mirror of
https://gitea.blesmrt.net/mikaela/scripts.git
synced 2025-02-02 07:44:04 +01:00
parent
91b53784da
commit
b93ca3c0fa
34
bash/acmesh-ssl.sh
Normal file → Executable file
34
bash/acmesh-ssl.sh
Normal file → Executable file
@ -5,28 +5,40 @@
|
|||||||
# WARNING!
|
# WARNING!
|
||||||
# Check file permissions very carefully so other users cannot access the
|
# Check file permissions very carefully so other users cannot access the
|
||||||
# certificate copies.
|
# certificate copies.
|
||||||
# Used with crontab.
|
# Used with crontab as root, remember `@daily bash /root/acmesh-ssl.sh >/dev/null 2>&1`
|
||||||
|
|
||||||
|
if [ "$(id -u)" != "0" ]; then
|
||||||
|
echo "acme.sh prefers root, this script demands it." 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
# The domain the certs are mainly issued for
|
# The domain the certs are mainly issued for
|
||||||
DOMAINNAME=relpda.mikaela.info
|
DOMAINNAME=relpda.mikaela.info
|
||||||
|
# Directories
|
||||||
|
SYNCPLAYDIR=/opt/syncplay/ssl
|
||||||
|
MUMBLEDIR=/var/lib/mumble-server/ssl
|
||||||
|
ZNCDIR=/home/znc/.znc/ssl
|
||||||
|
|
||||||
# Where is acme.sh + flags applying to them all
|
# Where is acme.sh + flags applying to them all
|
||||||
ACMESH="/root/.acme.sh/acme.sh --install-cert -d $DOMAINNAME"
|
ACMESH="/root/.acme.sh/acme.sh --install-cert -d $DOMAINNAME"
|
||||||
|
|
||||||
|
# Start by creating the directories if they don't exist
|
||||||
|
/bin/mkdir -p $SYNCPLAYDIR $MUMBLEDIR $ZNCDIR
|
||||||
|
|
||||||
# Syncplay - TODO https://github.com/Syncplay/syncplay/issues/250
|
# Syncplay - TODO https://github.com/Syncplay/syncplay/issues/250
|
||||||
$ACMESH --cert-file /opt/syncplay/ssl/cert.pem --key-file /opt/syncplay/ssl/privkey.pem --fullchain-file /opt/syncplay/ssl/chain.pem --reloadcmd "systemctl restart syncplay-server --quiet"
|
$ACMESH --cert-file $SYNCPLAYDIR/cert.pem --key-file $SYNCPLAYDIR/privkey.pem --fullchain-file $SYNCPLAYDIR/chain.pem --reloadcmd "systemctl restart syncplay-server --quiet"
|
||||||
chmod -R 700 /opt/syncplay/ssl
|
chmod -R 700 $SYNCPLAYDIR
|
||||||
chown -R syncplay:root /opt/syncplay/ssl
|
chown -R syncplay:root $SYNCPLAYDIR
|
||||||
|
|
||||||
# Mumble
|
# Mumble
|
||||||
$ACMESH --fullchain-file /var/lib/mumble-server/ssl/fullchain.cer --key-file /var/lib/mumble-server/ssl/$DOMAINNAME.key --reloadcmd "systemctl restart mumble-server --quiet"
|
$ACMESH --fullchain-file $MUMBLEDIR/fullchain.cer --key-file $MUMBLEDIR/$DOMAINNAME.key --reloadcmd "systemctl restart mumble-server --quiet"
|
||||||
# future on 1.3.0 +
|
# future on 1.3.0 +
|
||||||
# --reloadcmd "pkill $(cat /var/run/mumble-server/mumble-server.pid) -USR1"
|
# --reloadcmd "pkill $(cat /var/run/mumble-server/mumble-server.pid) -USR1"
|
||||||
chmod -R 700 /var/lib/mumble-server/ssl/
|
chmod -R 700 $MUMBLEDIR/
|
||||||
chown -R mumble-server:mumble-server /var/lib/mumble-server/ssl/
|
chown -R mumble-server:mumble-server $MUMBLEDIR/
|
||||||
|
|
||||||
# ZNC 1.7.0 (SSLCertFile & SSLKeyFile in znc.conf)
|
# ZNC 1.7.0 (SSLCertFile & SSLKeyFile in znc.conf)
|
||||||
# znc.conf's SSLDHParamFile is created by `openssl dhparam 2048 > /home/znc/.znc/ssl/dh.pem`
|
# znc.conf's SSLDHParamFile is created by `openssl dhparam 2048 > $ZNCDIRdh.pem`
|
||||||
$ACMESH --fullchain-file /home/znc/.znc/ssl/fullchain.cer --key-file /home/znc/.znc/ssl/$DOMAINNAME.key
|
$ACMESH --fullchain-file $ZNCDIR/fullchain.cer --key-file $ZNCDIR/$DOMAINNAME.key
|
||||||
chmod -R 700 /home/znc/.znc/ssl/
|
chmod -R 700 $ZNCDIR
|
||||||
chown -R znc:znc /home/znc/.znc/ssl/
|
chown -R znc:znc $ZNCDIR
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user