Mirrors/edumeet
1
0
Fork 0
mirror of https://github.com/edumeet/edumeet.git synced 2026-01-23 02:34:58 +00:00
Code Issues Projects Releases Wiki Activity
edumeet/run-first.sh
Håvar Aambø Fosstveit 1a8221e4a9 Update repo for version 4
2024-02-28 21:56:13 +01:00

110 lines
3.3 KiB
Bash
Executable file
Raw Permalink Blame History

#!/bin/bash
if ! [ -x "$(command -v curl)" ]; then
echo 'Error: curl is not installed.' >&2
exit 1
fi
# Check if docker-compose is installed
if ! [ -x "$(command -v docker-compose)" ]; then
echo 'Error: docker-compose is not installed.' >&2
exit 1
fi
# Load existing .env file if it exists
if [ -f ".env" ]; then
export $(cat .env | xargs)
fi
# Ask for input only if variables are not already set
[ -z "$MAIN_DOMAIN" ] && read -p "Enter Main FQDN: " MAIN_DOMAIN
[ -z "$MEDIA_DOMAIN" ] && read -p "Enter Media FQDN: " MEDIA_DOMAIN
[ -z "$EMAIL" ] && read -p "Enter Email: " EMAIL
[ -z "$LISTEN_IP" ] && read -p "Enter Listen IP: " LISTEN_IP
[ -z "$EXTERNAL_IP" ] && read -p "Enter Public IP: " EXTERNAL_IP
# Always generate a new Media Secret
MEDIA_SECRET=$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 20)
# Save the environment variables
cat <<EOF > .env
MAIN_DOMAIN=$MAIN_DOMAIN
MEDIA_DOMAIN=$MEDIA_DOMAIN
EMAIL=$EMAIL
LISTEN_IP=$LISTEN_IP
EXTERNAL_IP=$EXTERNAL_IP
MEDIA_SECRET=$MEDIA_SECRET
EOF
# Define other variables
domains=($MAIN_DOMAIN $MEDIA_DOMAIN)
rsa_key_size=4096
data_path="./certbot"
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
if [ -d "$data_path" ]; then
read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
exit
fi
fi
# Downloading recommended TLS parameters
if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
echo "### Downloading recommended TLS parameters ..."
mkdir -p "$data_path/conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
echo
fi
echo "### Creating dummy certificate for $domains ..."
path="/etc/letsencrypt/live/$domains"
mkdir -p "$data_path/conf/live/$domains"
docker-compose run --rm --entrypoint "\
openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\
-keyout '$path/privkey.pem' \
-out '$path/fullchain.pem' \
-subj '/CN=localhost'" certbot
echo
echo "### Starting proxy ..."
docker-compose up --force-recreate -d proxy
echo
echo "### Deleting dummy certificate for $domains ..."
docker-compose run --rm --entrypoint "\
rm -Rf /etc/letsencrypt/live/$domains && \
rm -Rf /etc/letsencrypt/archive/$domains && \
rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
echo
echo "### Requesting Let's Encrypt certificate for $domains ..."
#Join $domains to -d args
domain_args=""
for domain in "${domains[@]}"; do
domain_args="$domain_args -d $domain"
done
# Select appropriate email arg
case "$email" in
"") email_arg="--register-unsafely-without-email" ;;
*) email_arg="--email $email" ;;
esac
# Enable staging mode if needed
if [ $staging != "0" ]; then staging_arg="--staging"; fi
docker-compose run --rm --entrypoint "\
certbot certonly --webroot -w /var/www/certbot \
$staging_arg \
$email_arg \
$domain_args \
--rsa-key-size $rsa_key_size \
--agree-tos \
--force-renewal" certbot
echo
echo "### Reloading proxy ..."
docker-compose exec proxy nginx -s reload
Reference in a new issue View git blame Copy permalink