me/env-docker
me/env-docker
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
env-docker/Config/ReverseProxy/create_letsencrypt_certs.sh
Chad f205dbfcd5
Add DNS Server, Many Other Fixes/Enhancements (#12) 
* Add 443 just in case since docker ps is showing it as active.

* Add two new projects.

* Add pre-testing content for DNS.

* Initial untested stab at the GitLab config.

* This project uses build, image name is not needed.

* Cleanup, untested guess at how to handle the variables in the pipe section.

* Filled out all files for DNS. Ready for testing.

* This seems to work, Ubuntu is hoarding port 53 though even though local services are shut off.

* `dnsmasq` container is testing successfully now.

* Don't allow a run unless the config files exist.

* Correct the crontab entry so that $RANDOM works correctly.

* Certs were not being saved by LetsEncrypt for Nginx correctly. Should be working now.

* Do not allow disabled folders into Git.

* Do not allow disabled folders into Git, 2.

* Do not allow disabled folders into Git, 3.

* Do not allow disabled folders into Git, 4.

* Do not allow disabled folders into Git, 5.

* Do not allow disabled folders into Git, 6.

* Don't add logs from anywhere.

* Add ping and dig to Nextcloud container for troubleshooting.

* Fix tabs.

* Make unfinished suffix consistent.

* Clean whitespace.

* Multiple names for a single IP address.

* Add 2nd example domain from hosts file.

* Add caching program Redis for Nextcloud.

* Add REDIS_HOST variable for automatic setup through config/redis.config.php.

* Upgrade to compose version 3.

* Move OnlyOffice to Nextcloud area.

* Change container name.

* Add container_name to all compose services.

* Shorten names for Nextcloud services.

* Comment possible OO fixes while trying to get container to use DNS.

* Remove OnlyOffice setting tests.

* Do not commit .env files, only their examples.

* Move OnlyOffice to be its own configuration again. Add sourcing of DNS settings so that local traffic routes correctly.

* Fix source file, BASH_SROUCE did not work without the shebang. Also fix bug for when it sees `..` and assumes current directory.

* dns.env file did not work out, env_file: element not being read before dns: element. Using folder-specific .env files instead, seems to be loaded before dns: element. Also move other values to the env files for better password privacy.

* Keep commands for cleaning up environment in one file.

* Update examples.

* Fix cd moving the user to the file's directory.

* Add note for user to set up the env file.

* Replace README files by unhiding the example files.

* Still need to specify the variables in the environment: element.

* Add header variable.

* Place host above database.

* Fix "JWS" typo.

* Do not use the HEADER parameter.

* Add vim to fix packages.

* Forget about the manual DNS servers for a minute, ensure host is set up properly first. Ubuntu is happy but Debian is not.

* Try using the host network explicitly.

* Temporarily give up on having Nextcloud server see local OnlyOffice server. Works when they are different machines but need them together.
2023-08-21 22:07:46 +00:00

104 lines
2.8 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Create a real cert for each file in config/conf.d/.
## Variables ##
DIR=`dirname $0`
if [[ $DIR == \.* ]]; then
DIR=`pwd`
fi
# Where the files need to live.
CERT_DIR=$DIR/../../Volumes/ReverseProxy/letsencrypt-certs
echo "CERT_DIR=$CERT_DIR"
## Validations ##
# Ensure that fake certs were created at some point, or that the system has been run at least once.
if [[ ! -d $CERT_DIR ]]; then
echo "ERROR: Certificate directory does not exist yet. Run the placeholder script first." >&2
exit 1
fi
# The container needs to be running in order to use the certbot command.
certbot_running=`docker ps | grep -c reverseproxy-certbot-1`
if [[ $certbot_running != 1 ]]; then
echo "ERROR: Certbot container does not appear to be running, cannot continue." >&2
exit 1
fi
## Input ##
# Gather information from the user.
echo -n "Please provide the email address you would like the certs bound to: "
read email
if [[ -z $email ]]; then
echo "ERROR: Email address is mandatory. $email" >&2
exit 1
fi
echo -n "Please double check that '$email' looks correct and provide Yes if so: "
typeset -u confirm
read confirm
if [[ $confirm != "Y"* ]]; then
echo "Email address was not confirmed, received '$confirm', aborting."
exit 0
fi
echo -n "Is this a test run? [Y/n]: "
typeset -l test dry_run
read test
if [[ $test == "y"* || -z $test ]]; then
dry_run="--dry-run"
echo " Great! Running with $dry_run to avoid using up requests."
else
echo " Requesting live certificates for new domains."
fi
## Main ##
# Loop over the proxy configuration files and ensure they have certs.
grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do
filename=`basename $file`
echo -e "\n"
if [[ $filename == *"example.com"* ]]; then
echo "Skipping $filename since it is only an example."
continue
fi
echo "*** Checking $filename ***"
if [[ -f $CERT_DIR/$filename/SELF ]]; then
echo "Removing self-signed certs."
rm -rfv $CERT_DIR/$filename
fi
if [[ ! -d $CERT_DIR/$filename ]]; then
echo "Getting the domains which need the cert."
domains=`grep -v '$server_name' $file | grep server_name`
# Clean up the data by removing the directive and semi-colon, changing
# spaces to commas, and making sure there are no gaps.
domains=${domains//server_name/}
domains=${domains//;/}
domains=`echo $domains`
domains=${domains// /,}
echo "Domains='$domains'"
echo "Attempting to create certs at $CERT_DIR/$filename."
docker exec reverseproxy-certbot-1 \
certbot certonly -n --webroot $dry_run \
-w /etc/letsencrypt --agree-tos -m $email -d $filename
if [[ -z $dry_run ]]; then
docker exec reverseproxy-certbot-1 \
sh -c "cp -rL /etc/letsencrypt/live/$filename /etc/letsencrypt/nginx/"
ls -lh $CERT_DIR/$filename/*
fi
else
echo "Website's certificate folder already exists, skipping."
continue
fi
done
exit 0
Reference in New Issue View Git Blame Copy Permalink