"Fossies" - the Fresh Open Source Software Archive

Member "jitsi-meet-4420/resources/install-letsencrypt-cert.sh" (18 Sep 2020, 4913 Bytes) of package /linux/misc/jitsi-meet-4420.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 #!/bin/bash
    2 
    3 set -e
    4 
    5 DEB_CONF_RESULT=`debconf-show jitsi-meet-web-config | grep jvb-hostname`
    6 DOMAIN="${DEB_CONF_RESULT##*:}"
    7 # remove whitespace
    8 DOMAIN="$(echo -e "${DOMAIN}" | tr -d '[:space:]')"
    9 
   10 echo "-------------------------------------------------------------------------"
   11 echo "This script will:"
   12 echo "- Need a working DNS record pointing to this machine(for domain ${DOMAIN})"
   13 echo "- Download certbot-auto from https://dl.eff.org to /usr/local/sbin"
   14 echo "- Install additional dependencies in order to request Let’s Encrypt certificate"
   15 echo "- If running with jetty serving web content, will stop Jitsi Videobridge"
   16 echo "- Configure and reload nginx or apache2, whichever is used"
   17 echo "- Configure the coturn server to use Let's Encrypt certificate and add required deploy hooks"
   18 echo "- Add command in weekly cron job to renew certificates regularly"
   19 echo ""
   20 echo "You need to agree to the ACME server's Subscriber Agreement (https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf) "
   21 echo "by providing an email address for important account notifications"
   22 
   23 echo -n "Enter your email and press [ENTER]: "
   24 read EMAIL
   25 
   26 if [ ! -x "$(command -v certbot)" ] ; then
   27     DISTRO=$(lsb_release -is)
   28     DISTRO_VERSION=$(lsb_release -rs)
   29     if [ "$DISTRO" = "Debian" ]; then
   30         apt-get update
   31         apt-get -y install certbot
   32     elif [ "$DISTRO" = "Ubuntu" ]; then
   33         if [ "$DISTRO_VERSION" = "20.04" ] || [ "$DISTRO_VERSION" = "19.10" ]; then
   34                 apt-get update
   35                 apt-get -y install software-properties-common
   36                 add-apt-repository -y universe
   37                 apt-get update
   38                 apt-get -y install certbot
   39         elif [ "$DISTRO_VERSION" = "18.04" ]; then
   40                 apt-get update
   41                 apt-get -y install software-properties-common
   42                 add-apt-repository -y universe
   43                 add-apt-repository -y ppa:certbot/certbot
   44                 apt-get update
   45                 apt-get -y install certbot
   46         fi
   47     else
   48         echo "$DISTRO $DISTRO_VERSION is not supported"
   49         echo "Only Debian 9,10 and Ubuntu 18.04,19.10,20.04 are supported"
   50         exit 1
   51     fi
   52 fi
   53 
   54 CRON_FILE="/etc/cron.weekly/letsencrypt-renew"
   55 if [ ! -d "/etc/cron.weekly" ] ; then
   56     mkdir "/etc/cron.weekly"
   57 fi
   58 echo "#!/bin/bash" > $CRON_FILE
   59 echo "/usr/bin/certbot renew >> /var/log/le-renew.log" >> $CRON_FILE
   60 
   61 CERT_KEY="/etc/letsencrypt/live/$DOMAIN/privkey.pem"
   62 CERT_CRT="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"
   63 
   64 if [ -f /etc/nginx/sites-enabled/$DOMAIN.conf ] ; then
   65 
   66     TURN_CONFIG="/etc/turnserver.conf"
   67     TURN_HOOK=/etc/letsencrypt/renewal-hooks/deploy/0000-coturn-certbot-deploy.sh
   68     if [ -f $TURN_CONFIG ] && grep -q "jitsi-meet coturn config" "$TURN_CONFIG" ; then
   69         mkdir -p $(dirname $TURN_HOOK)
   70 
   71         cp /usr/share/jitsi-meet-turnserver/coturn-certbot-deploy.sh $TURN_HOOK
   72         chmod u+x $TURN_HOOK
   73         sed -i "s/jitsi-meet.example.com/$DOMAIN/g" $TURN_HOOK
   74 
   75         /usr/bin/certbot certonly --noninteractive \
   76         --webroot --webroot-path /usr/share/jitsi-meet \
   77         -d $DOMAIN \
   78         --agree-tos --email $EMAIL \
   79         --deploy-hook $TURN_HOOK
   80     else
   81         /usr/bin/certbot certonly --noninteractive \
   82         --webroot --webroot-path /usr/share/jitsi-meet \
   83         -d $DOMAIN \
   84         --agree-tos --email $EMAIL
   85     fi
   86 
   87     echo "Configuring nginx"
   88 
   89     CONF_FILE="/etc/nginx/sites-available/$DOMAIN.conf"
   90     CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')
   91     CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')
   92     sed -i "s/ssl_certificate_key\ \/etc\/jitsi\/meet\/.*key/ssl_certificate_key\ $CERT_KEY_ESC/g" \
   93         $CONF_FILE
   94     CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')
   95     CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')
   96     sed -i "s/ssl_certificate\ \/etc\/jitsi\/meet\/.*crt/ssl_certificate\ $CERT_CRT_ESC/g" \
   97         $CONF_FILE
   98 
   99     echo "service nginx reload" >> $CRON_FILE
  100     service nginx reload
  101 elif [ -f /etc/apache2/sites-enabled/$DOMAIN.conf ] ; then
  102 
  103     /usr/bin/certbot certonly --noninteractive \
  104     --webroot --webroot-path /usr/share/jitsi-meet \
  105     -d $DOMAIN \
  106     --agree-tos --email $EMAIL
  107 
  108     echo "Configuring apache2"
  109 
  110     CONF_FILE="/etc/apache2/sites-available/$DOMAIN.conf"
  111     CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g')
  112     CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g')
  113     sed -i "s/SSLCertificateKeyFile\ \/etc\/jitsi\/meet\/.*key/SSLCertificateKeyFile\ $CERT_KEY_ESC/g" \
  114         $CONF_FILE
  115     CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g')
  116     CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g')
  117     sed -i "s/SSLCertificateFile\ \/etc\/jitsi\/meet\/.*crt/SSLCertificateFile\ $CERT_CRT_ESC/g" \
  118         $CONF_FILE
  119 
  120     echo "service apache2 reload" >> $CRON_FILE
  121     service apache2 reload
  122 fi
  123 
  124 # the cron file that will renew certificates
  125 chmod a+x $CRON_FILE