bunkerized-nginx/scripts/certbot-renew.sh

#!/bin/sh

function replace_in_file() {
	# escape slashes
	pattern=$(echo "$2" | sed "s/\//\\\\\//g")
	replace=$(echo "$3" | sed "s/\//\\\\\//g")
	sed -i "s/$pattern/$replace/g" "$1"
}

# check if HTTP enabled
# and disable it temporarily if needed
if grep -q "listen" "/etc/nginx/server.conf" ; then
	replace_in_file "/etc/nginx/server.conf" "listen" "#listen"
	if [ -f /tmp/nginx.pid ] ; then
		/usr/sbin/nginx -s reload
		sleep 10
	fi
fi

# ask a new certificate if needed
certbot renew

# enable HTTP again if needed
if grep -q "#listen" "/etc/nginx/server.conf" ; then
	replace_in_file "/etc/nginx/server.conf" "#listen" "listen"
fi

chown -R root:nginx /etc/letsencrypt
chmod -R 740 /etc/letsencrypt
find /etc/letsencrypt -type d -exec chmod 750 {} \;

# reload nginx
if [ -f /tmp/nginx.pid ] ; then
	/usr/sbin/nginx -s reload
fi
initial work 2019-08-20 23:25:16 +02:00			`#!/bin/sh`

http to https redirect 2020-03-28 23:05:05 +01:00			`function replace_in_file() {`
			`# escape slashes`
			`pattern=$(echo "$2" \| sed "s/\//\\\\\//g")`
			`replace=$(echo "$3" \| sed "s/\//\\\\\//g")`
			`sed -i "s/$pattern/$replace/g" "$1"`
			`}`

block country and various fixes 2020-03-30 22:10:53 +02:00			`# check if HTTP enabled`
			`# and disable it temporarily if needed`
custom HTTP and HTTPS ports 2020-11-06 17:11:27 +01:00			`if grep -q "listen" "/etc/nginx/server.conf" ; then`
			`replace_in_file "/etc/nginx/server.conf" "listen" "#listen"`
run master nginx process as non-root user 2020-10-21 23:28:48 +02:00			`if [ -f /tmp/nginx.pid ] ; then`
http to https redirect 2020-03-28 23:05:05 +01:00			`/usr/sbin/nginx -s reload`
block country and various fixes 2020-03-30 22:10:53 +02:00			`sleep 10`
http to https redirect 2020-03-28 23:05:05 +01:00			`fi`
			`fi`

			`# ask a new certificate if needed`
initial work 2019-08-20 23:25:16 +02:00			`certbot renew`

block country and various fixes 2020-03-30 22:10:53 +02:00			`# enable HTTP again if needed`
custom HTTP and HTTPS ports 2020-11-06 17:11:27 +01:00			`if grep -q "#listen" "/etc/nginx/server.conf" ; then`
			`replace_in_file "/etc/nginx/server.conf" "#listen" "listen"`
http to https redirect 2020-03-28 23:05:05 +01:00			`fi`

run master nginx process as non-root user 2020-10-21 23:28:48 +02:00			`chown -R root:nginx /etc/letsencrypt`
			`chmod -R 740 /etc/letsencrypt`
			`find /etc/letsencrypt -type d -exec chmod 750 {} \;`

http to https redirect 2020-03-28 23:05:05 +01:00			`# reload nginx`
run master nginx process as non-root user 2020-10-21 23:28:48 +02:00			`if [ -f /tmp/nginx.pid ] ; then`
initial work 2019-08-20 23:25:16 +02:00			`/usr/sbin/nginx -s reload`
			`fi`