Add DNS Server, Many Other Fixes/Enhancements (#12)
* Add 443 just in case since docker ps is showing it as active. * Add two new projects. * Add pre-testing content for DNS. * Initial untested stab at the GitLab config. * This project uses build, image name is not needed. * Cleanup, untested guess at how to handle the variables in the pipe section. * Filled out all files for DNS. Ready for testing. * This seems to work, Ubuntu is hoarding port 53 though even though local services are shut off. * `dnsmasq` container is testing successfully now. * Don't allow a run unless the config files exist. * Correct the crontab entry so that $RANDOM works correctly. * Certs were not being saved by LetsEncrypt for Nginx correctly. Should be working now. * Do not allow disabled folders into Git. * Do not allow disabled folders into Git, 2. * Do not allow disabled folders into Git, 3. * Do not allow disabled folders into Git, 4. * Do not allow disabled folders into Git, 5. * Do not allow disabled folders into Git, 6. * Don't add logs from anywhere. * Add ping and dig to Nextcloud container for troubleshooting. * Fix tabs. * Make unfinished suffix consistent. * Clean whitespace. * Multiple names for a single IP address. * Add 2nd example domain from hosts file. * Add caching program Redis for Nextcloud. * Add REDIS_HOST variable for automatic setup through config/redis.config.php. * Upgrade to compose version 3. * Move OnlyOffice to Nextcloud area. * Change container name. * Add container_name to all compose services. * Shorten names for Nextcloud services. * Comment possible OO fixes while trying to get container to use DNS. * Remove OnlyOffice setting tests. * Do not commit .env files, only their examples. * Move OnlyOffice to be its own configuration again. Add sourcing of DNS settings so that local traffic routes correctly. * Fix source file, BASH_SROUCE did not work without the shebang. Also fix bug for when it sees `..` and assumes current directory. * dns.env file did not work out, env_file: element not being read before dns: element. Using folder-specific .env files instead, seems to be loaded before dns: element. Also move other values to the env files for better password privacy. * Keep commands for cleaning up environment in one file. * Update examples. * Fix cd moving the user to the file's directory. * Add note for user to set up the env file. * Replace README files by unhiding the example files. * Still need to specify the variables in the environment: element. * Add header variable. * Place host above database. * Fix "JWS" typo. * Do not use the HEADER parameter. * Add vim to fix packages. * Forget about the manual DNS servers for a minute, ensure host is set up properly first. Ubuntu is happy but Debian is not. * Try using the host network explicitly. * Temporarily give up on having Nextcloud server see local OnlyOffice server. Works when they are different machines but need them together.
This commit is contained in:
GitHub
@ -28,8 +28,8 @@ if [[ $certbot_running != 1 ]]; then
|
||||
fi
|
||||
|
||||
## Input ##
|
||||
|
||||
# Gather information from the user.
|
||||
|
||||
echo -n "Please provide the email address you would like the certs bound to: "
|
||||
read email
|
||||
if [[ -z $email ]]; then
|
||||
@ -45,19 +45,34 @@ if [[ $confirm != "Y"* ]]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo -n "Is this a test run? [Y/n]: "
|
||||
typeset -l test dry_run
|
||||
read test
|
||||
if [[ $test == "y"* || -z $test ]]; then
|
||||
dry_run="--dry-run"
|
||||
echo " Great! Running with $dry_run to avoid using up requests."
|
||||
else
|
||||
echo " Requesting live certificates for new domains."
|
||||
fi
|
||||
|
||||
## Main ##
|
||||
|
||||
# Loop over the proxy configuration files and ensure they have certs.
|
||||
grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do
|
||||
filename=`basename $file`
|
||||
echo -e "\n"
|
||||
|
||||
if [[ $filename == *"example.com"* ]]; then
|
||||
echo "Skipping $filename since it is only an example."
|
||||
continue
|
||||
fi
|
||||
|
||||
echo "*** Checking $filename ***"
|
||||
if [[ -d $CERT_DIR/$filename ]]; then
|
||||
echo "*** Checking $filename ***"
|
||||
if [[ -f $CERT_DIR/$filename/SELF ]]; then
|
||||
echo "Removing self-signed certs."
|
||||
rm -rfv $CERT_DIR/$filename
|
||||
fi
|
||||
if [[ ! -d $CERT_DIR/$filename ]]; then
|
||||
echo "Getting the domains which need the cert."
|
||||
domains=`grep -v '$server_name' $file | grep server_name`
|
||||
|
||||
@ -69,13 +84,18 @@ grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do
|
||||
domains=${domains// /,}
|
||||
echo "Domains='$domains'"
|
||||
|
||||
echo "Attempting to create real certs at $CERT_DIR/$filename."
|
||||
docker exec reverseproxy-certbot-1 certbot certonly -n --webroot \
|
||||
echo "Attempting to create certs at $CERT_DIR/$filename."
|
||||
docker exec reverseproxy-certbot-1 \
|
||||
certbot certonly -n --webroot $dry_run \
|
||||
-w /etc/letsencrypt --agree-tos -m $email -d $filename
|
||||
|
||||
ls -lh $CERT_DIR/$filename/*
|
||||
if [[ -z $dry_run ]]; then
|
||||
docker exec reverseproxy-certbot-1 \
|
||||
sh -c "cp -rL /etc/letsencrypt/live/$filename /etc/letsencrypt/nginx/"
|
||||
ls -lh $CERT_DIR/$filename/*
|
||||
fi
|
||||
else
|
||||
echo "Website's certificate folder does not exist, skipping."
|
||||
echo "Website's certificate folder already exists, skipping."
|
||||
continue
|
||||
fi
|
||||
done
|
||||
|
||||
Reference in New Issue
Block a user