mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-20 15:26:04 +08:00
1a1ba1ccf4
* Move ee code to ee package and unify ee status to IsPro * Consolidate naming for paid/professional/enterprise version as "pro". Notes: - Changes image tags - Changes build tags - Changes package names - Doesn't change links to docs that mention "ee" - Doesn't change parameters sent to PostHog that mention "ee" * Revert docker image tag being -pro, back to -ee * Revert go build tag being pro, back to ee * Add build tags for some ee content * [2] Revert go build tag being pro, back to ee * Fix test workflow * Add a json tag to be backwards compatible with frontend "IsEE" check * Add a json tag for the serverconfig struct for IsEE * Ammend json tag to Is_EE * fix ee tags --------- Co-authored-by: Abhishek Kondur <abhi281342@gmail.com>
114 lines
2.8 KiB
Bash
Executable file
114 lines
2.8 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
CONFIG_FILE=netmaker.env
|
|
SCRIPT_DIR=$(dirname "$(realpath "$0")")
|
|
|
|
# get and check the config
|
|
if [ ! -f "$SCRIPT_DIR/$CONFIG_FILE" ]; then
|
|
echo "Config file missing"
|
|
exit 1
|
|
fi
|
|
source "$SCRIPT_DIR/$CONFIG_FILE"
|
|
if [ -z "$NM_DOMAIN" ] || [ -z "$NM_EMAIL" ]; then
|
|
echo "Config not valid"
|
|
exit 1
|
|
fi
|
|
|
|
# TODO make sure this doesnt break, parse `certbot certificates` if yes
|
|
CERT_DIR="$SCRIPT_DIR/letsencrypt/live/api.$NM_DOMAIN"
|
|
|
|
echo "Setting up SSL certificates..."
|
|
|
|
# preserve the env state
|
|
RESTART_CADDY=false
|
|
if [ -n "$(docker ps | grep caddy)" ]; then
|
|
echo "Caddy is running, stopping for now..."
|
|
RESTART_CADDY=true
|
|
docker-compose -f /root/docker-compose.yml stop caddy
|
|
fi
|
|
|
|
if [ "$INSTALL_TYPE" = "ce" ]; then
|
|
CERTBOT_PARAMS=$(cat <<EOF
|
|
certonly --standalone \
|
|
--non-interactive --agree-tos \
|
|
-m $NM_EMAIL \
|
|
-d api.$NM_DOMAIN \
|
|
-d broker.$NM_DOMAIN \
|
|
-d dashboard.$NM_DOMAIN \
|
|
-d turn.$NM_DOMAIN \
|
|
-d turnapi.$NM_DOMAIN
|
|
EOF
|
|
)
|
|
elif [ "$INSTALL_TYPE" = "pro" ]; then
|
|
CERTBOT_PARAMS=$(cat <<EOF
|
|
certonly --standalone \
|
|
--non-interactive --expand --agree-tos \
|
|
-m $NM_EMAIL \
|
|
-d api.$NM_DOMAIN \
|
|
-d broker.$NM_DOMAIN \
|
|
-d dashboard.$NM_DOMAIN \
|
|
-d turn.$NM_DOMAIN \
|
|
-d turnapi.$NM_DOMAIN \
|
|
-d netmaker-exporter.$NM_DOMAIN \
|
|
-d grafana.$NM_DOMAIN \
|
|
-d prometheus.$NM_DOMAIN
|
|
EOF
|
|
)
|
|
fi
|
|
|
|
# generate an entrypoint for zerossl-certbot
|
|
cat <<EOF >"$SCRIPT_DIR/certbot-entry.sh"
|
|
#!/bin/sh
|
|
# deps
|
|
apk update
|
|
apk add bash curl
|
|
# zerossl
|
|
wget -qO zerossl-bot.sh "https://github.com/zerossl/zerossl-bot/raw/master/zerossl-bot.sh"
|
|
chmod +x zerossl-bot.sh
|
|
# request the certs
|
|
./zerossl-bot.sh "$CERTBOT_PARAMS"
|
|
EOF
|
|
|
|
chmod +x "$SCRIPT_DIR/certbot-entry.sh"
|
|
|
|
# request certs
|
|
sudo docker run -it --rm --name certbot \
|
|
-p 80:80 -p 443:443 \
|
|
-v "$SCRIPT_DIR/certbot-entry.sh:/opt/certbot/certbot-entry.sh" \
|
|
-v "$SCRIPT_DIR/letsencrypt:/etc/letsencrypt" \
|
|
--entrypoint "/opt/certbot/certbot-entry.sh" \
|
|
certbot/certbot
|
|
|
|
# clean up
|
|
rm "$SCRIPT_DIR/certbot-entry.sh"
|
|
|
|
# check if successful
|
|
if [ ! -f "$CERT_DIR"/fullchain.pem ]; then
|
|
# fallback to letsencrypt-certbot
|
|
sudo docker run -it --rm --name certbot \
|
|
-p 80:80 -p 443:443 \
|
|
-v "$SCRIPT_DIR/letsencrypt:/etc/letsencrypt" \
|
|
certbot/certbot $CERTBOT_PARAMS
|
|
if [ ! -f "$CERT_DIR"/fullchain.pem ]; then
|
|
echo "Missing file: $CERT_DIR/fullchain.pem"
|
|
echo "SSL certificates failed"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# copy for mounting
|
|
mkdir -p certs
|
|
cp -L "$CERT_DIR/fullchain.pem" "$SCRIPT_DIR/certs/fullchain.pem"
|
|
cp -L "$CERT_DIR/privkey.pem" "$SCRIPT_DIR/certs/privkey.pem"
|
|
|
|
echo "SSL certificates ready"
|
|
|
|
# preserve the env state
|
|
if [ "$RESTART_CADDY" = true ]; then
|
|
echo "Starting Caddy..."
|
|
docker-compose -f /root/docker-compose.yml start caddy
|
|
fi
|
|
|
|
# install crontab
|
|
ln -sfn "$SCRIPT_DIR"/nm-certs.sh /etc/cron.monthly/nm-certs.sh
|