2019-12-13 19:55:02 +01:00
#!/bin/bash
MY_PATH = " `dirname \" $0 \"` " # relative
MY_PATH = " `( cd \" $MY_PATH \" && pwd )` " # absolutized and normalized
### Vars
2019-12-15 02:55:15 +01:00
args = $( echo $@ | tr " " "\n" )
2019-12-14 21:45:36 +01:00
if [ [ " $args " = ~ "DOMAIN=" ] ] ; then
DOMAIN = $( echo " $args " | grep "\<DOMAIN=" | awk -F '=' '{ print $2 }' )
else
echo "Veuillez sélectionner un domaine avec DOMAIN=mondommain.com"
exit 1
fi
if [ [ " $args " = ~ "APP=" ] ] ; then
APP = $( echo " $args " | grep "\<APP=" | awk -F '=' '{ print $2 }' )
else
echo "Veuillez sélectionner une application avec APP=monapp"
exit 1
fi
2019-12-15 02:55:15 +01:00
action = $( echo " $args " | grep -v "=" )
2019-12-13 19:55:02 +01:00
[ [ ! $action = ~ ^( on| off| certif) $ ] ] && echo "Veuillez choisir on, off ou certif pour créer un certificat ssl" && exit 1
###
install_certbot( ) {
sudo apt update
if [ [ $( grep -E 'stretch|buster' /etc/os-release) ] ] ; then
sudo apt install certbot python-certbot-nginx -y
elif [ [ $( grep -E '16.|17.|18.|19.' /etc/os-release) ] ] ; then
sudo apt install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install certbot python-certbot-nginx
else
echo "OS non supporté pour certbot." && exit 1
fi
}
create_certificate( ) {
sudo certbot --nginx certonly --non-interactive --agree-tos -m $USER @$DOMAIN -d $DOMAIN && echo " Le certificat de $DOMAIN a bien été déployé " || echo "Une erreur s'est produite lors de la création du certificat SSL"
## Cronification
[ [ ! -e /opt/scripts ] ] && sudo mkdir /opt/scripts
2019-12-14 21:45:36 +01:00
sudo cp $MY_PATH /templates/rproxy/ssl_renew.sh /opt/scripts/
2019-12-13 19:55:02 +01:00
[ [ -z $( sudo crontab -l | grep "/opt/scripts/ssl_renew.sh" ) ] ] && ( sudo crontab -l ; sudo echo "12 2 * * 1 /opt/scripts/ssl_renew.sh" ) | sudo crontab -u root -
}
case $action in
on)
2019-12-15 02:55:15 +01:00
sudo sed -i 's/ #if/ if/g' /etc/nginx/conf.d/$APP .conf
2019-12-18 01:53:42 +01:00
sudo sed -i 's/ #add/ add/g' /etc/nginx/conf.d/$APP .conf
2019-12-13 19:55:02 +01:00
2019-12-14 21:45:36 +01:00
sudo sed -i "s/listen 443;/listen 443 ssl;/g" /etc/nginx/conf.d/$APP .conf
2019-12-13 19:55:02 +01:00
[ [ ! -d /etc/nginx/includes ] ] && sudo mkdir /etc/nginx/includes
2019-12-14 21:45:36 +01:00
sudo cp $MY_PATH /templates/rproxy/ssl.conf /etc/nginx/includes/
sudo sed -i " /Content-Security-Policy/a \ include includes/ssl.conf;\n ssl_certificate /etc/letsencrypt/live/ $DOMAIN /fullchain.pem;\n ssl_certificate_key /etc/letsencrypt/live/ $DOMAIN /privkey.pem; " /etc/nginx/conf.d/$APP .conf
2019-12-13 19:55:02 +01:00
; ;
off)
2019-12-15 02:55:15 +01:00
sudo sed -i "s/ if/ #if/g" /etc/nginx/conf.d/$APP .conf
2019-12-18 01:53:42 +01:00
sudo sed -i "s/ add/ #add/g" /etc/nginx/conf.d/$APP .conf
2019-12-15 02:55:15 +01:00
sudo sed -i "/ssl.conf;/d" /etc/nginx/conf.d/$APP .conf
sudo sed -i "/ssl_certificate/d" /etc/nginx/conf.d/$APP .conf
2019-12-13 19:55:02 +01:00
; ;
certif)
2019-12-15 02:55:15 +01:00
[ [ ! $( which certbot) ] ] && install_certbot
if sudo test ! -f /etc/letsencrypt/live/$DOMAIN /fullchain.pem; then create_certificate; fi
2019-12-13 19:55:02 +01:00
; ;
esac