Compare commits
3 Commits
8c00ed86d5
...
principale
| Author | SHA1 | Date | |
|---|---|---|---|
| e47ac322ec | |||
| 033866ee64 | |||
| 89d5f3aca8 |
@@ -1,5 +1,12 @@
|
||||
#!/bin/sh
|
||||
|
||||
. ./myserver.conf
|
||||
|
||||
|
||||
check_ssl_folder()
|
||||
{
|
||||
[ -d "$FOLDER_CONF/ssl" ] || mkdir -p "$FOLDER_CONF/ssl"
|
||||
}
|
||||
|
||||
gen_nginx_acme_conf(){
|
||||
domain=$1
|
||||
@@ -26,12 +33,18 @@ EOF
|
||||
|
||||
}
|
||||
|
||||
|
||||
# Generate part of acme client for the domain
|
||||
gen_acme_client_conf(){
|
||||
domain=$1
|
||||
alt_domain=$2
|
||||
acme_conf_file="my_configuration/ssl/$domain-acme-client.conf"
|
||||
acme_conf_file="$FOLDER_CONF/ssl/acme-client-$1.conf"
|
||||
# If the file exist, do nothing
|
||||
[ ! -f $acme_conf_file ] || echo "Domain already configured !"; exit 1;
|
||||
if [ -f $acme_conf_file ]
|
||||
then
|
||||
echo "Domain already configured !";
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
if [ "$alt_domain" == "" ]; then
|
||||
cat >> $acme_conf_file <<EOF
|
||||
@@ -56,36 +69,39 @@ domain $domain {
|
||||
EOF
|
||||
fi
|
||||
|
||||
echo "on est passé dans gen_acme_client_conf "
|
||||
}
|
||||
|
||||
add_acme_domain_to_conf(){
|
||||
domain=$1
|
||||
egrep "domain $domain" -A5 /etc/acme-client.conf > /tmp/acme-client.conf
|
||||
domain="domain $1 {"
|
||||
acme_conf="$FOLDER_CONF/ssl/acme-client-$1.conf"
|
||||
sed "/$domain/,/}/d" /etc/acme-client.conf > /tmp/acme-client.conf
|
||||
cp -v /etc/acme-client.conf /etc/acme-client.conf.old
|
||||
cat $acme_conf >> /tmp/acme-client.conf
|
||||
cp -v /tmp/acme-client.conf /etc/acme-client.conf
|
||||
}
|
||||
|
||||
install_utils(){
|
||||
cp -v utils/renew_https_certificate /usr/local/bin/renew_https_certificate
|
||||
|
||||
[ -f /usr/local/bin/renew_https_certificate ] || cp -v utils/renew_https_certificate /usr/local/bin/renew_https_certificate
|
||||
chmod u+x /usr/local/bin/renew_https_certificate
|
||||
}
|
||||
|
||||
get_certificate()
|
||||
{
|
||||
domain=$1
|
||||
/usr/local/bin/renew_https_certificate $domain
|
||||
/usr/local/bin/renew_https_certificate "$domain"
|
||||
}
|
||||
|
||||
usage()
|
||||
{
|
||||
print "This program ask 3 arguments : \n"
|
||||
print "First is email with domain name the second is list of alternatives domains with \" \" \n"
|
||||
print "the last arguments is for share the ssl cert with xmpp daemon add xmpp at the end or not"
|
||||
print "This program ask 2 arguments : \n"
|
||||
print "First is domain name the second is list of alternatives domains with \" \" \n"
|
||||
print "\t $0 domain.tld \"a.domain.tld b.domain.tld c.domain.tld\""
|
||||
}
|
||||
|
||||
|
||||
if [ -z $1 ];
|
||||
if [ -z $1 ] || [ $1 == "-h" ] || [ $1 == "--help" ];
|
||||
then
|
||||
usage
|
||||
exit 3;
|
||||
@@ -94,4 +110,9 @@ fi
|
||||
domain=$1
|
||||
alt_domain=$2
|
||||
|
||||
gen_nginx_acme_conf $domain
|
||||
check_ssl_folder
|
||||
gen_acme_client_conf $domain $alt_domain
|
||||
gen_nginx_acme_conf $domain $alt_domain
|
||||
add_acme_domain_to_conf $domain
|
||||
install_utils
|
||||
get_certificate $domain
|
||||
|
||||
@@ -15,7 +15,8 @@ gen_mails_service_configuration()
|
||||
sed -i "s/__DOMAIN__/$DOMAIN/g" my_configuration/opensmtpd/smtpd.conf
|
||||
cp -v default_configuration/opensmtpd/spamd.conf.example my_configuration/opensmtpd/spamd.conf
|
||||
cp -v default_configuration/dovecot/dovecot.conf.example my_configuration/dovecot/dovecot.conf
|
||||
cp -v default_configuration/dovecot/local.conf.example my_configuration/dovecot/dovecot.conf
|
||||
cp -v default_configuration/dovecot/local.conf.example my_configuration/dovecot/local.conf
|
||||
sed -i "s/__DOMAIN__/$DOMAIN/g" my_configuration/dovecot/local.conf
|
||||
}
|
||||
|
||||
gen_dkim_keys()
|
||||
@@ -132,6 +133,6 @@ then
|
||||
gen_dkim_keys
|
||||
install_mails_services_configuration
|
||||
make_system_mails_services_requirements
|
||||
rcctl enable redis
|
||||
rcctl start redis
|
||||
rcctl enable rspamd redis
|
||||
rcctl start rspamd redis
|
||||
restart_mails_service
|
||||
|
||||
@@ -76,8 +76,8 @@ ssl_cipher_list = EECDH+AESGCM
|
||||
ssl_prefer_server_ciphers = yes
|
||||
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
|
||||
|
||||
ssl_cert = </etc/ssl/kitoy.me.crt
|
||||
ssl_key = </etc/ssl/private/kitoy.me.key
|
||||
ssl_cert = </etc/ssl/__DOMAIN__.crt
|
||||
ssl_key = </etc/ssl/private/__DOMAIN__.key
|
||||
|
||||
userdb {
|
||||
driver = static
|
||||
|
||||
@@ -2,10 +2,15 @@
|
||||
## Par défault le domain est le nom d'hote de la machine mais il est possible de le personnaliser
|
||||
## comme l'exemple ce-dessous
|
||||
# DOMAIN="example.com"
|
||||
|
||||
FOLDER_CONF="./my_configuration"
|
||||
DOMAIN=`hostname`
|
||||
SSL="manual"
|
||||
SERVICE_MAIL="yes"
|
||||
SERVICE_XMPP="yes"
|
||||
|
||||
|
||||
|
||||
xmpp_passphrase_for_filesuploads='Changez cette valeur'
|
||||
postresql_root_password='Changez cette valeur'
|
||||
# Laissez le port ssh par défault (22) est en général une mauvaise idée
|
||||
|
||||
Reference in New Issue
Block a user