Add webroot when creating a certificate and use letsencrypt.conf for all installations
This commit is contained in:
parent
0313e835b0
commit
42d996a60d
@ -1336,19 +1336,17 @@ install_product () {
|
||||
reconfigure APP_URL_PORTAL "${APP_URL_PORTAL:-"http://${PACKAGE_SYSNAME}-router:8092"}"
|
||||
reconfigure EXTERNAL_PORT ${EXTERNAL_PORT}
|
||||
|
||||
if [ ! -z "${CERTIFICATE_PATH}" ] && [ ! -z "${CERTIFICATE_KEY_PATH}" ]; then
|
||||
bash $BASE_DIR/config/${PRODUCT}-ssl-setup -f "${CERTIFICATE_PATH}" "${CERTIFICATE_KEY_PATH}"
|
||||
PROXY_YML="${BASE_DIR}/proxy-ssl.yml"
|
||||
elif [ ! -z "${LETS_ENCRYPT_DOMAIN}" ] && [ ! -z "${LETS_ENCRYPT_MAIL}" ]; then
|
||||
bash $BASE_DIR/config/${PRODUCT}-ssl-setup "${LETS_ENCRYPT_MAIL}" "${LETS_ENCRYPT_DOMAIN}"
|
||||
PROXY_YML="${BASE_DIR}/proxy-ssl.yml"
|
||||
fi
|
||||
|
||||
docker-compose -f $BASE_DIR/migration-runner.yml up -d
|
||||
docker-compose -f $BASE_DIR/${PRODUCT}.yml up -d
|
||||
docker-compose -f ${PROXY_YML} up -d
|
||||
docker-compose -f $BASE_DIR/notify.yml up -d
|
||||
docker-compose -f $BASE_DIR/healthchecks.yml up -d
|
||||
|
||||
if [ ! -z "${CERTIFICATE_PATH}" ] && [ ! -z "${CERTIFICATE_KEY_PATH}" ]; then
|
||||
bash $BASE_DIR/config/${PRODUCT}-ssl-setup -f "${CERTIFICATE_PATH}" "${CERTIFICATE_KEY_PATH}"
|
||||
elif [ ! -z "${LETS_ENCRYPT_DOMAIN}" ] && [ ! -z "${LETS_ENCRYPT_MAIL}" ]; then
|
||||
bash $BASE_DIR/config/${PRODUCT}-ssl-setup "${LETS_ENCRYPT_MAIL}" "${LETS_ENCRYPT_DOMAIN}"
|
||||
fi
|
||||
}
|
||||
|
||||
make_swap () {
|
||||
|
@ -7,6 +7,7 @@ DIR="/usr/bin"
|
||||
LETSENCRYPT="/etc/letsencrypt/live";
|
||||
NGINX="/etc/nginx/conf.d"
|
||||
DHPARAM_FILE="/etc/ssl/certs/dhparam.pem"
|
||||
WEBROOT_PATH="/var/www/${PRODUCT}"
|
||||
|
||||
if [ "$#" -ge "2" ]; then
|
||||
if [ "$1" != "-f" ]; then
|
||||
@ -27,8 +28,8 @@ if [ "$#" -ge "2" ]; then
|
||||
echo "Generating Let's Encrypt SSL Certificates..."
|
||||
|
||||
# Request and generate Let's Encrypt SSL certificate
|
||||
echo certbot certonly --expand --webroot --noninteractive --agree-tos --email ${MAIL} -d ${DOMAIN} > /var/log/le-start.log
|
||||
certbot certonly --expand --webroot --noninteractive --agree-tos --email ${MAIL} -d ${DOMAIN} > /var/log/le-new.log
|
||||
echo certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAIN} > /var/log/le-start.log
|
||||
certbot certonly --expand --webroot -w ${WEBROOT_PATH} --cert-name ${PRODUCT} --noninteractive --agree-tos --email ${MAIL} -d ${DOMAIN} > /var/log/le-new.log
|
||||
else
|
||||
echo "Using specified files to configure SSL..."
