2017-03-17 19:15:42 +00:00
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
echo "-------------------------------------------------------------------------"
|
|
|
|
|
echo "This script will:"
|
2022-09-13 12:55:00 +00:00
|
|
|
|
echo "- Need a working DNS record pointing to this machine(for hostname ${DOMAIN})"
|
|
|
|
|
echo "- Install additional dependencies in order to request Let’s Encrypt certificate (acme.sh)"
|
2017-03-17 19:15:42 +00:00
|
|
|
|
echo "- Configure and reload nginx or apache2, whichever is used"
|
2020-04-08 18:06:49 +00:00
|
|
|
|
echo "- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks"
|
2022-09-13 12:55:00 +00:00
|
|
|
|
echo "- Configure renew of certificate"
|
2017-03-17 19:15:42 +00:00
|
|
|
|
echo ""
|
|
|
|
|
|
2022-09-13 12:55:00 +00:00
|
|
|
|
EMAIL=$1
|
2022-04-26 18:48:25 +00:00
|
|
|
|
|
2022-09-13 12:55:00 +00:00
|
|
|
|
if [ -z "$EMAIL" ]; then
|
|
|
|
|
echo "You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) "
|
|
|
|
|
echo "by providing an email address for important account notifications"
|
2022-04-26 18:48:25 +00:00
|
|
|
|
|
2022-09-13 12:55:00 +00:00
|
|
|
|
echo -n "Enter your email and press [ENTER]: "
|
|
|
|
|
read EMAIL
|
2017-03-17 19:15:42 +00:00
|
|
|
|
fi
|
|
|
|
|
|
2022-09-13 12:55:00 +00:00
|
|
|
|
DOMAIN=$2
|
|
|
|
|
if [ -z "$DOMAIN" ]; then
|
|
|
|
|
DEB_CONF_RESULT=$(debconf-show jitsi-meet-web-config | grep jitsi-meet/jvb-hostname)
|
|
|
|
|
DOMAIN="${DEB_CONF_RESULT##*:}"
|
2020-04-02 13:10:27 +00:00
|
|
|
|
fi
|
2022-09-13 12:55:00 +00:00
|
|
|
|
# remove whitespace
|
|
|
|
|
DOMAIN="$(echo -e "${DOMAIN}" | tr -d '[:space:]')"
|
2017-03-17 19:15:42 +00:00
|
|
|
|
|
|
|
|
|
|
2022-09-13 12:55:00 +00:00
|
|
|
|
export HOME=/opt/acmesh
|
|
|
|
|
curl https://get.acme.sh | sh -s email=$EMAIL
|
|
|
|
|
|
|
|
|
|
# Checks whether nginx or apache is installed
|
|
|
|
|
NGINX_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx' 2>/dev/null | awk '{print $3}' || true)"
|
|
|
|
|
NGINX_FULL_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx-full' 2>/dev/null | awk '{print $3}' || true)"
|
|
|
|
|
NGINX_EXTRAS_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx-extras' 2>/dev/null | awk '{print $3}' || true)"
|
2022-11-03 06:34:45 +00:00
|
|
|
|
OPENRESTY_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'openresty' 2>/dev/null | awk '{print $3}' || true)"
|
2022-09-13 12:55:00 +00:00
|
|
|
|
APACHE_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'apache2' 2>/dev/null | awk '{print $3}' || true)"
|
|
|
|
|
|
|
|
|
|
RELOAD_CMD=""
|
|
|
|
|
if [ "$NGINX_INSTALL_CHECK" = "installed" ] || [ "$NGINX_INSTALL_CHECK" = "unpacked" ] \
|
|
|
|
|
|| [ "$NGINX_FULL_INSTALL_CHECK" = "installed" ] || [ "$NGINX_FULL_INSTALL_CHECK" = "unpacked" ] \
|
|
|
|
|
|| [ "$NGINX_EXTRAS_INSTALL_CHECK" = "installed" ] || [ "$NGINX_EXTRAS_INSTALL_CHECK" = "unpacked" ]; then
|
|
|
|
|
RELOAD_CMD="systemctl force-reload nginx.service"
|
2022-11-03 06:34:45 +00:00
|
|
|
|
elif [ "$OPENRESTY_INSTALL_CHECK" = "installed" ] || [ "$OPENRESTY_INSTALL_CHECK" = "unpacked" ] ; then
|
|
|
|
|
RELOAD_CMD="systemctl force-reload openresty.service"
|
2022-09-13 12:55:00 +00:00
|
|
|
|
elif [ "$APACHE_INSTALL_CHECK" = "installed" ] || [ "$APACHE_INSTALL_CHECK" = "unpacked" ] ; then
|
|
|
|
|
RELOAD_CMD="systemctl force-reload apache2.service"
|
|
|
|
|
else
|
|
|
|
|
RELOAD_CMD="echo 'No webserver found'"
|
|
|
|
|
fi
|
2017-03-17 19:15:42 +00:00
|
|
|
|
|
2022-09-13 12:55:00 +00:00
|
|
|
|
RELOAD_CMD+=" && /usr/share/jitsi-meet/scripts/coturn-le-update.sh ${DOMAIN}"
|
2017-03-17 19:15:42 +00:00
|
|
|
|
|
2022-09-22 14:08:32 +00:00
|
|
|
|
ISSUE_FAILED_CODE=0
|
|
|
|
|
ISSUE_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh -f --issue -d ${DOMAIN} -w /usr/share/jitsi-meet --server letsencrypt"
|
|
|
|
|
eval "${ISSUE_CERT_CMD}" || ISSUE_FAILED_CODE=$?
|
2017-03-17 19:15:42 +00:00
|
|
|
|
|
2022-09-22 14:08:32 +00:00
|
|
|
|
INSTALL_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh -f --install-cert -d ${DOMAIN} --key-file /etc/jitsi/meet/${DOMAIN}.key --fullchain-file /etc/jitsi/meet/${DOMAIN}.crt --reloadcmd \"${RELOAD_CMD}\""
|
|
|
|
|
if [ ${ISSUE_FAILED_CODE} -ne 0 ] ; then
|
|
|
|
|
# it maybe this certificate already exists (code 2 - skip, no need to renew)
|
|
|
|
|
if [ ${ISSUE_FAILED_CODE} -eq 2 ]; then
|
|
|
|
|
eval "$INSTALL_CERT_CMD"
|
|
|
|
|
else
|
|
|
|
|
echo "Issuing the certificate from Let's Encrypt failed, continuing ..."
|
|
|
|
|
echo "You can retry later by executing:"
|
|
|
|
|
echo "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL"
|
|
|
|
|
fi
|
2022-09-13 12:55:00 +00:00
|
|
|
|
else
|
|
|
|
|
eval "$INSTALL_CERT_CMD"
|
2017-03-17 19:15:42 +00:00
|
|
|
|
fi
|