#!/bin/bash CFG_FILE=/etc/haproxy/haproxy.cfg CFG_LE_FILE=/etc/haproxy/haproxy_letsencrypt.cfg LETSENCRYPT_PORT=8888 mkdir -p /etc/letsencrypt/haproxy # Let's Encrypt # Following these instructions: # https://serversforhackers.com/c/letsencrypt-with-haproxy # Start temporary HAProxy haproxy -f $CFG_LE_FILE -D -p /tmp/haproxy.pid # Get Let's Encrypt certificates HAPROXY_CERTS="" SERVER_NAMES="${NEXTCLOUD_SERVER_NAME} ${GITEA_SERVER_NAME} ${HAUK_SERVER_NAME}" #echo Server names: $SERVER_NAMES for domain in ${DOMAINS}; do for server_name in ${SERVER_NAMES}; do _URL=${server_name}.${domain}; echo ${_URL} HAPROXY_CERTS="${HAPROXY_CERTS} crt /etc/letsencrypt/haproxy/${_URL}.pem"; if [[ ! -s /etc/letsencrypt/haproxy/${_URL}.pem ]]; then # Query Let's Encrypt certbot certonly -d ${_URL} \ --email ${ADMIN_EMAIL} --non-interactive --agree-tos \ --standalone --http-01-port=${LETSENCRYPT_PORT} if [ $? -eq 0 ]; then cat /etc/letsencrypt/live/${_URL}/fullchain.pem \ /etc/letsencrypt/live/${_URL}/privkey.pem \ > /etc/letsencrypt/haproxy/${_URL}.pem fi fi done done #sed -i "s/\${NEXTCLOUD_URL}/${NEXTCLOUD_URL}/g" $CFG_FILE #sed -i "s/\${GITEA_URL}/${GITEA_URL}/g" $CFG_FILE sed -i "s/\${NEXTCLOUD_SERVER_NAME}/${NEXTCLOUD_SERVER_NAME}/g" $CFG_FILE sed -i "s/\${GITEA_SERVER_NAME}/${GITEA_SERVER_NAME}/g" $CFG_FILE sed -i "s/\${HAUK_SERVER_NAME}/${HAUK_SERVER_NAME}/g" $CFG_FILE #echo sed -i "s/\${HAPROXY_CERTS}/${HAPROXY_CERTS}/g" ${CFG_FILE} sed -i "s/\${HAPROXY_CERTS}/${HAPROXY_CERTS//\//\\/}/g" ${CFG_FILE} #cat ${CFG_FILE} echo Killing haproxy `cat /tmp/haproxy.pid` kill -SIGTERM `cat /tmp/haproxy.pid` rm /tmp/haproxy.pid # Create renew cron job mv /usr/local/bin/letsencrypt.cron /etc/cron.weekly/letsencrypt # remove default cron job mv /etc/cron.d/certbot /tmp service cron status || service cron start # Start HAProxy haproxy -f $CFG_FILE