|
||||
|
||||
@ -38,8 +39,8 @@ if [ "$#" -ge "2" ]; then
|
||||
|
||||
[[ ! -f "${DHPARAM_FILE}" ]] && openssl dhparam -out ${DHPARAM_FILE} 4096
|
||||
|
||||
CERTIFICATE_FILE="${CERTIFICATE_FILE:-"${LETSENCRYPT}/${DOMAIN}/fullchain.pem"}"
|
||||
PRIVATEKEY_FILE="${PRIVATEKEY_FILE:-"${LETSENCRYPT}/${DOMAIN}/privkey.pem"}"
|
||||
CERTIFICATE_FILE="${CERTIFICATE_FILE:-"${LETSENCRYPT}/${PRODUCT}/fullchain.pem"}"
|
||||
PRIVATEKEY_FILE="${PRIVATEKEY_FILE:-"${LETSENCRYPT}/${PRODUCT}/privkey.pem"}"
|
||||
|
||||
if [ -f "${CERTIFICATE_FILE}" -a -f ${PRIVATEKEY_FILE} ]; then
|
||||
if [ -f "${NGINX}/onlyoffice-proxy-ssl.conf.template" ]; then
|
||||
|
@ -3,6 +3,7 @@
|
||||
../../../build/install/docker/config/nginx/templates/*.template etc/onlyoffice/{{product}}/nginx
|
||||
../../../build/install/docker/config/nginx/onlyoffice* etc/nginx/conf.d
|
||||
../../../config/nginx/onlyoffice*.conf etc/nginx/conf.d
|
||||
../../../build/install/docker/config/nginx/letsencrypt* etc/nginx/includes
|
||||
../../../config/nginx/includes/onlyoffice*.conf etc/nginx/includes
|
||||
../../../build/deploy/public/* var/www/{{product}}/public
|
||||
../../../build/deploy/client/* var/www/{{product}}/client
|
||||
|
@ -50,7 +50,8 @@ override_dh_auto_build:
|
||||
sed 's_\(minlevel=\)".*"_\1"Warn"_g' -i ${SRC_PATH}/config/nlog.config
|
||||
|
||||
sed 's/teamlab.info/onlyoffice.com/g' -i ${SRC_PATH}/config/autofac.consumers.json
|
||||
sed -e 's/$$router_host/127.0.0.1/g' -e '/proxy_set_header/d' -i ${SRC_PATH}/build/install/docker/config/nginx/onlyoffice-proxy*.conf
|
||||
sed -e 's/$$router_host/127.0.0.1/g' -e '/proxy_set_header/d' -e 's|includes|/etc/nginx/includes|g' -i ${SRC_PATH}/build/install/docker/config/nginx/onlyoffice-proxy*.conf
|
||||
sed "s|\(.*root\).*;|\1 \"/var/www/${PRODUCT}";|g" -i ${SRC_PATH}/build/install/docker/config/nginx/letsencrypt.conf
|
||||
sed -e '/.pid/d' -e '/temp_path/d' -i ${SRC_PATH}/build/install/docker/config/nginx/templates/nginx.conf.template
|
||||
mv -f ${SRC_PATH}/build/install/docker/config/nginx/onlyoffice-proxy-ssl.conf ${SRC_PATH}/build/install/docker/config/nginx/onlyoffice-proxy-ssl.conf.template
|
||||
|
||||
|
@ -7,6 +7,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
DOCKERCOMPOSE=$(dirname "$DIR")
|
||||
LETSENCRYPT="/etc/letsencrypt/live";
|
||||
DHPARAM_FILE="/etc/ssl/certs/dhparam.pem"
|
||||
WEBROOT_PATH="/letsencrypt"
|
||||
|
||||
if [ "$#" -ge "2" ]; then
|
||||
if [ "$1" != "-f" ]; then
|
||||
@ -15,7 +16,7 @@ if [ "$#" -ge "2" ]; then
|
||||
LETSENCRYPT_ENABLE="true"
|
||||
|
||||
if [ -f "${DOCKERCOMPOSE}/proxy.yml" ]; then
|
||||
docker-compose -f ${DOCKERCOMPOSE}/proxy.yml down
|
||||
:
|
||||
elif [ -f "/app/onlyoffice/proxy.yml" ]; then
|
||||
DOCKERCOMPOSE="/app/onlyoffice"
|
||||
DIR="/app/onlyoffice/config"
|
||||
@ -23,14 +24,25 @@ if [ "$#" -ge "2" ]; then
|
||||
echo "Error: proxy configuration file not found." && exit 1
|
||||
fi
|
||||
|
||||
if ! docker ps -f "name=onlyoffice-proxy" --format '{{.Names}}' | grep -q "onlyoffice-proxy"; then
|
||||
echo "Error: the proxy container is not running" && exit 1
|
||||
fi
|
||||
|
||||
if ! docker volume inspect "onlyoffice_webroot_path" &> /dev/null; then
|
||||
echo "Error: missing webroot_path volume" && exit 1
|
||||
fi
|
||||
|
||||
echo "Generating Let's Encrypt SSL Certificates..."
