Skip to content

Commit

Permalink
Merge pull request #93 from CommunityHoneyNetwork/ssl-dev
Browse files Browse the repository at this point in the history 
Resolves some lingering issues with cert deployment
  • Loading branch information
@JesseBowling
JesseBowling authored Dec 13, 2018
2 parents 40ec7f7 + c199a1d commit a7edd92
Showing 1 changed file with 19 additions and 8 deletions.
27 changes: 19 additions & 8 deletions nginx.run
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,19 +25,30 @@ fi
mkdir -p /var/log/nginx
touch /var/log/nginx/error.log

# Check whether we can generate a certbot cert
USE_CERTBOT="yes"
protocol=$(echo ${SERVER_BASE_URL} | awk -F: '{print $1}')
if [[ $protocol == "http" ]] || [[ $SERVER == "localhost" ]] || [[ $SERVER =~ ([0-9]{1,3}\.){3}[0-9]{1,3} ]]
then
USE_CERTBOT="no"
fi

# Test if we should generate a self-signed cert
if [ -d "/etc/pki/tls/certs" ] && [ -d "/etc/pki/tls/private" ] && [ -z "$(ls -A /etc/pki/tls/certs)" ]
if [ -d "/etc/pki/tls/certs" ] && [ -d "/etc/pki/tls/private" ] && [ -z "$(ls -A /etc/pki/tls/certs)" ]
then
# directories exist and certs is empty, let's put in a cert
# We'll use a self-signed to start, and let LetsEncrypt replace
openssl req -x509 -newkey rsa:4096 -keyout /etc/pki/tls/private/key.pem -out /etc/pki/tls/certs/cert.pem -nodes -days 1 -subj "/CN=${SERVER}"
/usr/sbin/nginx &
sleep 2
## Note, -ie means inplace, suffix with 'e', '-i -e' means in-place, with no suffix, then run expression
sed -i -e "s/#server_name/server_name ${SERVER};/" /etc/nginx/sites-available/default
certbot --nginx -n --register-unsafely-without-email --keep-until-expiring --agree-tos --domains ${SERVER}
sleep 1
pkill nginx
if [ $USE_CERTBOT == "yes" ]
then
/usr/sbin/nginx &
sleep 2
## Note, -ie means inplace, suffix with 'e', '-i -e' means in-place, with no suffix, then run expression
sed -i -e "s/#server_name/server_name ${SERVER};/" /etc/nginx/sites-available/default
certbot --nginx -n --register-unsafely-without-email --keep-until-expiring --agree-tos --domains ${SERVER}
sleep 1
pkill nginx
fi
fi

/usr/sbin/nginx -t
Expand Down

0 comments on commit a7edd92

Please sign in to comment.