remove lets encrypt dependency
This commit is contained in:
sadnub
parent
892520b463
commit
0524f6bc0b
60
install.sh
60
install.sh
|
|
@ -129,24 +129,46 @@ fi
|
|||
echo -ne "${YELLOW}Create a username for meshcentral${NC}: "
|
||||
read meshusername
|
||||
|
||||
while [[ $letsemail != *[@]*[.]* ]]
|
||||
do
|
||||
echo -ne "${YELLOW}Enter a valid email address for let's encrypt renewal notifications and meshcentral${NC}: "
|
||||
read letsemail
|
||||
done
|
||||
|
||||
print_green 'Getting wildcard cert'
|
||||
|
||||
sudo apt install -y software-properties-common
|
||||
sudo apt update
|
||||
sudo apt install -y certbot
|
||||
sudo apt install -y certbot openssl
|
||||
|
||||
sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m ${letsemail} --no-eff-email
|
||||
while [[ $? -ne 0 ]]
|
||||
do
|
||||
sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m ${letsemail} --no-eff-email
|
||||
until [[ $LETS_ENCRYPT =~ (y|n) ]]; do
|
||||
echo -ne "${YELLOW}Do you want to generate a Let's Encrypt certificate?[y,n]${NC}: "
|
||||
read LETS_ENCRYPT
|
||||
done
|
||||
|
||||
if [[ $LETS_ENCRYPT == "y" ]]; then
|
||||
|
||||
while [[ $letsemail != *[@]*[.]* ]]
|
||||
do
|
||||
echo -ne "${YELLOW}Enter a valid email address for let's encrypt renewal notifications and meshcentral${NC}: "
|
||||
read letsemail
|
||||
done
|
||||
|
||||
print_green 'Getting wildcard cert'
|
||||
|
||||
sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m ${letsemail} --no-eff-email
|
||||
while [[ $? -ne 0 ]]
|
||||
do
|
||||
sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m ${letsemail} --no-eff-email
|
||||
done
|
||||
|
||||
CERT_PRIV_KEY=/etc/letsencrypt/live/${rootdomain}/privkey.pem
|
||||
CERT_PUB_KEY=/etc/letsencrypt/live/${rootdomain}/fullchainkey.pem
|
||||
|
||||
else
|
||||
echo -ne "\n${GREEN}We will generate a self-signed certificate for you.${NC}\n"
|
||||
echo "\n${GREEN}You can replace this certificate later by generating the certificates and editting the nginx configuration\n"
|
||||
sudo mkdir /certs
|
||||
sudo mkdir /certs/${rootdomain}
|
||||
sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out /certs/${rootdomain}/pubkey.pem -keyout /certs/${rootdomain}/privkey.pem -subj "/C=US/ST=Some-State/L=city/O=Internet Widgits Pty Ltd/CN=*.${rootdomain}"
|
||||
|
||||
CERT_PRIV_KEY=/certs/${rootdomain}/privkey.pem
|
||||
CERT_PUB_KEY=/certs/${rootdomain}/pubkey.pem
|
||||
|
||||
fi
|
||||
|
||||
print_green 'Creating saltapi user'
|
||||
|
||||
sudo adduser --no-create-home --disabled-password --gecos "" saltapi
|
||||
|
|
@ -410,8 +432,8 @@ server {
|
|||
client_max_body_size 300M;
|
||||
access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log;
|
||||
error_log /rmm/api/tacticalrmm/tacticalrmm/private/log/error.log;
|
||||
ssl_certificate /etc/letsencrypt/live/${rootdomain}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/${rootdomain}/privkey.pem;
|
||||
ssl_certificate ${CERT_PUB_KEY};
|
||||
ssl_certificate_key ${CERT_PRIV_KEY};
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
|
||||
|
||||
location /static/ {
|
||||
|
|
@ -469,8 +491,8 @@ server {
|
|||
proxy_send_timeout 330s;
|
||||
proxy_read_timeout 330s;
|
||||
server_name ${meshdomain};
|
||||
ssl_certificate /etc/letsencrypt/live/${rootdomain}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/${rootdomain}/privkey.pem;
|
||||
ssl_certificate ${CERT_PUB_KEY};
|
||||
ssl_certificate_key ${CERT_PRIV_KEY};
|
||||
ssl_session_cache shared:WEBSSL:10m;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
|
@ -716,8 +738,8 @@ server {
|
|||
access_log /var/log/nginx/frontend-access.log;
|
||||
|
||||
listen 443 ssl;
|
||||
ssl_certificate /etc/letsencrypt/live/${rootdomain}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/${rootdomain}/privkey.pem;
|
||||
ssl_certificate ${CERT_PUB_KEY};
|
||||
ssl_certificate_key ${CERT_PRIV_KEY};
|
||||
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue