|
|
|
@@ -1,19 +1,11 @@ |
|
|
|
#!/bin/bash |
|
|
|
|
|
|
|
CFG_FILE=/etc/haproxy/haproxy.cfg |
|
|
|
CFG_LE_FILE=/etc/haproxy/haproxy_letsencrypt.cfg |
|
|
|
LETSENCRYPT_PORT=8888 |
|
|
|
|
|
|
|
mkdir -p /etc/letsencrypt/haproxy |
|
|
|
|
|
|
|
# Let's Encrypt |
|
|
|
|
|
|
|
# Following these instructions: |
|
|
|
# https://serversforhackers.com/c/letsencrypt-with-haproxy |
|
|
|
|
|
|
|
# Start temporary HAProxy |
|
|
|
haproxy -f $CFG_LE_FILE -D -p /tmp/haproxy.pid |
|
|
|
|
|
|
|
# Get Let's Encrypt certificates |
|
|
|
HAPROXY_CERTS="" |
|
|
|
SERVER_NAMES="${NEXTCLOUD_SERVER_NAME} ${GITEA_SERVER_NAME} ${BLOG_1_SERVER_NAME} ${HAUK_SERVER_NAME}" |
|
|
|
@@ -25,9 +17,8 @@ for domain in ${DOMAINS}; do |
|
|
|
HAPROXY_CERTS="${HAPROXY_CERTS} crt /etc/letsencrypt/haproxy/${_URL}.pem"; |
|
|
|
if [[ ! -s /etc/letsencrypt/haproxy/${_URL}.pem ]]; then |
|
|
|
# Query Let's Encrypt |
|
|
|
certbot certonly -d ${_URL} \ |
|
|
|
--email ${ADMIN_EMAIL} --non-interactive --agree-tos \ |
|
|
|
--standalone --http-01-port=${LETSENCRYPT_PORT} |
|
|
|
certbot certonly --standalone -d ${_URL} \ |
|
|
|
--email admin@${domain} --non-interactive --agree-tos |
|
|
|
if [ $? -eq 0 ]; then |
|
|
|
cat /etc/letsencrypt/live/${_URL}/fullchain.pem \ |
|
|
|
/etc/letsencrypt/live/${_URL}/privkey.pem \ |
|
|
|
@@ -46,12 +37,6 @@ sed -i "s/\${HAUK_SERVER_NAME}/${HAUK_SERVER_NAME}/g" $CFG_FILE |
|
|
|
#echo sed -i "s/\${HAPROXY_CERTS}/${HAPROXY_CERTS}/g" ${CFG_FILE} |
|
|
|
sed -i "s/\${HAPROXY_CERTS}/${HAPROXY_CERTS//\//\\/}/g" ${CFG_FILE} |
|
|
|
|
|
|
|
#cat ${CFG_FILE} |
|
|
|
|
|
|
|
echo Killing haproxy `cat /tmp/haproxy.pid` |
|
|
|
kill -SIGTERM `cat /tmp/haproxy.pid` |
|
|
|
rm /tmp/haproxy.pid |
|
|
|
|
|
|
|
# Create renew cron job |
|
|
|
mv /usr/local/bin/letsencrypt.cron /etc/cron.daily/letsencrypt |
|
|
|
# remove default cron job |
