-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathquick-start.sh
executable file
·159 lines (136 loc) · 3.59 KB
/
quick-start.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
#!/bin/bash
set -o pipefail
script_name=`basename "$0"`
script_abs_name=`readlink -f "$0"`
script_path=`dirname "$script_abs_name"`
# check root
if [ `id -u` != '0' ]
then
echo "error: must run by root"
exit 1
fi
# check nginx
which nginx >/dev/null 2>&1
if [ $? -ne 0 ]
then
echo "error: nginx not installed"
exit 1
fi
# check php
which php >/dev/null 2>&1
if [ $? -ne 0 ]
then
echo "error: php not installed"
exit 1
fi
# get domain
if [ ! -f "$script_path"/domain.txt ]
then
echo "error: can not find domain.txt, please put your domain in domain.txt"
exit 1
fi
domain_list=`cat "$script_path"/domain.txt`
if [ $? -ne 0 ]; then exit 1; fi
# check 80 port
(echo >/dev/tcp/localhost/80) >/dev/null 2>&1
if [ $? -eq 0 ]
then
echo "error: 80 port is in use, please shutdown your system nginx first"
exit 1
fi
# search openssl.cnf
openssl_cnf_file_list="
/etc/ssl/openssl.cnf
/etc/pki/tls/openssl.cnf"
for file in $openssl_cnf_file_list
do
if [ -f "$file" ]
then
openssl_cnf_file=$file
break
fi
done
if [ -z "$openssl_cnf_file" ]
then
echo "can not find openssl.cnf"
exit 1
fi
# create work dir
mkdir -p "$script_path"/work
if [ $? -ne 0 ]; then exit 1; fi
mkdir -p "$script_path"/work/acme-challenge
if [ $? -ne 0 ]; then exit 1; fi
mkdir -p "$script_path"/work/log
if [ $? -ne 0 ]; then exit 1; fi
mkdir -p "$script_path"/work/tmp
if [ $? -ne 0 ]; then exit 1; fi
mkdir -p "$script_path"/cert
if [ $? -ne 0 ]; then exit 1; fi
# generate account private key
if [ ! -f "$script_path"/cert/account.key ]
then
openssl genrsa -out "$script_path"/cert/account.key 4096 >/dev/null 2>&1
if [ $? -ne 0 ]
then
echo "error: generate account private key failed"
exit 1
fi
fi
# generate domain private key
if [ ! -f "$script_path"/cert/ssl.key ]
then
openssl genrsa -out "$script_path"/cert/ssl.key 2048 >/dev/null 2>&1
if [ $? -ne 0 ]
then
echo "error: generate domain private key failed"
exit 1
fi
fi
# generate csr from domain private key
if [ ! -f "$script_path"/cert/domain.csr ]
then
for domain in $domain_list
do
alt_name="$alt_name""DNS:$domain,"
done
cp "$openssl_cnf_file" "$script_path"/cert/domain.conf
if [ $? -ne 0 ]; then exit 1; fi
printf "[SAN]\nsubjectAltName=" >> "$script_path"/cert/domain.conf
if [ $? -ne 0 ]; then exit 1; fi
printf "$alt_name" | sed 's/,$//g' >> "$script_path"/cert/domain.conf
if [ $? -ne 0 ]; then exit 1; fi
openssl req -new -sha256 \
-key cert/ssl.key \
-out "$script_path"/cert/domain.csr \
-subj "/" -reqexts SAN \
-config "$script_path"/cert/domain.conf
if [ $? -ne 0 ]; then exit 1; fi
fi
# start cert-nginx process
bash "$script_path"/cert-nginx.init start
# setup cleanup function
do_cleanup() {
bash "$script_path"/cert-nginx.init stop
}
trap do_cleanup EXIT
# get cert
echo "[getting cert from Let's Encrypt][may be serveral minutes]"
for domain in $domain_list
do
domain_param="$domain_param""$domain;"
done
domain_param=`printf "$domain_param" | sed 's/;$//g'`
if [ $? -ne 0 ]; then exit 1; fi
php "$script_path"/acme-v2-client.php \
-a "$script_path"/cert/account.key \
-r "$script_path"/cert/domain.csr \
-d "$domain_param" \
-c "$script_path"/work/acme-challenge \
-o "$script_path"/cert/ssl.crt.new
if [ $? -ne 0 ]; then exit 1; fi
cp "$script_path"/cert/ssl.crt.new \
"$script_path"/cert/ssl.crt
if [ $? -ne 0 ]; then exit 1; fi
find "$script_path"/work/acme-challenge -type f -delete
if [ $? -ne 0 ]; then exit 1; fi
exit 0