mirror of https://github.com/zulip/zulip.git
install: Add a couple Docker-specific options to the certbot scripts.
--agree-tos is useful for the Docker environment, where we won't have an interactive shell present for agreeing to the ToS. --deploy-hook is also useful for the Docker environment; it makes it possible to customize what deploy hook (if any) we pass into the underlying cerbot command.
This commit is contained in:
parent
08d890e671
commit
4999474cce
|
@ -15,6 +15,8 @@ if ! zulip_conf_get_boolean certbot auto_renew; then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
deploy_hook="${ZULIP_CERTBOT_DEPLOY_HOOK:-service nginx reload}"
|
||||||
|
|
||||||
/usr/local/sbin/certbot-auto renew --quiet \
|
/usr/local/sbin/certbot-auto renew --quiet \
|
||||||
--webroot --webroot-path=/var/lib/zulip/certbot-webroot/ \
|
--webroot --webroot-path=/var/lib/zulip/certbot-webroot/ \
|
||||||
--deploy-hook 'service nginx reload'
|
--deploy-hook "$deploy_hook"
|
||||||
|
|
|
@ -15,7 +15,7 @@ if [ "$EUID" -ne 0 ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
method=webroot
|
method=webroot
|
||||||
args="$(getopt -o '' --long help,hostname:,email:,method:,no-zulip-conf -n "$0" -- "$@")"
|
args="$(getopt -o '' --long help,hostname:,email:,method:,deploy-hook:,no-zulip-conf,agree-tos -n "$0" -- "$@")"
|
||||||
eval "set -- $args"
|
eval "set -- $args"
|
||||||
while true; do
|
while true; do
|
||||||
case "$1" in
|
case "$1" in
|
||||||
|
@ -34,6 +34,15 @@ while true; do
|
||||||
shift
|
shift
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
|
--deploy-hook)
|
||||||
|
deploy_hook=(--deploy-hook "$2")
|
||||||
|
shift
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
--agree-tos)
|
||||||
|
agree_tos=--agree-tos
|
||||||
|
shift
|
||||||
|
;;
|
||||||
--no-zulip-conf)
|
--no-zulip-conf)
|
||||||
no_zulip_conf=1
|
no_zulip_conf=1
|
||||||
shift
|
shift
|
||||||
|
@ -84,7 +93,11 @@ chmod a+x "$CERTBOT_PATH"
|
||||||
# to agree to the Let's Encrypt Subscriber Agreement (aka ToS).
|
# to agree to the Let's Encrypt Subscriber Agreement (aka ToS).
|
||||||
# Passing --force-interactive suppresses a warning, but also brings up
|
# Passing --force-interactive suppresses a warning, but also brings up
|
||||||
# an annoying prompt we stifle with --no-eff-email.
|
# an annoying prompt we stifle with --no-eff-email.
|
||||||
"$CERTBOT_PATH" certonly "${method_args[@]}" -d "$DOMAIN" -m "$EMAIL" --force-interactive --no-eff-email
|
"$CERTBOT_PATH" certonly "${method_args[@]}" \
|
||||||
|
-d "$DOMAIN" -m "$EMAIL" \
|
||||||
|
$agree_tos --force-renewal \
|
||||||
|
"${deploy_hook[@]}" \
|
||||||
|
--force-interactive --no-eff-email
|
||||||
|
|
||||||
symlink_with_backup() {
|
symlink_with_backup() {
|
||||||
if [ -e "$2" ]; then
|
if [ -e "$2" ]; then
|
||||||
|
@ -96,9 +109,13 @@ symlink_with_backup() {
|
||||||
ln -nsf "$1" "$2"
|
ln -nsf "$1" "$2"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if [ -z "$deploy_hook" ]; then
|
||||||
|
# If no deploy hook was specified, assume we're deploying to the default
|
||||||
|
# location Zulip wants.
|
||||||
CERT_DIR=/etc/letsencrypt/live/"$DOMAIN"
|
CERT_DIR=/etc/letsencrypt/live/"$DOMAIN"
|
||||||
symlink_with_backup "$CERT_DIR"/privkey.pem /etc/ssl/private/zulip.key
|
symlink_with_backup "$CERT_DIR"/privkey.pem /etc/ssl/private/zulip.key
|
||||||
symlink_with_backup "$CERT_DIR"/fullchain.pem /etc/ssl/certs/zulip.combined-chain.crt
|
symlink_with_backup "$CERT_DIR"/fullchain.pem /etc/ssl/certs/zulip.combined-chain.crt
|
||||||
|
fi
|
||||||
|
|
||||||
case "$method" in
|
case "$method" in
|
||||||
webroot)
|
webroot)
|
||||||
|
|
Loading…
Reference in New Issue