1 #!/bin/bash 2 3 set -e 4 5 echo "-------------------------------------------------------------------------" 6 echo "This script will:" 7 echo "- Need a working DNS record pointing to this machine(for hostname ${DOMAIN})" 8 echo "- Install additional dependencies in order to request Let’s Encrypt certificate (acme.sh)" 9 echo "- Configure and reload nginx or apache2, whichever is used" 10 echo "- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks" 11 echo "- Configure renew of certificate" 12 echo "" 13 14 EMAIL=$1 15 16 if [ -z "$EMAIL" ]; then 17 echo "You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) " 18 echo "by providing an email address for important account notifications" 19 20 echo -n "Enter your email and press [ENTER]: " 21 read EMAIL 22 fi 23 24 DOMAIN=$2 25 if [ -z "$DOMAIN" ]; then 26 DEB_CONF_RESULT=$(debconf-show jitsi-meet-web-config | grep jitsi-meet/jvb-hostname) 27 DOMAIN="${DEB_CONF_RESULT##*:}" 28 fi 29 # remove whitespace 30 DOMAIN="$(echo -e "${DOMAIN}" | tr -d '[:space:]')" 31 32 33 export HOME=/opt/acmesh 34 curl https://get.acme.sh | sh -s email=$EMAIL 35 36 # Checks whether nginx or apache is installed 37 NGINX_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx' 2>/dev/null | awk '{print $3}' || true)" 38 NGINX_FULL_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx-full' 2>/dev/null | awk '{print $3}' || true)" 39 NGINX_EXTRAS_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'nginx-extras' 2>/dev/null | awk '{print $3}' || true)" 40 OPENRESTY_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'openresty' 2>/dev/null | awk '{print $3}' || true)" 41 APACHE_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'apache2' 2>/dev/null | awk '{print $3}' || true)" 42 43 RELOAD_CMD="" 44 if [ "$NGINX_INSTALL_CHECK" = "installed" ] || [ "$NGINX_INSTALL_CHECK" = "unpacked" ] \ 45 || [ "$NGINX_FULL_INSTALL_CHECK" = "installed" ] || [ "$NGINX_FULL_INSTALL_CHECK" = "unpacked" ] \ 46 || [ "$NGINX_EXTRAS_INSTALL_CHECK" = "installed" ] || [ "$NGINX_EXTRAS_INSTALL_CHECK" = "unpacked" ]; then 47 RELOAD_CMD="systemctl force-reload nginx.service" 48 elif [ "$OPENRESTY_INSTALL_CHECK" = "installed" ] || [ "$OPENRESTY_INSTALL_CHECK" = "unpacked" ] ; then 49 RELOAD_CMD="systemctl force-reload openresty.service" 50 elif [ "$APACHE_INSTALL_CHECK" = "installed" ] || [ "$APACHE_INSTALL_CHECK" = "unpacked" ] ; then 51 RELOAD_CMD="systemctl force-reload apache2.service" 52 else 53 RELOAD_CMD="echo 'No webserver found'" 54 fi 55 56 RELOAD_CMD+=" && /usr/share/jitsi-meet/scripts/coturn-le-update.sh ${DOMAIN}" 57 58 ISSUE_FAILED_CODE=0 59 ISSUE_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh -f --issue -d ${DOMAIN} -w /usr/share/jitsi-meet --server letsencrypt" 60 eval "${ISSUE_CERT_CMD}" || ISSUE_FAILED_CODE=$? 61 62 INSTALL_CERT_CMD="/opt/acmesh/.acme.sh/acme.sh -f --install-cert -d ${DOMAIN} --key-file /etc/jitsi/meet/${DOMAIN}.key --fullchain-file /etc/jitsi/meet/${DOMAIN}.crt --reloadcmd \"${RELOAD_CMD}\"" 63 if [ ${ISSUE_FAILED_CODE} -ne 0 ] ; then 64 # it maybe this certificate already exists (code 2 - skip, no need to renew) 65 if [ ${ISSUE_FAILED_CODE} -eq 2 ]; then 66 eval "$INSTALL_CERT_CMD" 67 else 68 echo "Issuing the certificate from Let's Encrypt failed, continuing ..." 69 echo "You can retry later by executing:" 70 echo "/usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh $EMAIL" 71 fi 72 else 73 eval "$INSTALL_CERT_CMD" 74 fi