2019-12-06 12:27:58 +01:00
#!/bin/bash
if [ " $EUID " -ne 0 ]
then echo "Veuillez executez ce script en root"
exit 1
fi
domain = $( cat /etc/nginx/conf.d/nextcloud.conf | grep server_name | awk '{ print $2 }' )
domain = $( echo ${ domain : :- 1 } )
[ [ ! $1 = ~ ^( ssl| nonssl| certif) $ ] ] && echo "Veuillez choisir ssl, nonssl ou certif pour créer un certificat ssl" && exit 1
ssl( ) {
sed -i "s/'overwriteprotocol' => 'http'/'overwriteprotocol' => 'https'/" /var/www/nextcloud/config/config.php
sed -i "s/http/https/" /etc/nginx/conf.d/nextcloud.conf
sed -i "s/fastcgi_param HTTPS off/fastcgi_param HTTPS on/" /etc/nginx/conf.d/nextcloud.conf
sed -i "s/listen 443;/listen 443 ssl;/" /etc/nginx/conf.d/nextcloud.conf
[ [ ! -e /etc/nginx/includes ] ] && mkdir /etc/nginx/includes
cp .install_templates/ssl.conf /etc/nginx/includes/
sed -i " /fastcgi_hide_header X-Powered-By;/a \ include includes/ssl.conf;\n ssl_certificate /etc/letsencrypt/live/ $domain /fullchain.pem;\n ssl_certificate_key /etc/letsencrypt/live/ $domain /privkey.pem; " /etc/nginx/conf.d/nextcloud.conf
}
nonssl( ) {
sed -i "s/'overwriteprotocol' => 'https'/'overwriteprotocol' => 'http'/" /var/www/nextcloud/config/config.php
sed -i "s/https/http/" /etc/nginx/conf.d/nextcloud.conf
sed -i "s/fastcgi_param HTTPS on/fastcgi_param HTTPS off/" /etc/nginx/conf.d/nextcloud.conf
sed -i '/ssl.conf;/d' /etc/nginx/conf.d/nextcloud.conf
sed -i '/ssl_certificate/d' /etc/nginx/conf.d/nextcloud.conf
}
2019-12-10 06:48:21 +01:00
2019-12-06 12:27:58 +01:00
install_certbot( ) {
2019-12-10 06:48:21 +01:00
sudo apt update
if [ [ $( grep buster /etc/os-release) ] ] ; then
[ [ -z $( cat /etc/apt/sources.list | grep "buster-backports main" ) ] ] && echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list
sudo apt install certbot python-certbot-nginx -t buster-backports -y
elif [ [ $( grep stretch /etc/os-release) ] ] ; then
sudo apt install certbot python-certbot-nginx -y
elif [ [ $( grep -E '16.|17.|18.|19.' /etc/os-release) ] ] ; then
sudo apt install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install certbot python-certbot-nginx
else
echo "OS non supporté pour certbot." && exit 1
fi
2019-12-06 12:27:58 +01:00
}
create_certificate( ) {
cd .install_templates
certbot --nginx certonly --non-interactive --agree-tos -m $USER @$domain -d $domain && echo " Le certificat de $domain a bien été déployé " || echo "Une erreur s'est produite lors de la création du certificat SSL"
## Cronification
[ [ ! -e /opt/scripts ] ] && mkdir /opt/scripts
cp ssl_renew.sh /opt/scripts/
[ [ -z $( crontab -l | grep "/opt/scripts/ssl_renew.sh" ) ] ] && ( crontab -l ; echo "12 2 * * 1 /opt/scripts/ssl_renew.sh" ) | crontab -u root -
}
certif( ) {
[ [ -z $( which certbot) ] ] && install_certbot
[ [ -n /etc/letsencrypt/live/$domain /fullchain.pem ] ] && create_certificate
}
$@
service nginx reload
exit 0