59 lines
1.5 KiB
Bash
59 lines
1.5 KiB
Bash
#!/bin/sh
|
|
|
|
os="$(cat "${__global:?}"/explorer/os)"
|
|
case "$os" in
|
|
alpine)
|
|
nginx_user=nginx
|
|
nginx_certdir=/etc/nginx/ssl
|
|
;;
|
|
debian|ubuntu)
|
|
nginx_user=www-data
|
|
nginx_certdir=/etc/nginx/ssl
|
|
;;
|
|
*)
|
|
echo "This type does not support $os yet. Aborting." >&2;
|
|
exit 1;
|
|
;;
|
|
esac
|
|
|
|
if [ -f "${__object:?}/parameter/domain" ];
|
|
then
|
|
domain="$(cat "${__object:?}/parameter/domain")"
|
|
else
|
|
domain="${__object_id:?}"
|
|
fi
|
|
|
|
# Deploy simple HTTP vhost, allowing to serve ACME challenges.
|
|
__recycledcloud_nginx_vhost "301-to-https-$domain" \
|
|
--domain "$domain" --to-https
|
|
|
|
# Obtaining TLS cert.
|
|
cert_owner=$nginx_user
|
|
if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then
|
|
cert_ownership=$(cat "${__object:?}/parameter/force-cert-ownership-to")
|
|
fi
|
|
|
|
__uacme_account
|
|
require="__recycledcloud_nginx_vhost/301-to-https-$domain __uacme_account" \
|
|
__uacme_obtain "$domain" --owner $cert_ownership \
|
|
--install-key-to "$nginx_certdir/$domain/privkey.pem" \
|
|
--install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \
|
|
--renew-hook "service nginx reload"
|
|
|
|
# Deploy HTTPS nginx vhost.
|
|
if [ -f "${__object:?}/parameter/config" ]; then
|
|
if [ "$(cat "${__object:?}/parameter/config")" = "-" ]; then
|
|
nginx_logic="${__object:?}/stdin"
|
|
else
|
|
nginx_logic="${__object:?}/parameter/config"
|
|
fi
|
|
|
|
mkdir -p "${__object:?}/files"
|
|
cat "$nginx_logic" > "${__object:?}/files/config"
|
|
|
|
require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain" \
|
|
--config "${__object:?}/files/config"
|
|
else
|
|
require="__uacme_obtain/$domain" __recycledcloud_nginx_vhost "$domain"
|
|
fi
|