haskal
/
jiti-meet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
jiti-meet/resources/install-letsencrypt-cert.sh

105 lines
3.9 KiB
Bash
Raw Normal View History

Adds a script which install certificates from let's encrypt. The script looks for nginx, apache2 or jetty configuration and edits the first one found. Nginx and apache2 will be reloaded, while jvb will be stopped, configured and started again.
2017-03-17 19:15:42 +00:00
#!/bin/bash
set -e
DEB_CONF_RESULT=`debconf-show jitsi-meet-web-config | grep jvb-hostname`
DOMAIN="${DEB_CONF_RESULT##*:}"
# remove whitespace
DOMAIN="$(echo -e "${DOMAIN}" | tr -d '[:space:]')"
echo "-------------------------------------------------------------------------"
echo "This script will:"
echo "- Need a working DNS record pointing to this machine(for domain ${DOMAIN})"
echo "- Download certbot-auto from https://dl.eff.org to /usr/local/sbin"
echo "- Install additional dependencies in order to request Lets Encrypt certificate"
echo "- If running with jetty serving web content, will stop Jitsi Videobridge"
echo "- Configure and reload nginx or apache2, whichever is used"
debian: updates around coturn package and order of install (#5729) * debian: Update coturn udp port to non-privileged one. * debian: Turnserver config requires jitsi-meet-web-config files. * doc: Updates doc, removing `--no-install-recommends`. * debian: Moves checks and configs to default to prosody 0.11. * debian: Disable room locking on internal muc. * add scripts for deploying coturn with certbot * turnserver: Removes unused variable showing error. * debian: updates let's encrypt and coturn scripts. * debian: Detect failure to retrieve external ip address. * debian: Always configure turn when the turnserver package is installed. Co-authored-by: Julien Fastré <julien.fastre@champs-libres.coop>
2020-04-08 18:06:49 +00:00
echo "- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks"
echo "- Add command in weekly cron job to renew certificates regularly"
Adds a script which install certificates from let's encrypt. The script looks for nginx, apache2 or jetty configuration and edits the first one found. Nginx and apache2 will be reloaded, while jvb will be stopped, configured and started again.
2017-03-17 19:15:42 +00:00
echo ""
echo "You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) "
echo "by providing an email address for important account notifications"
echo -n "Enter your email and press [ENTER]: "
read EMAIL
cd /usr/local/sbin
if [ ! -f certbot-auto ] ; then
wget https://dl.eff.org/certbot-auto
chmod a+x ./certbot-auto
fi
CRON_FILE="/etc/cron.weekly/letsencrypt-renew"
debian: fix typo
2020-04-02 13:27:19 +00:00
if [ ! -d "/etc/cron.weekly" ] ; then
debian: fix install-letsencrypt-cert.sh to create misssing directory Update install-letsencrypt-cert.sh to fix missing cron.weekly REFS : https://github.com/jitsi/jitsi-meet/issues/5576
2020-04-02 13:10:27 +00:00
mkdir "/etc/cron.weekly"
fi
Adds a script which install certificates from let's encrypt. The script looks for nginx, apache2 or jetty configuration and edits the first one found. Nginx and apache2 will be reloaded, while jvb will be stopped, configured and started again.
2017-03-17 19:15:42 +00:00
echo "#!/bin/bash" > $CRON_FILE
echo "/usr/local/sbin/certbot-auto renew >> /var/log/le-renew.log" >> $CRON_FILE
CERT_KEY="/etc/letsencrypt/live/$DOMAIN/privkey.pem"
CERT_CRT="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"
if [ -f /etc/nginx/sites-enabled/$DOMAIN.conf ] ; then
debian: updates around coturn package and order of install (#5729) * debian: Update coturn udp port to non-privileged one. * debian: Turnserver config requires jitsi-meet-web-config files. * doc: Updates doc, removing `--no-install-recommends`. * debian: Moves checks and configs to default to prosody 0.11. * debian: Disable room locking on internal muc. * add scripts for deploying coturn with certbot * turnserver: Removes unused variable showing error. * debian: updates let's encrypt and coturn scripts. * debian: Detect failure to retrieve external ip address. * debian: Always configure turn when the turnserver package is installed. Co-authored-by: Julien Fastré <julien.fastre@champs-libres.coop>
2020-04-08 18:06:49 +00:00
TURN_CONFIG="/etc/turnserver.conf"
TURN_HOOK=/etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh
if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then
mkdir -p $(dirname $TURN_HOOK)
cp /usr/share/jitsi-meet-turnserver/coturn-certbot-deploy.sh $TURN_HOOK
chmod u+x $TURN_HOOK
sed -i "s/jitsi-meet.example.com/$DOMAIN/g" $TURN_HOOK
debian: Skips deploy-hook when there is no hook available.
2020-04-13 20:36:19 +00:00
./certbot-auto certonly --noninteractive \
--webroot --webroot-path /usr/share/jitsi-meet \
-d $DOMAIN \
--agree-tos --email $EMAIL \
--deploy-hook $TURN_HOOK
else
./certbot-auto certonly --noninteractive \
--webroot --webroot-path /usr/share/jitsi-meet \
-d $DOMAIN \
--agree-tos --email $EMAIL
fi
Adds a script which install certificates from let's encrypt. The script looks for nginx, apache2 or jetty configuration and edits the first one found. Nginx and apache2 will be reloaded, while jvb will be stopped, configured and started again.
2017-03-17 19:15:42 +00:00
echo "Configuring nginx"
CONF_FILE="/etc/nginx/sites-available/$DOMAIN.conf"
CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')
CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')
sed -i "s/ssl_certificate_key\ \/etc\/jitsi\/meet\/.*key/ssl_certificate_key\ $CERT_KEY_ESC/g" \
$CONF_FILE
CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')
CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')
sed -i "s/ssl_certificate\ \/etc\/jitsi\/meet\/.*crt/ssl_certificate\ $CERT_CRT_ESC/g" \
$CONF_FILE
echo "service nginx reload" >> $CRON_FILE
service nginx reload
elif [ -f /etc/apache2/sites-enabled/$DOMAIN.conf ] ; then
./certbot-auto certonly --noninteractive \
--webroot --webroot-path /usr/share/jitsi-meet \
-d $DOMAIN \
--agree-tos --email $EMAIL
echo "Configuring apache2"
CONF_FILE="/etc/apache2/sites-available/$DOMAIN.conf"
CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')
CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')
sed -i "s/SSLCertificateKeyFile\ \/etc\/jitsi\/meet\/.*key/SSLCertificateKeyFile\ $CERT_KEY_ESC/g" \
$CONF_FILE
CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')
CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')
sed -i "s/SSLCertificateFile\ \/etc\/jitsi\/meet\/.*crt/SSLCertificateFile\ $CERT_CRT_ESC/g" \
$CONF_FILE
echo "service apache2 reload" >> $CRON_FILE
service apache2 reload
fi
# the cron file that will renew certificates
chmod a+x $CRON_FILE