2019-08-09 13:12:58 +02:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
# ssl.sh - for acme.sh edition
|
|
|
|
|
|
|
|
|
|
# WARNING!
|
|
|
|
|
# Check file permissions very carefully so other users cannot access the
|
|
|
|
|
# certificate copies.
|
2019-08-09 16:32:40 +02:00
|
|
|
# Used with crontab as root, remember `@daily bash /root/acmesh-ssl.sh >/dev/null 2>&1`
|
|
|
|
|
|
2019-08-09 17:51:05 +02:00
|
|
|
# Echo a warning and exit if NOT running as root
|
2019-08-09 16:32:40 +02:00
|
|
|
if [ "$(id -u)" != "0" ]; then
|
|
|
|
|
echo "acme.sh prefers root, this script demands it." 1>&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2019-08-09 13:12:58 +02:00
|
|
|
|
2019-08-09 15:03:39 +02:00
|
|
|
# The domain the certs are mainly issued for
|
2019-08-09 13:25:42 +02:00
|
|
|
DOMAINNAME=relpda.mikaela.info
|
2019-08-09 16:32:40 +02:00
|
|
|
# Directories
|
|
|
|
|
SYNCPLAYDIR=/opt/syncplay/ssl
|
|
|
|
|
MUMBLEDIR=/var/lib/mumble-server/ssl
|
|
|
|
|
ZNCDIR=/home/znc/.znc/ssl
|
2019-09-13 14:48:03 +02:00
|
|
|
NGINXDIR=/etc/nginx/ssl
|
2019-08-09 15:03:39 +02:00
|
|
|
|
|
|
|
|
# Where is acme.sh + flags applying to them all
|
|
|
|
|
ACMESH="/root/.acme.sh/acme.sh --install-cert -d $DOMAINNAME"
|
2019-08-09 13:12:58 +02:00
|
|
|
|
2019-08-09 16:37:01 +02:00
|
|
|
# restarting with systemctl
|
|
|
|
|
SYSTEMCTLRESTART="systemctl restart --quiet"
|
2019-09-12 23:51:18 +02:00
|
|
|
SYSTEMCTLRELOAD="systemctl reload --quiet"
|
2019-08-09 16:37:01 +02:00
|
|
|
|
2019-08-09 16:32:40 +02:00
|
|
|
# Start by creating the directories if they don't exist
|
2019-09-13 15:33:00 +02:00
|
|
|
/bin/mkdir -p $SYNCPLAYDIR $MUMBLEDIR $ZNCDIR $NGINXDIR
|
2019-08-09 16:32:40 +02:00
|
|
|
|
2019-08-09 18:54:45 +02:00
|
|
|
# Syncplay - note: reloads certs on every connect like ZNC
|
2019-08-09 18:37:06 +02:00
|
|
|
$ACMESH --cert-file $SYNCPLAYDIR/cert.pem --key-file $SYNCPLAYDIR/privkey.pem --ca-file $SYNCPLAYDIR/chain.pem
|
2019-08-09 16:32:40 +02:00
|
|
|
chmod -R 700 $SYNCPLAYDIR
|
|
|
|
|
chown -R syncplay:root $SYNCPLAYDIR
|
2019-08-09 13:12:58 +02:00
|
|
|
|
|
|
|
|
# Mumble
|
2019-08-09 16:37:01 +02:00
|
|
|
$ACMESH --fullchain-file $MUMBLEDIR/fullchain.cer --key-file $MUMBLEDIR/$DOMAINNAME.key --reloadcmd "$SYSTEMCTLRESTART mumble-server"
|
2019-08-09 15:03:39 +02:00
|
|
|
# future on 1.3.0 +
|
2019-08-09 16:50:36 +02:00
|
|
|
# --reloadcmd "/usr/bin/pkill $(cat /var/run/mumble-server/mumble-server.pid) -USR1"
|
2019-08-09 16:32:40 +02:00
|
|
|
chmod -R 700 $MUMBLEDIR/
|
|
|
|
|
chown -R mumble-server:mumble-server $MUMBLEDIR/
|
2019-08-09 13:12:58 +02:00
|
|
|
|
2019-08-09 15:03:39 +02:00
|
|
|
# ZNC 1.7.0 (SSLCertFile & SSLKeyFile in znc.conf)
|
2019-08-09 16:32:40 +02:00
|
|
|
# znc.conf's SSLDHParamFile is created by `openssl dhparam 2048 > $ZNCDIRdh.pem`
|
|
|
|
|
$ACMESH --fullchain-file $ZNCDIR/fullchain.cer --key-file $ZNCDIR/$DOMAINNAME.key
|
|
|
|
|
chmod -R 700 $ZNCDIR
|
|
|
|
|
chown -R znc:znc $ZNCDIR
|
2019-08-16 16:42:27 +02:00
|
|
|
|
2019-09-13 14:48:03 +02:00
|
|
|
# nginx
|
|
|
|
|
$ACMESH --key-file $NGINXDIR/key.pem --fullchain-file $NGINXDIR/cert.pem --reloadcmd "$SYSTEMCTLRESTART nginx"
|
|
|
|
|
chmod -R 700 $NGINXDIR
|
|
|
|
|
chown -R root:root $NGINXDIR
|
