Home Explore Help
Sign In
golang
/
netmaker
mirror of https://github.com/gravitl/netmaker
2
0
Fork 0
Files Issues 0 Wiki
Branch: relay_bug
Branches Tags
netmaker
/
scripts
/
nm-certs.sh

nm-certs.sh 2.4 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 
  1. #!/bin/bash
    2. 

  2. 

  3. CONFIG_FILE=netmaker.env
    4. 

  4. SCRIPT_DIR=$(dirname "$(realpath "$0")")
    5. 

  5. 

  6. # get and check the config
    7. 

  7. if [ ! -f "$SCRIPT_DIR/$CONFIG_FILE" ]; then
    8. 

  8. 	echo "Config file missing"
    9. 

  9. 	exit 1
    10. 

  10. fi
    11. 

  11. source "$SCRIPT_DIR/$CONFIG_FILE"
    12. 

  12. if [ -z "$NM_DOMAIN" ] || [ -z "$NM_EMAIL" ]; then
    13. 

  13. 	echo "Config not valid"
    14. 

  14. 	exit 1
    15. 

  15. fi
    16. 

  16. 

  17. # TODO make sure this doesnt break, parse `certbot certificates` if yes
    18. 

  18. CERT_DIR="$SCRIPT_DIR/letsencrypt/live/api.$NM_DOMAIN"
    19. 

  19. 

  20. echo "Setting up SSL certificates..."
    21. 

  21. 

  22. # preserve the env state
    23. 

  23. RESTART_CADDY=false
    24. 

  24. if [ -n "$(docker ps | grep caddy)" ]; then
    25. 

  25. 	echo "Caddy is running, stopping for now..."
    26. 

  26. 	RESTART_CADDY=true
    27. 

  27. 	docker-compose -f /root/docker-compose.yml stop caddy
    28. 

  28. fi
    29. 

  29. 

  30. CERTBOT_PARAMS=$(cat <<EOF
    31. 

  31. certonly --standalone \
    32. 

  32. 	--non-interactive --agree-tos \
    33. 

  33. 	-m $NM_EMAIL \
    34. 

  34. 	-d api.$NM_DOMAIN \
    35. 

  35. 	-d broker.$NM_DOMAIN \
    36. 

  36. 	-d dashboard.$NM_DOMAIN \
    37. 

  37. 	-d turn.$NM_DOMAIN \
    38. 

  38. 	-d turnapi.$NM_DOMAIN \
    39. 

  39. 	-d netmaker-exporter.$NM_DOMAIN \
    40. 

  40. 	-d grafana.$NM_DOMAIN \
    41. 

  41. 	-d prometheus.$NM_DOMAIN
    42. 

  42. EOF
    43. 

  43. )
    44. 

  44. 

  45. # generate an entrypoint for zerossl-certbot
    46. 

  46. cat <<EOF >"$SCRIPT_DIR/certbot-entry.sh"
    47. 

  47. #!/bin/sh
    48. 

  48. # deps
    49. 

  49. apk update
    50. 

  50. apk add bash curl
    51. 

  51. # zerossl
    52. 

  52. wget -qO zerossl-bot.sh "https://github.com/zerossl/zerossl-bot/raw/master/zerossl-bot.sh"
    53. 

  53. chmod +x zerossl-bot.sh
    54. 

  54. # request the certs
    55. 

  55. ./zerossl-bot.sh "$CERTBOT_PARAMS"
    56. 

  56. EOF
    57. 

  57. 

  58. chmod +x "$SCRIPT_DIR/certbot-entry.sh"
    59. 

  59. 

  60. # request certs
    61. 

  61. sudo docker run -it --rm --name certbot \
    62. 

  62. 	-p 80:80 -p 443:443 \
    63. 

  63. 	-v "$SCRIPT_DIR/certbot-entry.sh:/opt/certbot/certbot-entry.sh" \
    64. 

  64. 	-v "$SCRIPT_DIR/letsencrypt:/etc/letsencrypt" \
    65. 

  65. 	--entrypoint "/opt/certbot/certbot-entry.sh" \
    66. 

  66. 	certbot/certbot
    67. 

  67. 

  68. # clean up
    69. 

  69. rm "$SCRIPT_DIR/certbot-entry.sh"
    70. 

  70. 

  71. # check if successful
    72. 

  72. if [ ! -f "$CERT_DIR"/fullchain.pem ]; then
    73. 

  73. 	# fallback to letsencrypt-certbot
    74. 

  74. 	sudo docker run -it --rm --name certbot \
    75. 

  75. 		-p 80:80 -p 443:443 \
    76. 

  76. 		-v "$SCRIPT_DIR/letsencrypt:/etc/letsencrypt" \
    77. 

  77. 		certbot/certbot $CERTBOT_PARAMS
    78. 

  78. 	if [ ! -f "$CERT_DIR"/fullchain.pem ]; then
    79. 

  79. 		echo "Missing file: $CERT_DIR/fullchain.pem"
    80. 

  80. 		echo "SSL certificates failed"
    81. 

  81. 		exit 1
    82. 

  82. 	fi
    83. 

  83. fi
    84. 

  84. 

  85. # copy for mounting
    86. 

  86. mkdir -p certs
    87. 

  87. cp -L "$CERT_DIR/fullchain.pem" "$SCRIPT_DIR/certs/fullchain.pem"
    88. 

  88. cp -L "$CERT_DIR/privkey.pem" "$SCRIPT_DIR/certs/privkey.pem"
    89. 

  89. 

  90. echo "SSL certificates ready"
    91. 

  91. 

  92. # preserve the env state
    93. 

  93. if [ "$RESTART_CADDY" = true ]; then
    94. 

  94. 	echo "Starting Caddy..."
    95. 

  95. 	docker-compose -f /root/docker-compose.yml start caddy
    96. 

  96. fi
    97. 

  97. 

  98. # install crontab
    99. 

  99. ln -sfn "$SCRIPT_DIR"/nm-certs.sh /etc/cron.monthly/nm-certs.sh
    100.