mirror of
https://github.com/bunkerity/bunkerized-nginx
synced 2023-12-13 21:30:18 +01:00
multiple lets encrypt certificates when MULTISITE=yes
This commit is contained in:
parent
791342cbe6
commit
9ec9de6ca2
2 changed files with 19 additions and 7 deletions
|
@ -40,13 +40,15 @@ fi
|
||||||
|
|
||||||
# let's encrypt setup
|
# let's encrypt setup
|
||||||
if [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then
|
if [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then
|
||||||
|
if [ "$MULTISITE" = "no" ] ; then
|
||||||
FIRST_SERVER_NAME=$(echo "$SERVER_NAME" | cut -d " " -f 1)
|
FIRST_SERVER_NAME=$(echo "$SERVER_NAME" | cut -d " " -f 1)
|
||||||
DOMAINS_LETS_ENCRYPT=$(echo "$SERVER_NAME" | sed "s/ /,/g")
|
DOMAINS_LETS_ENCRYPT=$(echo "$SERVER_NAME" | sed "s/ /,/g")
|
||||||
EMAIL_LETS_ENCRYPT="${EMAIL_LETS_ENCRYPT-contact@$FIRST_SERVER_NAME}"
|
EMAIL_LETS_ENCRYPT="${EMAIL_LETS_ENCRYPT-contact@$FIRST_SERVER_NAME}"
|
||||||
if [ ! -f /etc/letsencrypt/live/${FIRST_SERVER_NAME}/fullchain.pem ] ; then
|
if [ ! -f /etc/letsencrypt/live/${FIRST_SERVER_NAME}/fullchain.pem ] ; then
|
||||||
echo "[*] Performing Let's Encrypt challenge ..."
|
echo "[*] Performing Let's Encrypt challenge for $SERVER_NAME ..."
|
||||||
certbot certonly --standalone -n --preferred-challenges http -d "$DOMAINS_LETS_ENCRYPT" --email "$EMAIL_LETS_ENCRYPT" --agree-tos --http-01-port $HTTP_PORT
|
certbot certonly --standalone -n --preferred-challenges http -d "$DOMAINS_LETS_ENCRYPT" --email "$EMAIL_LETS_ENCRYPT" --agree-tos --http-01-port $HTTP_PORT
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
echo "0 0 * * * /opt/scripts/certbot-renew.sh > /dev/null 2>&1" >> /etc/crontabs/root
|
echo "0 0 * * * /opt/scripts/certbot-renew.sh > /dev/null 2>&1" >> /etc/crontabs/root
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -188,6 +190,7 @@ replace_in_file "/usr/local/lib/lua/dnsbl.lua" "%DNSBL_LIST%" "$list"
|
||||||
|
|
||||||
# fail2ban setup
|
# fail2ban setup
|
||||||
if [ "$(has_value USE_FAIL2BAN yes)" != "" ] ; then
|
if [ "$(has_value USE_FAIL2BAN yes)" != "" ] ; then
|
||||||
|
echo "" > /etc/nginx/fail2ban-ip.conf
|
||||||
rm -rf /etc/fail2ban/jail.d/*.conf
|
rm -rf /etc/fail2ban/jail.d/*.conf
|
||||||
cp /opt/fail2ban/nginx-action.local /etc/fail2ban/action.d/nginx-action.local
|
cp /opt/fail2ban/nginx-action.local /etc/fail2ban/action.d/nginx-action.local
|
||||||
cp /opt/fail2ban/nginx-filter.local /etc/fail2ban/filter.d/nginx-filter.local
|
cp /opt/fail2ban/nginx-filter.local /etc/fail2ban/filter.d/nginx-filter.local
|
||||||
|
|
|
@ -308,7 +308,16 @@ if [ "$AUTO_LETS_ENCRYPT" = "yes" ] || [ "$USE_CUSTOM_HTTPS" = "yes" ] || [ "$GE
|
||||||
replace_in_file "${NGINX_PREFIX}https.conf" "%STRICT_TRANSPORT_SECURITY%" ""
|
replace_in_file "${NGINX_PREFIX}https.conf" "%STRICT_TRANSPORT_SECURITY%" ""
|
||||||
fi
|
fi
|
||||||
if [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then
|
if [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then
|
||||||
|
if [ "$MULTISITE" = "no" ] ; then
|
||||||
FIRST_SERVER_NAME=$(echo "$SERVER_NAME" | cut -d " " -f 1)
|
FIRST_SERVER_NAME=$(echo "$SERVER_NAME" | cut -d " " -f 1)
|
||||||
|
else
|
||||||
|
FIRST_SERVER_NAME="$1"
|
||||||
|
EMAIL_LETS_ENCRYPT="${EMAIL_LETS_ENCRYPT-contact@$1}"
|
||||||
|
if [ ! -f /etc/letsencrypt/live/${1}/fullchain.pem ] ; then
|
||||||
|
echo "[*] Performing Let's Encrypt challenge for $1 ..."
|
||||||
|
certbot certonly --standalone -n --preferred-challenges http -d "$1" --email "$EMAIL_LETS_ENCRYPT" --agree-tos --http-01-port $HTTP_PORT
|
||||||
|
fi
|
||||||
|
fi
|
||||||
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_CERT%" "/etc/letsencrypt/live/${FIRST_SERVER_NAME}/fullchain.pem"
|
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_CERT%" "/etc/letsencrypt/live/${FIRST_SERVER_NAME}/fullchain.pem"
|
||||||
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_KEY%" "/etc/letsencrypt/live/${FIRST_SERVER_NAME}/privkey.pem"
|
replace_in_file "${NGINX_PREFIX}https.conf" "%HTTPS_KEY%" "/etc/letsencrypt/live/${FIRST_SERVER_NAME}/privkey.pem"
|
||||||
elif [ "$USE_CUSTOM_HTTPS" = "yes" ] ; then
|
elif [ "$USE_CUSTOM_HTTPS" = "yes" ] ; then
|
||||||
|
|
Loading…
Reference in a new issue