forked from axiom-team/astroport
75 lines
2.7 KiB
Bash
Executable File
75 lines
2.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
MY_PATH="`dirname \"$0\"`" # relative
|
|
MY_PATH="`( cd \"$MY_PATH\" && pwd )`" # absolutized and normalized
|
|
|
|
### Vars
|
|
args=$(echo $@ | tr " " "\n")
|
|
|
|
if [[ "$args" =~ "DOMAIN=" ]]; then
|
|
DOMAIN=$(echo "$args" | grep "\<DOMAIN=" | awk -F '=' '{ print $2 }')
|
|
else
|
|
echo "Veuillez sélectionner un domaine avec DOMAIN=mondommain.com"
|
|
exit 1
|
|
fi
|
|
if [[ "$args" =~ "APP=" ]]; then
|
|
APP=$(echo "$args" | grep "\<APP=" | awk -F '=' '{ print $2 }')
|
|
else
|
|
echo "Veuillez sélectionner une application avec APP=monapp"
|
|
exit 1
|
|
fi
|
|
|
|
action=$(echo "$args" | grep -v "=")
|
|
[[ ! $action =~ ^(on|off|certif)$ ]] && echo "Veuillez choisir on, off ou certif pour créer un certificat ssl" && exit 1
|
|
###
|
|
|
|
install_certbot(){
|
|
sudo apt update
|
|
if [[ $(grep -E 'stretch|buster' /etc/os-release) ]]; then
|
|
sudo apt install certbot python-certbot-nginx -y
|
|
elif [[ $(grep -E '16.|17.|18.|19.' /etc/os-release) ]]; then
|
|
sudo apt install software-properties-common
|
|
sudo add-apt-repository universe
|
|
sudo add-apt-repository ppa:certbot/certbot
|
|
sudo apt update
|
|
sudo apt install certbot python-certbot-nginx
|
|
else
|
|
echo "OS non supporté pour certbot." && exit 1
|
|
fi
|
|
}
|
|
|
|
create_certificate() {
|
|
sudo certbot --nginx certonly --non-interactive --agree-tos -m $USER@$DOMAIN -d $DOMAIN && echo "Le certificat de $DOMAIN a bien été déployé" || echo "Une erreur s'est produite lors de la création du certificat SSL"
|
|
|
|
## Cronification
|
|
[[ ! -e /opt/scripts ]] && sudo mkdir /opt/scripts
|
|
sudo cp $MY_PATH/templates/rproxy/ssl_renew.sh /opt/scripts/
|
|
[[ -z $(sudo crontab -l | grep "/opt/scripts/ssl_renew.sh") ]] && (sudo crontab -l ; sudo echo "12 2 * * 1 /opt/scripts/ssl_renew.sh") | sudo crontab -u root -
|
|
}
|
|
|
|
|
|
case $action in
|
|
on)
|
|
sudo sed -i 's/ #if/ if/g' /etc/nginx/conf.d/$APP.conf
|
|
sudo sed -i 's/ #add/ add/g' /etc/nginx/conf.d/$APP.conf
|
|
|
|
sudo sed -i "s/listen 443;/listen 443 ssl;/g" /etc/nginx/conf.d/$APP.conf
|
|
[[ ! -d /etc/nginx/includes ]] && sudo mkdir /etc/nginx/includes
|
|
sudo cp $MY_PATH/templates/rproxy/ssl.conf /etc/nginx/includes/
|
|
sudo sed -i "/Content-Security-Policy/a \ include includes/ssl.conf;\n ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;\n ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;" /etc/nginx/conf.d/$APP.conf
|
|
;;
|
|
|
|
off)
|
|
sudo sed -i "s/ if/ #if/g" /etc/nginx/conf.d/$APP.conf
|
|
sudo sed -i "s/ add/ #add/g" /etc/nginx/conf.d/$APP.conf
|
|
|
|
sudo sed -i "/ssl.conf;/d" /etc/nginx/conf.d/$APP.conf
|
|
sudo sed -i "/ssl_certificate/d" /etc/nginx/conf.d/$APP.conf
|
|
;;
|
|
certif)
|
|
[[ ! $(which certbot) ]] && install_certbot
|
|
if sudo test ! -f /etc/letsencrypt/live/$DOMAIN/fullchain.pem; then create_certificate; fi
|
|
;;
|
|
|
|
esac
|