forked from axiom-team/astrXbian
70 lines
2.8 KiB
Bash
70 lines
2.8 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
if [ "$EUID" -ne 0 ]
|
||
|
then echo "Veuillez executez ce script en root"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
domain=$(cat /etc/nginx/conf.d/nextcloud.conf | grep server_name | awk '{ print $2 }')
|
||
|
domain=$(echo ${domain::-1})
|
||
|
|
||
|
[[ ! $1 =~ ^(ssl|nonssl|certif)$ ]] && echo "Veuillez choisir ssl, nonssl ou certif pour créer un certificat ssl" && exit 1
|
||
|
|
||
|
ssl(){
|
||
|
sed -i "s/'overwriteprotocol' => 'http'/'overwriteprotocol' => 'https'/" /var/www/nextcloud/config/config.php
|
||
|
sed -i "s/http/https/" /etc/nginx/conf.d/nextcloud.conf
|
||
|
sed -i "s/fastcgi_param HTTPS off/fastcgi_param HTTPS on/" /etc/nginx/conf.d/nextcloud.conf
|
||
|
sed -i "s/listen 443;/listen 443 ssl;/" /etc/nginx/conf.d/nextcloud.conf
|
||
|
[[ ! -e /etc/nginx/includes ]] && mkdir /etc/nginx/includes
|
||
|
cp .install_templates/ssl.conf /etc/nginx/includes/
|
||
|
sed -i "/fastcgi_hide_header X-Powered-By;/a \ include includes/ssl.conf;\n ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;\n ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;" /etc/nginx/conf.d/nextcloud.conf
|
||
|
}
|
||
|
|
||
|
nonssl(){
|
||
|
sed -i "s/'overwriteprotocol' => 'https'/'overwriteprotocol' => 'http'/" /var/www/nextcloud/config/config.php
|
||
|
sed -i "s/https/http/" /etc/nginx/conf.d/nextcloud.conf
|
||
|
sed -i "s/fastcgi_param HTTPS on/fastcgi_param HTTPS off/" /etc/nginx/conf.d/nextcloud.conf
|
||
|
sed -i '/ssl.conf;/d' /etc/nginx/conf.d/nextcloud.conf
|
||
|
sed -i '/ssl_certificate/d' /etc/nginx/conf.d/nextcloud.conf
|
||
|
}
|
||
|
|
||
|
|
||
|
install_certbot(){
|
||
|
sudo apt update
|
||
|
if [[ $(grep buster /etc/os-release) ]]; then
|
||
|
[[ -z $(cat /etc/apt/sources.list | grep "buster-backports main") ]] && echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
|
||
|
sudo apt install certbot python-certbot-nginx -t buster-backports -y
|
||
|
elif [[ $(grep stretch /etc/os-release) ]]; then
|
||
|
sudo apt install certbot python-certbot-nginx -y
|
||
|
elif [[ $(grep -E '16.|17.|18.|19.' /etc/os-release) ]]; then
|
||
|
sudo apt install software-properties-common
|
||
|
sudo add-apt-repository universe
|
||
|
sudo add-apt-repository ppa:certbot/certbot
|
||
|
sudo apt update
|
||
|
sudo apt install certbot python-certbot-nginx
|
||
|
else
|
||
|
echo "OS non supporté pour certbot." && exit 1
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
create_certificate() {
|
||
|
cd .install_templates
|
||
|
certbot --nginx certonly --non-interactive --agree-tos -m $USER@$domain -d $domain && echo "Le certificat de $domain a bien été déployé" || echo "Une erreur s'est produite lors de la création du certificat SSL"
|
||
|
|
||
|
## Cronification
|
||
|
[[ ! -e /opt/scripts ]] && mkdir /opt/scripts
|
||
|
cp ssl_renew.sh /opt/scripts/
|
||
|
[[ -z $(crontab -l | grep "/opt/scripts/ssl_renew.sh") ]] && (crontab -l ; echo "12 2 * * 1 /opt/scripts/ssl_renew.sh") | crontab -u root -
|
||
|
}
|
||
|
|
||
|
certif() {
|
||
|
[[ -z $(which certbot) ]] && install_certbot
|
||
|
[[ -n /etc/letsencrypt/live/$domain/fullchain.pem ]] && create_certificate
|
||
|
}
|
||
|
|
||
|
$@
|
||
|
|
||
|
service nginx reload
|
||
|
|
||
|
exit 0
|