From 87b1fc708eb3ed15dc41ee88c3d417e7a9667913 Mon Sep 17 00:00:00 2001 From: "rieger::CLOUD" Date: Fri, 20 Apr 2018 15:15:13 +0200 Subject: [PATCH] made comments more readable script --- ssl-certificate.sh | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/ssl-certificate.sh b/ssl-certificate.sh index 253c797..64d75b1 100644 --- a/ssl-certificate.sh +++ b/ssl-certificate.sh @@ -1,24 +1,31 @@ +####################################################### # Carsten Rieger IT-Services # SSL-CERTIFICATE.SH # Version 1.0 # April 20th, 2018 +# Version 1.0: initial script +####################################################### +###global function to update and cleanup the environment function update_and_clean() { apt update apt upgrade -y apt autoclean -y apt autoremove -y } +###global function to restart all cloud services function restart_all_services() { /usr/sbin/service nginx restart /usr/sbin/service mysql restart /usr/sbin/service redis-server restart /usr/sbin/service php7.2-fpm restart } +###global function to create backups of the effected files function copy4SSL() { cp /etc/nginx/conf.d/nextcloud.conf /etc/nginx/conf.d/nextcloud.conf.orig cp /etc/nginx/ssl.conf /etc/nginx/ssl.conf.orig cp /var/www/nextcloud/config/config.php /var/www/nextcloud/config/config.php.orig } +###global function to show an error message if the certificate request would fail function errorSSL() { clear echo "*** ERROR while requeting your certificate(s) ***" @@ -27,24 +34,39 @@ echo "Verify that both ports (80 + 443) are forwarded to this server!" echo "And verify, your dyndns points to your IP either!" echo "Then retry..." } +#add the letsencrypt repository to the server add-apt-repository ppa:certbot/certbot -y update_and_clean +#install letsencrypt apt install letsencrypt -y +#ensure lower cases declare -l DYNDNSNAME declare -l YOURSERVERNAME +#read the current hostname YOURSERVERNAME=$(hostname) +#ask the user what would be the domain name to request the certificate for read -p "Your domain: " DYNDNSNAME +#request the certificate for the entered domain name letsencrypt certonly -a webroot --webroot-path=/var/www/letsencrypt --rsa-key-size 4096 -d $DYNDNSNAME +#in case of any errors if [ ! -d "/etc/letsencrypt/live" ]; then errorSSL +#if no error appeared else copy4SSL +#remove the entry for the self signed certificates sed -i '/ssl-cert-snakeoil/d' /etc/nginx/ssl.conf +#apply the new server/domain name to the NGINX vhost for Nextcloud sed -i "s/server_name.*;/server_name $DYNDNSNAME;/" /etc/nginx/conf.d/nextcloud.conf +#change the placeholder values to the exact letsencrypt ones sed -in 's/YOUR.DEDYN.IO/'$DYNDNSNAME'/' /etc/nginx/ssl.conf +# remove the '#' to enable these certificates/keys sed -i s/\#\ssl/\ssl/g /etc/nginx/ssl.conf +#ensure that dhparam is commented as long it was not generated sed -i s/ssl_dhparam/\#ssl_dhparam/g /etc/nginx/ssl.conf +#adjust Nextclous config.php to the new domain name sudo -u www-data sed -in 's/'$YOURSERVERNAME'/'$DYNDNSNAME'/' /var/www/nextcloud/config/config.php +#restart the cloud environment restart_all_services clear echo "++++++++++++++++++++++++++++++++++++++++++++++++++++" @@ -53,4 +75,4 @@ echo " Call: https://$DYNDNSNAME and enjoy your Nextcloud" echo "" echo "++++++++++++++++++++++++++++++++++++++++++++++++++++" fi -exit 0 \ No newline at end of file +exit 0