Skip to content
This repository has been archived by the owner on Jan 26, 2022. It is now read-only.

Commit

Permalink
Merge pull request #36 from niiknow/master
Browse files Browse the repository at this point in the history
Fix panel ssl.
  • Loading branch information
noogen authored Feb 14, 2018
2 parents 4204a19 + af941f6 commit 65d8435
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 11 deletions.
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ RUN \
&& tar -xof ngx-misc.tar.gz -C /usr/src/nginx/set-misc-nginx-module --strip-components=1 \
&& rm ngx-misc.tar.gz \

&& add-apt-repository -r 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.2/ubuntu xenial main' \
# && add-apt-repository -r 'deb [arch=amd64,i386] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.2/ubuntu xenial main' \

# add nginx repo
&& curl -s https://nginx.org/keys/nginx_signing.key | apt-key add - \
Expand Down Expand Up @@ -127,7 +127,7 @@ RUN \
&& sed -i -e "s/\"nginx apache2/\"apache2/g" /tmp/vst-install-ubuntu.sh \

# fix mariadb instead of mysql
# && sed -i -e "s/mysql\-/mariadb\-/g" /tmp/vst-install-ubuntu.sh \
&& sed -i -e "s/mysql\-/mariadb\-/g" /tmp/vst-install-ubuntu.sh \

# begin install vesta
&& bash /tmp/vst-install-ubuntu.sh \
Expand Down
71 changes: 62 additions & 9 deletions rootfs/sysprepz/admin/bin/vesta-auto-ssl.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,20 +4,19 @@
source /etc/container_environment.sh

VESTA_PATH='/usr/local/vesta'
hostname="$VESTA_DOMAIN"
domain="$VESTA_DOMAIN"
user='admin'
export PATH=$PATH:/usr/local/vesta/bin

# only run if hostname has a value
if [ -n "$hostname" ]; then
# only run if domain has a value
if [ -n "$domain" ]; then

# too often, user did not setup DNS host to IP correctly, so we should validate first
# issue is easier fix by the user than getting blocked by Letsencrypt server
#
# validate that the hostname matches the IP
# validate that the domain matches the IP

# get the ip
DOMAINIP=$( dig +short ${hostname} | grep -v "\.$" | head -n 1 )
DOMAINIP=$( dig +short ${domain} | grep -v "\.$" | head -n 1 )

# only run if the variable is empty
if [[ -z "$MYIP" ]]; then
Expand All @@ -26,7 +25,7 @@ if [ -n "$hostname" ]; then

# create the website under admin for Letsencrypt SSL
if [[ $DOMAINIP != $MYIP ]]; then
echo "[err] Domain '$hostname' IP '$DOMAINIP' does not match Host IP '$MYIP'"
echo "[err] Domain '$domain' IP '$DOMAINIP' does not match Host IP '$MYIP'"

# only error message to prevent error in app startup
exit 0
Expand All @@ -36,8 +35,62 @@ if [ -n "$hostname" ]; then
# since letsencrypt need to hit and validate
sleep 5

v-update-host-certificate $user $hostname
exit 0
cert_src="/home/${user}/conf/web/ssl.${domain}.pem"
key_src="/home/${user}/conf/web/ssl.${domain}.key"

cert_dst="/usr/local/vesta/ssl/certificate.crt"
key_dst="/usr/local/vesta/ssl/certificate.key"

if [ ! -f "/usr/local/vesta/data/users/$user/ssl/le.conf" ]; then
tldomain=`echo $domain | grep -oP '[^.]+\.+[^.]+$'`
echo "[i] Creating letsencrypt '$user' with email '$user@$tldomain'"

$VESTA_PATH/bin/v-add-letsencrypt-user "$user" "$user@$tldomain"
fi

if [ ! -d "/home/$user/web/$domain/" ]; then
echo "[i] Creating website '$domain' for '$user'"

$VESTA_PATH/bin/v-add-web-domain "$user" "$domain" '127.0.0.1' 'no' 'none' ''
fi

# if no letsencrypt cert, create one
if [ ! -f "$cert_src" ]; then
echo "[i] Creating cert for '$user' domain '$domain'"

$VESTA_PATH/bin/v-add-letsencrypt-domain "$user" "$domain" '' 'yes'

# wait for letsencrypt to complete
# a better check would be for the existence of $cert_src with x retries
sleep 5
fi

if [ ! -f "$cert_src" ]; then
echo "[err] cert not found '$cert_src'"

# only error message to prevent error in app startup
exit 0
fi

if ! cmp -s $cert_dst $cert_src
then
# backup the old cert
cp -fn $cert_dst "$cert_dst.bak"
cp -fn $key_dst "$key_dst.bak"

# link the new cert
ln -sf $cert_src $cert_dst
ln -sf $key_src $key_dst

# Change Permission
chown root:mail $cert_dst
chown root:mail $key_dst

# Let the user restart the service by themself
# service vesta restart &> /dev/null
# service exim4 restart &> /dev/null
echo "[i] Cert file successfullly swapped out. Please restart docker or vesta, apache2, nginx, and exim4."
fi
else
echo "[i] vesta-auto-ssl exit due to empty VESTA_DOMAIN variable"
fi

0 comments on commit 65d8435

Please sign in to comment.