#!/bin/bash if [ "$EUID" -ne 0 ] then echo "Veuillez executez ce script en root" exit 1 fi domain=$(cat /etc/nginx/conf.d/nextcloud.conf | grep server_name | awk '{ print $2 }') domain=$(echo ${domain::-1}) [[ ! $1 =~ ^(ssl|nonssl|certif)$ ]] && echo "Veuillez choisir ssl, nonssl ou certif pour créer un certificat ssl" && exit 1 ssl(){ sed -i "s/'overwriteprotocol' => 'http'/'overwriteprotocol' => 'https'/" /var/www/nextcloud/config/config.php sed -i "s/http/https/" /etc/nginx/conf.d/nextcloud.conf sed -i "s/fastcgi_param HTTPS off/fastcgi_param HTTPS on/" /etc/nginx/conf.d/nextcloud.conf sed -i "s/listen 443;/listen 443 ssl;/" /etc/nginx/conf.d/nextcloud.conf [[ ! -e /etc/nginx/includes ]] && mkdir /etc/nginx/includes cp .install_templates/ssl.conf /etc/nginx/includes/ sed -i "/fastcgi_hide_header X-Powered-By;/a \ include includes/ssl.conf;\n ssl_certificate /etc/letsencrypt/live/$domain/fullchain.pem;\n ssl_certificate_key /etc/letsencrypt/live/$domain/privkey.pem;" /etc/nginx/conf.d/nextcloud.conf } nonssl(){ sed -i "s/'overwriteprotocol' => 'https'/'overwriteprotocol' => 'http'/" /var/www/nextcloud/config/config.php sed -i "s/https/http/" /etc/nginx/conf.d/nextcloud.conf sed -i "s/fastcgi_param HTTPS on/fastcgi_param HTTPS off/" /etc/nginx/conf.d/nextcloud.conf sed -i '/ssl.conf;/d' /etc/nginx/conf.d/nextcloud.conf sed -i '/ssl_certificate/d' /etc/nginx/conf.d/nextcloud.conf } install_certbot(){ sudo apt update if [[ $(grep buster /etc/os-release) ]]; then [[ -z $(cat /etc/apt/sources.list | grep "buster-backports main") ]] && echo "deb http://deb.debian.org/debian buster-backports main" >> /etc/apt/sources.list sudo apt install certbot python-certbot-nginx -t buster-backports -y elif [[ $(grep stretch /etc/os-release) ]]; then sudo apt install certbot python-certbot-nginx -y elif [[ $(grep -E '16.|17.|18.|19.' /etc/os-release) ]]; then sudo apt install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt update sudo apt install certbot python-certbot-nginx else echo "OS non supporté pour certbot." && exit 1 fi } create_certificate() { cd .install_templates certbot --nginx certonly --non-interactive --agree-tos -m $USER@$domain -d $domain && echo "Le certificat de $domain a bien été déployé" || echo "Une erreur s'est produite lors de la création du certificat SSL" ## Cronification [[ ! -e /opt/scripts ]] && mkdir /opt/scripts cp ssl_renew.sh /opt/scripts/ [[ -z $(crontab -l | grep "/opt/scripts/ssl_renew.sh") ]] && (crontab -l ; echo "12 2 * * 1 /opt/scripts/ssl_renew.sh") | crontab -u root - } certif() { [[ -z $(which certbot) ]] && install_certbot [[ -n /etc/letsencrypt/live/$domain/fullchain.pem ]] && create_certificate } $@ service nginx reload exit 0