jfinn
/
jvc0
關註 1
收藏 0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10546 Commit
4 分支
目錄樹: fce15b491d
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from 'fce15b491d'
${ noResults }
jvc0/resources/install-letsencrypt-cert.sh

install-letsencrypt-cert.sh 4.7KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 
  1. #!/bin/bash

  2. 

  3. set -e

  4. 

  5. DEB_CONF_RESULT=`debconf-show jitsi-meet-web-config | grep jvb-hostname`

  6. DOMAIN="${DEB_CONF_RESULT##*:}"

  7. # remove whitespace

  8. DOMAIN="$(echo -e "${DOMAIN}" | tr -d '[:space:]')"

  9. 

  10. echo "-------------------------------------------------------------------------"

  11. echo "This script will:"

  12. echo "- Need a working DNS record pointing to this machine(for domain ${DOMAIN})"

  13. echo "- Download certbot-auto from https://dl.eff.org to /usr/local/sbin"

  14. echo "- Install additional dependencies in order to request Let’s Encrypt certificate"

  15. echo "- Configure and reload nginx or apache2, whichever is used"

  16. echo "- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks"

  17. echo "- Add command in weekly cron job to renew certificates regularly"

  18. echo ""

  19. echo "You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) "

  20. echo "by providing an email address for important account notifications"

  21. 

  22. echo -n "Enter your email and press [ENTER]: "

  23. read EMAIL

  24. 

  25. CERTBOT="$(command -v certbot || true)"

  26. if [ ! -x "$CERTBOT" ] ; then

  27.     DISTRO=$(lsb_release -is)

  28.     DISTRO_VERSION=$(lsb_release -rs)

  29. 

  30.     if [ "$DISTRO" != "Debian" ] && [ "$DISTRO" != "Ubuntu" ]; then

  31.         echo "$DISTRO $DISTRO_VERSION is not supported"

  32.         echo "Only Debian and Ubuntu 18.04+ are supported"

  33.         exit 1

  34.     fi

  35. 

  36.     if [ "$DISTRO" = "Ubuntu" ]; then

  37.         apt-get update

  38.         apt-get -y install software-properties-common

  39.         add-apt-repository -y universe

  40.         if [ "$DISTRO_VERSION" = "18.04" ]; then

  41.             add-apt-repository -y ppa:certbot/certbot

  42.         fi

  43.     fi

  44. 

  45.     apt-get update

  46.     apt-get -y install certbot

  47. 

  48.     CERTBOT="$(command -v certbot)"

  49. fi

  50. 

  51. CRON_FILE="/etc/cron.weekly/letsencrypt-renew"

  52. if [ ! -d "/etc/cron.weekly" ] ; then

  53.     mkdir "/etc/cron.weekly"

  54. fi

  55. echo "#!/bin/bash" > $CRON_FILE

  56. echo "$CERTBOT renew >> /var/log/le-renew.log" >> $CRON_FILE

  57. 

  58. CERT_KEY="/etc/letsencrypt/live/$DOMAIN/privkey.pem"

  59. CERT_CRT="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"

  60. 

  61. if [ -f /etc/nginx/sites-enabled/$DOMAIN.conf ] ; then

  62. 

  63.     TURN_CONFIG="/etc/turnserver.conf"

  64.     TURN_HOOK=/etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh

  65.     if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then

  66.         mkdir -p $(dirname $TURN_HOOK)

  67. 

  68.         cp /usr/share/jitsi-meet-turnserver/coturn-certbot-deploy.sh $TURN_HOOK

  69.         chmod u+x $TURN_HOOK

  70.         sed -i "s/jitsi-meet.example.com/$DOMAIN/g" $TURN_HOOK

  71. 

  72.         $CERTBOT certonly --noninteractive \

  73.         --webroot --webroot-path /usr/share/jitsi-meet \

  74.         -d $DOMAIN \

  75.         --agree-tos --email $EMAIL \

  76.         --deploy-hook $TURN_HOOK

  77.     else

  78.         $CERTBOT certonly --noninteractive \

  79.         --webroot --webroot-path /usr/share/jitsi-meet \

  80.         -d $DOMAIN \

  81.         --agree-tos --email $EMAIL

  82.     fi

  83. 

  84.     echo "Configuring nginx"

  85. 

  86.     CONF_FILE="/etc/nginx/sites-available/$DOMAIN.conf"

  87.     CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')

  88.     CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')

  89.     sed -i "s/ssl_certificate_key\ \/etc\/jitsi\/meet\/.*key/ssl_certificate_key\ $CERT_KEY_ESC/g" \

  90.         $CONF_FILE

  91.     CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')

  92.     CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')

  93.     sed -i "s/ssl_certificate\ \/etc\/jitsi\/meet\/.*crt/ssl_certificate\ $CERT_CRT_ESC/g" \

  94.         $CONF_FILE

  95.     

  96.     if type service >/dev/null 2>&1

  97.     then 

  98.         service nginx reload

  99.         echo "service nginx reload" >> $CRON_FILE

  100.     else 

  101.         systemctl reload nginx.service 

  102.         echo "systemctl reload nginx.service" >> $CRON_FILE

  103.     fi

  104.     

  105. elif [ -f /etc/apache2/sites-enabled/$DOMAIN.conf ] ; then

  106. 

  107.     $CERTBOT certonly --noninteractive \

  108.     --webroot --webroot-path /usr/share/jitsi-meet \

  109.     -d $DOMAIN \

  110.     --agree-tos --email $EMAIL

  111. 

  112.     echo "Configuring apache2"

  113. 

  114.     CONF_FILE="/etc/apache2/sites-available/$DOMAIN.conf"

  115.     CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')

  116.     CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')

  117.     sed -i "s/SSLCertificateKeyFile\ \/etc\/jitsi\/meet\/.*key/SSLCertificateKeyFile\ $CERT_KEY_ESC/g" \

  118.         $CONF_FILE

  119.     CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')

  120.     CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')

  121.     sed -i "s/SSLCertificateFile\ \/etc\/jitsi\/meet\/.*crt/SSLCertificateFile\ $CERT_CRT_ESC/g" \

  122.         $CONF_FILE

  123.     

  124.     if type service >/dev/null 2>&1

  125.     then 

  126.         service apache2 reload

  127.         echo "service apache2 reload" >> $CRON_FILE

  128.     else 

  129.         systemctl reload apache2.service 

  130.         echo "systemctl reload apache2.service" >> $CRON_FILE

  131.     fi

  132. fi

  133. 

  134. # the cron file that will renew certificates

  135. chmod a+x $CRON_FILE