EDUCATIC
/
digitaldemocratic
mirror of https://gitlab.com/digitaldemocratic/digitaldemocratic
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

remove cerbot service

GON-3874-DD-moodle
Manuel Caballero 2022-10-25 13:58:30 +02:00 committed by Evilham
parent b10178f0f7
commit 1375f4c102
No known key found for this signature in database
GPG Key ID: AE3EE30D970886BF
5 changed files with 0 additions and 189 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
dd-sso/docker/certbot/auto-generate-certs.sh
View File

@ -1,50 +0,0 @@
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
cd /certs
# Self signed cert generic data
C=CA
L=Barcelona
O=localdomain
CN_CA=$O
CN_HOST=*.$O
OU=$O
echo '#### Creating 2048-bit RSA key:'
openssl genrsa -out ca-key.pem 2048
echo '#### Using the key to create a self-signed certificate to your CA:'
openssl req -new -x509 -days 9999 -key ca-key.pem -out ca-cert.pem -sha256 \
-subj "/C=$C/L=$L/O=$O/CN=$CN_CA"
echo '#### Creating server certificate:'
openssl genrsa -out server-key.pem 2048
echo '#### Creating a certificate signing request for the server:'
openssl req -new -key server-key.pem -sha256 -out server-key.csr \
-subj "/CN=$CN_HOST"
echo '#### Creating server certificate:'
RND=$(( ( RANDOM % 1000 ) + 1 ))
openssl x509 -req -days 9999 -in server-key.csr -CA ca-cert.pem -CAkey ca-key.pem \
-set_serial $RND -sha256 -out server-cert.pem
echo '#### Concatenate certs for haprox'
cat server-cert.pem server-key.pem > chain.pem

45
dd-sso/docker/certbot/docker-entrypoint.sh
View File

@ -1,45 +0,0 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
# Copyright © 2022 Evilham <contact@evilham.com>
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
set -e
ln -sf /usr/local/etc/haproxy/${HAPROXY_CFG:-haproxy.normal.cfg} /usr/local/etc/haproxy/haproxy.cfg
LETSENCRYPT_DOMAIN="$DOMAIN" letsencrypt.sh
if [ ! -e "/certs/chain.pem" ]; then
auto-generate-certs.sh
fi
# first arg is `-f` or `--some-option`
if [ "${1#-}" != "$1" ]; then
set -- haproxy "$@"
fi
if [ "$1" = 'haproxy' ]; then
shift # "haproxy"
# if the user wants "haproxy", let's add a couple useful flags
# -W -- "master-worker mode" (similar to the old "haproxy-systemd-wrapper"; allows for reload via "SIGUSR2")
# -db -- disables background mode
set -- haproxy -W -db "$@"
fi
exec "$@"

23
dd-sso/docker/certbot/letsencrypt-hook-deploy-concatenante.sh
View File

@ -1,23 +0,0 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
cat $RENEWED_LINEAGE/fullchain.pem $RENEWED_LINEAGE/privkey.pem > /certs/chain.pem
kill -SIGUSR2 1

21
dd-sso/docker/certbot/letsencrypt-renew-cron.sh
View File

@ -1,21 +0,0 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
certbot renew --http-01-port 8080 --cert-name sso.$LETSENCRYPT_DOMAIN

50
dd-sso/docker/certbot/letsencrypt.sh
View File

@ -1,50 +0,0 @@
#!/bin/sh
#
# Copyright © 2021,2022 IsardVDI S.L.
#
# This file is part of DD
#
# DD is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at your
# option) any later version.
#
# DD is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License
# along with DD. If not, see <https://www.gnu.org/licenses/>.
#
# SPDX-License-Identifier: AGPL-3.0-or-later
if [ ! -L /etc/letsencrypt/renewal-hooks/deploy/letsencrypt-hook-deploy-concatenante.sh ]
then
mkdir -p /etc/letsencrypt/renewal-hooks/deploy/
ln -s /usr/local/sbin/letsencrypt-hook-deploy-concatenante.sh /etc/letsencrypt/renewal-hooks/deploy/
fi
if [ -n "$LETSENCRYPT_DOMAIN" -a -n "$LETSENCRYPT_EMAIL" ]
then
LETSENCRYPT_DOMAIN="$LETSENCRYPT_DOMAIN" crond
if [ "$LETSENCRYPT_DOMAIN_ROOT" == "true" ]
then
option_root_domain="-d $LETSENCRYPT_DOMAIN"
fi
if [ ! -f /certs/chain.pem ]
then
if certbot certonly --standalone -m "$LETSENCRYPT_EMAIL" -n --agree-tos \
-d "sso.$LETSENCRYPT_DOMAIN" \
-d "api.$LETSENCRYPT_DOMAIN" \
-d "admin.$LETSENCRYPT_DOMAIN" \
-d "moodle.$LETSENCRYPT_DOMAIN" \
-d "nextcloud.$LETSENCRYPT_DOMAIN" \
-d "wp.$LETSENCRYPT_DOMAIN" \
-d "oof.$LETSENCRYPT_DOMAIN" \
-d "pad.$LETSENCRYPT_DOMAIN" \
$option_root_domain
then
RENEWED_LINEAGE="/etc/letsencrypt/live/sso.$LETSENCRYPT_DOMAIN" /etc/letsencrypt/renewal-hooks/deploy/letsencrypt-hook-deploy-concatenante.sh
fi
fi
fi