Initial Clone

lets-encrypt/test-new-config.sh

@@ -0,0 +1,90 @@
+#!/bin/bash
+# shellcheck disable=2034,2059
+true
+# shellcheck source=lib.sh
+. <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh)
+
+# T&M Hansson IT AB © - 2019, https://www.hanssonit.se/
+
+# Check for errors + debug code and abort if something isn't right
+# 1 = ON
+# 0 = OFF
+DEBUG=0
+debug_mode
+
+# Activate the new config
+printf "${Color_Off}We will now test that everything is OK\n"
+any_key "Press any key to continue... "
+a2ensite "$1"
+a2dissite nextcloud_ssl_domain_self_signed.conf
+a2dissite nextcloud_http_domain_self_signed.conf
+a2dissite 000-default.conf
+if restart_webserver
+then
+msg_box "New settings works! SSL is now activated and OK!
+
+This cert will expire in 90 days if you don't renew it.
+There are several ways of renewing this cert and here are some tips and tricks:
+https://goo.gl/c1JHR0
+
+To do your job a little bit easier we have added a autorenew script as a cronjob.
+If you need to edit the crontab please type: crontab -u root -e
+If you need to edit the script itself, please check: $SCRIPTS/letsencryptrenew.sh
+
+Feel free to contribute to this project: https://goo.gl/3fQD65"
+    crontab -u root -l | { cat; echo "3 */12 * * * $SCRIPTS/letsencryptrenew.sh"; } | crontab -u root -
+
+FQDOMAIN=$(grep -m 1 "ServerName" "/etc/apache2/sites-enabled/$1" | awk '{print $2}')
+if [ "$(hostname)" != "$FQDOMAIN" ]
+then
+    print_text_in_color "$ICyan" "Setting hostname to $FQDOMAIN..."
+    sudo sh -c "echo 'ServerName $FQDOMAIN' >> /etc/apache2/apache2.conf"
+    sudo hostnamectl set-hostname "$FQDOMAIN"
+    # Change /etc/hosts as well
+    sed -i "s|127.0.1.1.*|127.0.1.1       $FQDOMAIN $(hostname -s)|g" /etc/hosts
+    # And in the php-fpm pool conf
+    sed -i "s|env\[HOSTNAME\] = .*|env[HOSTNAME] = $(hostname -f)|g" "$PHP_POOL_DIR"/nextcloud.conf
+fi
+
+# Set trusted domains
+run_static_script trusted
+
+add_crontab_le() {
+# shellcheck disable=SC2016
+DATE='$(date +%Y-%m-%d_%H:%M)'
+cat << CRONTAB > "$SCRIPTS/letsencryptrenew.sh"
+#!/bin/sh
+if ! certbot renew --quiet --no-self-upgrade > /var/log/letsencrypt/renew.log 2>&1 ; then
+        echo "Let's Encrypt FAILED!"--$DATE >> /var/log/letsencrypt/cronjob.log
+else
+        echo "Let's Encrypt SUCCESS!"--$DATE >> /var/log/letsencrypt/cronjob.log
+fi
+
+# Check if service is running
+if ! pgrep apache2 > /dev/null
+then
+    service apache2 start
+fi
+CRONTAB
+}
+add_crontab_le
+
+# Makeletsencryptrenew.sh executable
+chmod +x $SCRIPTS/letsencryptrenew.sh
+
+# Cleanup
+rm -f $SCRIPTS/test-new-config.sh
+rm -f $SCRIPTS/activate-ssl.sh
+rm -f /var/www/index.php
+
+else
+# If it fails, revert changes back to normal
+    a2dissite "$1"
+    a2ensite nextcloud_ssl_domain_self_signed.conf
+    a2ensite nextcloud_http_domain_self_signed.conf
+    a2ensite 000-default.conf
+    restart_webserver
+    printf "${ICyan}Couldn't load new config, reverted to old settings. Self-signed SSL is OK!${Color_Off}\n"
+    any_key "Press any key to continue... "
+    exit 1
+fi