa-key-size "${rsa_key_size}" \`
			`--agree-tos \`
			`--force-renewal`
			`fi`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 10:23:55 +09:00			`else`
[TOOLS][DOCKER] Rewrite the configuration script to use whiptail/dialog, and refactor 2021-03-21 08:09:50 +09:00			`echo "Certificate related files exists, exiting"`
[TOOLS][SSL] Added bin/boostrap_certificates.sh, allowing for easy configuration of SSL certificates with Let's Encrypt 2020-05-05 10:23:55 +09:00			`fi`