GeoHelm/scripts/build-ssl.sh

89 lines
2.3 KiB
Bash
Raw Permalink Normal View History

2024-01-27 19:04:46 +00:00
#!/bin/bash -e
HNAME=$(hostname | sed -n 1p | cut -f1 -d' ' | tr -d '\n')
function request_cert() {
certbot --apache --agree-tos --email hostmaster@${HNAME} --no-eff-email -d ${HNAME}
sleep 12;
}
function get_repo(){
if [ -f /etc/rocky-release ]; then
REPO='rpm'
elif [ -f /etc/debian_version ]; then
REPO='apt'
fi
}
function webmin_ssl() {
cat /etc/letsencrypt/live/${HNAME}/cert.pem > /etc/webmin/miniserv.pem
cat /etc/letsencrypt/live/${HNAME}/privkey.pem >> /etc/webmin/miniserv.pem
echo "extracas=/etc/letsencrypt/live/${HNAME}/fullchain.pem" >> /etc/webmin/miniserv.conf
systemctl restart webmin
}
function restart_apache() {
if [ "${REPO}" == 'apt' ]; then
systemctl restart apache2
elif [ "${REPO}" == 'rpm' ]; then
systemctl restart httpd
fi
}
function get_certs() {
cp /etc/letsencrypt/live/${HNAME}/fullchain.pem /opt/pg_tileserv/fullchain.pem
cp /etc/letsencrypt/live/${HNAME}/privkey.pem /opt/pg_tileserv/privkey.pem
cp /etc/letsencrypt/live/${HNAME}/fullchain.pem /opt/pg_featureserv/fullchain.pem
cp /etc/letsencrypt/live/${HNAME}/privkey.pem /opt/pg_featureserv/privkey.pem
}
function own_certs() {
chown pgis:pgis /opt/pg_tileserv/fullchain.pem
chown pgis:pgis /opt/pg_tileserv/privkey.pem
chown pgis:pgis /opt/pg_featureserv/fullchain.pem
chown pgis:pgis /opt/pg_featureserv/privkey.pem
}
function update_confs() {
sed -i.save "s/HttpPort/#/g" /opt/pg_featureserv/config/pg_featureserv.toml
sed -i.save "s|\# HttpsPort|HttpsPort|g" /opt/pg_featureserv/config/pg_featureserv.toml
sed -i.save "s/HttpPort/#/g" /opt/pg_tileserv/config/pg_tileserv.toml
sed -i.save "s|\# HttpsPort|HttpsPort|g" /opt/pg_tileserv/config/pg_tileserv.toml
}
function update_certs() {
sed -i.save '2 i TlsServerCertificateFile = "fullchain.pem"' /opt/pg_featureserv/config/pg_featureserv.toml
sed -i.save '3 i TlsServerPrivateKeyFile = "privkey.pem"' /opt/pg_featureserv/config/pg_featureserv.toml
cat <<EOT >> /opt/pg_tileserv/config/pg_tileserv.toml
TlsServerCertificateFile = "fullchain.pem"
TlsServerPrivateKeyFile = "privkey.pem"
EOT
}
function restart_servs() {
systemctl restart pg_tileserv
systemctl restart pg_featureserv
}
request_cert;
get_certs;
own_certs;
update_confs;
update_certs;
restart_servs;
webmin_ssl;
restart_apache;