|
||||
|
||||
# Request and generate Let's Encrypt SSL certificate
|
||||
docker run -it --rm \
|
||||
-v /etc/letsencrypt:/etc/letsencrypt \
|
||||
-v /var/lib/letsencrypt:/var/lib/letsencrypt \
|
||||
-v /var/log:/var/log \
|
||||
-v onlyoffice_webroot_path:${WEBROOT_PATH} \
|
||||
certbot/certbot certonly \
|
||||
--webroot --non-interactive --agree-tos --email ${MAIL} -d ${DOMAIN}
|
||||
--expand --webroot -w ${WEBROOT_PATH} \
|
||||
--cert-name ${PRODUCT} --non-interactive --agree-tos --email ${MAIL} -d ${DOMAIN}
|
||||
else
|
||||
echo "Using specified files to configure SSL..."
|
||||
|
||||
@ -40,11 +52,13 @@ if [ "$#" -ge "2" ]; then
|
||||
|
||||
[[ ! -f "${DHPARAM_FILE}" ]] && openssl dhparam -out ${DHPARAM_FILE} 4096
|
||||
|
||||
CERTIFICATE_FILE="${CERTIFICATE_FILE:-"${LETSENCRYPT}/${DOMAIN}/fullchain.pem"}"
|
||||
PRIVATEKEY_FILE="${PRIVATEKEY_FILE:-"${LETSENCRYPT}/${DOMAIN}/privkey.pem"}"
|
||||
CERTIFICATE_FILE="${CERTIFICATE_FILE:-"${LETSENCRYPT}/${PRODUCT}/fullchain.pem"}"
|
||||
PRIVATEKEY_FILE="${PRIVATEKEY_FILE:-"${LETSENCRYPT}/${PRODUCT}/privkey.pem"}"
|
||||
|
||||
if [ -f "${CERTIFICATE_FILE}" -a -f ${PRIVATEKEY_FILE} ]; then
|
||||
if [ -f ${DOCKERCOMPOSE}/.env -a -f ${DOCKERCOMPOSE}/proxy-ssl.yml ]; then
|
||||
docker-compose -f ${DOCKERCOMPOSE}/proxy.yml down
|
||||
|
||||
sed -i "s~\(APP_URL_PORTAL=\).*~\1\"https://${DOMAIN:-$(hostname --fqdn)}\"~g" ${DOCKERCOMPOSE}/.env
|
||||
sed -i "s~\(CERTIFICATE_PATH=\).*~\1\"${CERTIFICATE_FILE}\"~g" ${DOCKERCOMPOSE}/.env
|
||||
sed -i "s~\(CERTIFICATE_KEY_PATH=\).*~\1\"${PRIVATEKEY_FILE}\"~g" ${DOCKERCOMPOSE}/.env
|
||||
|
@ -1,4 +1,4 @@
|
||||
location ~ /.well-known/acme-challenge {
|
||||
root "{APPDIR}letsencrypt";
|
||||
root "/letsencrypt";
|
||||
allow all;
|
||||
}
|
||||
}
|
||||
|
@ -57,6 +57,6 @@ server {
|
||||
location / {
|
||||
proxy_pass http://$router_host:8092;
|
||||
}
|
||||
# The letsencrypt.conf is used for SSL configuration on Windows
|
||||
# include includes/letsencrypt.conf;
|
||||
|
||||
include includes/letsencrypt.conf;
|
||||
}
|
||||
|
@ -12,6 +12,6 @@ server {
|
||||
location / {
|
||||
proxy_pass http://$router_host:8092;
|
||||
}
|
||||
# The letsencrypt.conf is used for SSL configuration on Windows
|
||||
# include includes/letsencrypt.conf;
|
||||
|
||||
include includes/letsencrypt.conf;
|
||||
}
|
||||
|
@ -21,8 +21,10 @@ services:
|
||||
environment:
|
||||
- ROUTER_HOST=${ROUTER_HOST}
|
||||
volumes:
|
||||
- webroot_path:/letsencrypt
|
||||
- proxy_log:/var/log/nginx
|
||||
- ./config/nginx/templates/nginx.conf.template:/etc/nginx/nginx.conf
|
||||
- ./config/nginx/letsencrypt.conf:/etc/nginx/includes/letsencrypt.conf
|
||||
- ./config/nginx/templates/proxy.upstream.conf.template:/etc/nginx/templates/proxy.upstream.conf.template:ro
|
||||
- ./config/nginx/onlyoffice-proxy-ssl.conf:/etc/nginx/conf.d/default.conf
|
||||
- ${CERTIFICATE_PATH}:/usr/local/share/ca-certificates/tls.crt
|
||||
@ -36,3 +38,4 @@ networks:
|
||||
|
||||
volumes:
|
||||
proxy_log:
|
||||
webroot_path:
|
||||
|
@ -20,8 +20,10 @@ services:
|
||||
environment:
|
||||
- ROUTER_HOST=${ROUTER_HOST}
|
||||
volumes:
|
||||
- webroot_path:/letsencrypt
|
||||
- proxy_log:/var/log/nginx
|
||||
- ./config/nginx/templates/nginx.conf.template:/etc/nginx/nginx.conf
|
||||
- ./config/nginx/letsencrypt.conf:/etc/nginx/includes/letsencrypt.conf
|
||||
