gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2024-09-20 23:36:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
netmaker/scripts/nm-certs.sh
Matthew R Kasun ae1cd94fc8 remove stun refs
2023-06-28 17:39:40 -04:00

100 lines
2.4 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
CONFIG_FILE=netmaker.env
SCRIPT_DIR=$(dirname "$(realpath "$0")")
# get and check the config
if [ ! -f "$SCRIPT_DIR/$CONFIG_FILE" ]; then
echo "Config file missing"
exit 1
fi
source "$SCRIPT_DIR/$CONFIG_FILE"
if [ -z "$NM_DOMAIN" ] || [ -z "$NM_EMAIL" ]; then
echo "Config not valid"
exit 1
fi
# TODO make sure this doesnt break, parse `certbot certificates` if yes
CERT_DIR="$SCRIPT_DIR/letsencrypt/live/api.$NM_DOMAIN"
echo "Setting up SSL certificates..."
# preserve the env state
RESTART_CADDY=false
if [ -n "$(docker ps | grep caddy)" ]; then
echo "Caddy is running, stopping for now..."
RESTART_CADDY=true
docker-compose -f /root/docker-compose.yml stop caddy
fi
CERTBOT_PARAMS=$(cat <<EOF
certonly --standalone \
--non-interactive --agree-tos \
-m $NM_EMAIL \
-d api.$NM_DOMAIN \
-d broker.$NM_DOMAIN \
-d dashboard.$NM_DOMAIN \
-d turn.$NM_DOMAIN \
-d turnapi.$NM_DOMAIN \
-d netmaker-exporter.$NM_DOMAIN \
-d grafana.$NM_DOMAIN \
-d prometheus.$NM_DOMAIN
EOF
)
# generate an entrypoint for zerossl-certbot
cat <<EOF >"$SCRIPT_DIR/certbot-entry.sh"
#!/bin/sh
# deps
apk update
apk add bash curl
# zerossl
wget -qO zerossl-bot.sh "https://github.com/zerossl/zerossl-bot/raw/master/zerossl-bot.sh"
chmod +x zerossl-bot.sh
# request the certs
./zerossl-bot.sh "$CERTBOT_PARAMS"
EOF
chmod +x "$SCRIPT_DIR/certbot-entry.sh"
# request certs
sudo docker run -it --rm --name certbot \
-p 80:80 -p 443:443 \
-v "$SCRIPT_DIR/certbot-entry.sh:/opt/certbot/certbot-entry.sh" \
-v "$SCRIPT_DIR/letsencrypt:/etc/letsencrypt" \
--entrypoint "/opt/certbot/certbot-entry.sh" \
certbot/certbot
# clean up
rm "$SCRIPT_DIR/certbot-entry.sh"
# check if successful
if [ ! -f "$CERT_DIR"/fullchain.pem ]; then
# fallback to letsencrypt-certbot
sudo docker run -it --rm --name certbot \
-p 80:80 -p 443:443 \
-v "$SCRIPT_DIR/letsencrypt:/etc/letsencrypt" \
certbot/certbot $CERTBOT_PARAMS
if [ ! -f "$CERT_DIR"/fullchain.pem ]; then
echo "Missing file: $CERT_DIR/fullchain.pem"
echo "SSL certificates failed"
exit 1
fi
fi
# copy for mounting
mkdir -p certs
cp -L "$CERT_DIR/fullchain.pem" "$SCRIPT_DIR/certs/fullchain.pem"
cp -L "$CERT_DIR/privkey.pem" "$SCRIPT_DIR/certs/privkey.pem"
echo "SSL certificates ready"
# preserve the env state
if [ "$RESTART_CADDY" = true ]; then
echo "Starting Caddy..."
docker-compose -f /root/docker-compose.yml start caddy
fi
# install crontab
ln -sfn "$SCRIPT_DIR"/nm-certs.sh /etc/cron.monthly/nm-certs.sh
Reference in a new issue View git blame Copy permalink