"Fossies" - the Fresh Open Source Software Archive

Member "jitsi-meet-6193/resources/install-letsencrypt-cert.sh" (20 May 2022, 4907 Bytes) of package /linux/misc/jitsi-meet-6193.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "install-letsencrypt-cert.sh": jitsi-meet_7210_vs_jitsi-meet_7287.

    1 #!/bin/bash
    2 
    3 set -e
    4 
    5 DEB_CONF_RESULT=`debconf-show jitsi-meet-web-config | grep jvb-hostname`
    6 DOMAIN="${DEB_CONF_RESULT##*:}"
    7 # remove whitespace
    8 DOMAIN="$(echo -e "${DOMAIN}" | tr -d '[:space:]')"
    9 
   10 echo "-------------------------------------------------------------------------"
   11 echo "This script will:"
   12 echo "- Need a working DNS record pointing to this machine(for domain ${DOMAIN})"
   13 echo "- Download certbot-auto from https://dl.eff.org to /usr/local/sbin"
   14 echo "- Install additional dependencies in order to request Let’s Encrypt certificate"
   15 echo "- If running with jetty serving web content, will stop Jitsi Videobridge"
   16 echo "- Configure and reload nginx or apache2, whichever is used"
   17 echo "- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks"
   18 echo "- Add command in weekly cron job to renew certificates regularly"
   19 echo ""
   20 echo "You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) "
   21 echo "by providing an email address for important account notifications"
   22 
   23 echo -n "Enter your email and press [ENTER]: "
   24 read EMAIL
   25 
   26 CERTBOT="$(command -v certbot || true)"
   27 if [ ! -x "$CERTBOT" ] ; then
   28     DISTRO=$(lsb_release -is)
   29     DISTRO_VERSION=$(lsb_release -rs)
   30 
   31     if [ "$DISTRO" != "Debian" ] && [ "$DISTRO" != "Ubuntu" ]; then
   32         echo "$DISTRO $DISTRO_VERSION is not supported"
   33         echo "Only Debian and Ubuntu 18.04+ are supported"
   34         exit 1
   35     fi
   36 
   37     if [ "$DISTRO" = "Ubuntu" ]; then
   38         apt-get update
   39         apt-get -y install software-properties-common
   40         add-apt-repository -y universe
   41         if [ "$DISTRO_VERSION" = "18.04" ]; then
   42             add-apt-repository -y ppa:certbot/certbot
   43         fi
   44     fi
   45 
   46     apt-get update
   47     apt-get -y install certbot
   48 
   49     CERTBOT="$(command -v certbot)"
   50 fi
   51 
   52 CRON_FILE="/etc/cron.weekly/letsencrypt-renew"
   53 if [ ! -d "/etc/cron.weekly" ] ; then
   54     mkdir "/etc/cron.weekly"
   55 fi
   56 echo "#!/bin/bash" > $CRON_FILE
   57 echo "$CERTBOT renew >> /var/log/le-renew.log" >> $CRON_FILE
   58 
   59 CERT_KEY="/etc/letsencrypt/live/$DOMAIN/privkey.pem"
   60 CERT_CRT="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"
   61 
   62 if [ -f /etc/nginx/sites-enabled/$DOMAIN.conf ] ; then
   63 
   64     TURN_CONFIG="/etc/turnserver.conf"
   65     TURN_HOOK=/etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh
   66     if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then
   67         mkdir -p $(dirname $TURN_HOOK)
   68 
   69         cp /usr/share/jitsi-meet-turnserver/coturn-certbot-deploy.sh $TURN_HOOK
   70         chmod u+x $TURN_HOOK
   71         sed -i "s/jitsi-meet.example.com/$DOMAIN/g" $TURN_HOOK
   72 
   73         $CERTBOT certonly --noninteractive \
   74         --webroot --webroot-path /usr/share/jitsi-meet \
   75         -d $DOMAIN \
   76         --agree-tos --email $EMAIL \
   77         --deploy-hook $TURN_HOOK
   78     else
   79         $CERTBOT certonly --noninteractive \
   80         --webroot --webroot-path /usr/share/jitsi-meet \
   81         -d $DOMAIN \
   82         --agree-tos --email $EMAIL
   83     fi
   84 
   85     echo "Configuring nginx"
   86 
   87     CONF_FILE="/etc/nginx/sites-available/$DOMAIN.conf"
   88     CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')
   89     CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')
   90     sed -i "s/ssl_certificate_key\ \/etc\/jitsi\/meet\/.*key/ssl_certificate_key\ $CERT_KEY_ESC/g" \
   91         $CONF_FILE
   92     CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')
   93     CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')
   94     sed -i "s/ssl_certificate\ \/etc\/jitsi\/meet\/.*crt/ssl_certificate\ $CERT_CRT_ESC/g" \
   95         $CONF_FILE
   96     
   97     if type service >/dev/null 2>&1
   98     then 
   99         service nginx reload
  100         echo "service nginx reload" >> $CRON_FILE
  101     else 
  102         systemctl reload nginx.service 
  103         echo "systemctl reload nginx.service" >> $CRON_FILE
  104     fi
  105     
  106 elif [ -f /etc/apache2/sites-enabled/$DOMAIN.conf ] ; then
  107 
  108     $CERTBOT certonly --noninteractive \
  109     --webroot --webroot-path /usr/share/jitsi-meet \
  110     -d $DOMAIN \
  111     --agree-tos --email $EMAIL
  112 
  113     echo "Configuring apache2"
  114 
  115     CONF_FILE="/etc/apache2/sites-available/$DOMAIN.conf"
  116     CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')
  117     CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')
  118     sed -i "s/SSLCertificateKeyFile\ \/etc\/jitsi\/meet\/.*key/SSLCertificateKeyFile\ $CERT_KEY_ESC/g" \
  119         $CONF_FILE
  120     CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')
  121     CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')
  122     sed -i "s/SSLCertificateFile\ \/etc\/jitsi\/meet\/.*crt/SSLCertificateFile\ $CERT_CRT_ESC/g" \
  123         $CONF_FILE
  124     
  125     if type service >/dev/null 2>&1
  126     then 
  127         service apache2 reload
  128         echo "service apache2 reload" >> $CRON_FILE
  129     else 
  130         systemctl reload apache2.service 
  131         echo "systemctl reload apache2.service" >> $CRON_FILE
  132     fi
  133 fi
  134 
  135 # the cron file that will renew certificates
  136 chmod a+x $CRON_FILE