- ./config/nginx/templates/proxy.upstream.conf.template:/etc/nginx/templates/proxy.upstream.conf.template:ro
|
||||
- ./config/nginx/onlyoffice-proxy.conf:/etc/nginx/conf.d/default.conf
|
||||
|
||||
@ -32,3 +34,4 @@ networks:
|
||||
|
||||
volumes:
|
||||
proxy_log:
|
||||
webroot_path:
|
||||
|
@ -21,8 +21,9 @@ json -I -f %{_builddir}/%{sourcename}/config/apisystem.json -e "this.core.notify
|
||||
sed 's_\(minlevel=\)".*"_\1"Warn"_g' -i %{_builddir}/%{sourcename}/config/nlog.config
|
||||
|
||||
sed 's/teamlab.info/onlyoffice.com/g' -i %{_builddir}/%{sourcename}/config/autofac.consumers.json
|
||||
sed -e 's/$router_host/127.0.0.1/g' -e '/proxy_set_header/d' -i %{_builddir}/%{sourcename}/build/install/docker/config/nginx/onlyoffice-proxy*.conf
|
||||
sed -e 's/$router_host/127.0.0.1/g' -e '/proxy_set_header/d' -e 's|includes|/etc/nginx/includes|g' -i %{_builddir}/%{sourcename}/build/install/docker/config/nginx/onlyoffice-proxy*.conf
|
||||
sed -e '/.pid/d' -e '/temp_path/d' -i %{_builddir}/%{sourcename}/build/install/docker/config/nginx/templates/nginx.conf.template
|
||||
sed -i "s|\(.*root\).*;|\1 \"/var/www/%{product}";|g" -i %{_builddir}/%{sourcename}/build/install/docker/config/nginx/letsencrypt.conf
|
||||
|
||||
find %{_builddir}/%{sourcename}/publish/ \
|
||||
%{_builddir}/%{sourcename}/ASC.Migration.Runner \
|
||||
|
@ -62,5 +62,6 @@ cp -rf %{_builddir}/%{sourcename}/publish/services/ASC.Web.HealthChecks.UI/servi
|
||||
cp -rf %{_builddir}/%{sourcename}/publish/services/ASC.Web.Studio/service/* "%{buildroot}%{buildpath}/studio/ASC.Web.Studio/"
|
||||
cp -rf %{_builddir}/%{sourcename}/build/install/docker/config/nginx/onlyoffice-proxy.conf "%{buildroot}%{_sysconfdir}/nginx/conf.d/onlyoffice-proxy.conf"
|
||||
cp -rf %{_builddir}/%{sourcename}/build/install/docker/config/nginx/onlyoffice-proxy-ssl.conf "%{buildroot}%{_sysconfdir}/nginx/conf.d/onlyoffice-proxy-ssl.conf.template"
|
||||
cp -rf %{_builddir}/%{sourcename}/build/install/docker/config/nginx/letsencrypt.conf "%{buildroot}%{_sysconfdir}/nginx/includes/letsencrypt.conf"
|
||||
cp -rf %{_builddir}/%{sourcename}/build/install/docker/config/nginx/templates/nginx.conf.template "%{buildroot}%{_sysconfdir}/onlyoffice/%{product}/nginx/nginx.conf.template"
|
||||
cp -rf %{_builddir}/%{sourcename}/build/install/common/%{product}-ssl-setup "%{buildroot}%{_bindir}/%{product}-ssl-setup"
|
||||
|
@ -41,7 +41,7 @@ REM echo ######## SSL configs ########
|
||||
%sed% -i "s/the_host/host/g" build\install\win\Files\nginx\conf\onlyoffice-proxy.conf build\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
|
||||
%sed% -i "s/the_scheme/scheme/g" build\install\win\Files\nginx\conf\onlyoffice-proxy.conf build\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
|
||||
%sed% -i "s/ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;/#ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;/" build\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
|
||||
%sed% -i "s/# include includes\/letsencrypt.conf/include includes\/letsencrypt.conf/" build\install\win\Files\nginx\conf\onlyoffice-proxy.conf build\install\win\Files\nginx\conf\onlyoffice-proxy-ssl.conf.tmpl
|
||||
%sed% -i "s|\(.*root\).*;|\1 \"{APPDIR}letsencrypt\";|g" -i build\install\win\Files\nginx\conf\includes\letsencrypt.conf
|
||||
|
||||
REM echo ######## Delete test and dev configs ########
|
||||
del /f /q build\install\win\Files\config\*.test.json
|
||||
|
Loading…
Reference in New Issue
Block a user