me/env-docker
me/env-docker
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
env-docker/Config/ReverseProxy/create_letsencrypt_certs.sh
Chad f45cc326fc
Fixes and Enhancements (#16) 
* Add more instructions after successfully creating a new subdomain.

* Update the container name.

* Add a just-in-case step.

* Add an alias and improve comments.

* Fix manage path.

* Add limits but no reservations for PP. Start off somewhat relaxed rather than strict.

* Always restart PP containers.

* Move URL to env file. Do not recommend using HTTPS in the value.

* Format comments.

* Put commands in shells so they cannot exit the full program.

* Updating apps like this did not seem to be working, but also do not want it to work anymore.
2023-10-17 04:35:57 -07:00

104 lines
2.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Create a real cert for each file in config/conf.d/.
## Variables ##
DIR=`dirname $0`
if [[ $DIR == \.* ]]; then
DIR=`pwd`
fi
# Where the files need to live.
CERT_DIR=$DIR/../../Volumes/ReverseProxy/letsencrypt-certs
echo "CERT_DIR=$CERT_DIR"
## Validations ##
# Ensure that fake certs were created at some point, or that the system has been run at least once.
if [[ ! -d $CERT_DIR ]]; then
echo "ERROR: Certificate directory does not exist yet. Run the placeholder script first." >&2
exit 1
fi
# The container needs to be running in order to use the certbot command.
certbot_running=`docker ps | grep -c rp-certbot`
if [[ $certbot_running != 1 ]]; then
echo "ERROR: Certbot container does not appear to be running, cannot continue." >&2
exit 1
fi
## Input ##
# Gather information from the user.
echo -n "Please provide the email address you would like the certs bound to: "
read email
if [[ -z $email ]]; then
echo "ERROR: Email address is mandatory. $email" >&2
exit 1
fi
echo -n "Please double check that '$email' looks correct and provide Yes if so: "
typeset -u confirm
read confirm
if [[ $confirm != "Y"* ]]; then
echo "Email address was not confirmed, received '$confirm', aborting."
exit 0
fi
echo -n "Is this a test run? [Y/n]: "
typeset -l test dry_run
read test
if [[ $test == "y"* || -z $test ]]; then
dry_run="--dry-run"
echo " Great! Running with $dry_run to avoid using up requests."
else
echo " Requesting live certificates for new domains."
fi
## Main ##
# Loop over the proxy configuration files and ensure they have certs.
grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do
filename=`basename $file`
echo -e "\n"
if [[ $filename == *"example.com"* ]]; then
echo "Skipping $filename since it is only an example."
continue
fi
echo "*** Checking $filename ***"
if [[ -f $CERT_DIR/$filename/SELF ]]; then
echo "Removing self-signed certs."
rm -rfv $CERT_DIR/$filename
fi
if [[ ! -d $CERT_DIR/$filename ]]; then
echo "Getting the domains which need the cert."
domains=`grep -v '$server_name' $file | grep server_name`
# Clean up the data by removing the directive and semi-colon, changing
# spaces to commas, and making sure there are no gaps.
domains=${domains//server_name/}
domains=${domains//;/}
domains=`echo $domains`
domains=${domains// /,}
echo "Domains='$domains'"
echo "Attempting to create certs at $CERT_DIR/$filename."
docker exec rp-certbot \
certbot certonly -n --webroot $dry_run \
-w /etc/letsencrypt --agree-tos -m $email -d $filename
if [[ -z $dry_run ]]; then
docker exec rp-certbot \
sh -c "cp -rL /etc/letsencrypt/live/$filename /etc/letsencrypt/nginx/"
ls -lh $CERT_DIR/$filename/*
fi
else
echo "Website's certificate folder already exists, skipping."
continue
fi
done
exit 0
Reference in New Issue View Git Blame Copy Permalink