add docker for server demo
This commit is contained in:
arifal
123
docker/nginx/ssl-setup.sh
Normal file
123
docker/nginx/ssl-setup.sh
Normal file
@@ -0,0 +1,123 @@
|
||||
#!/bin/bash
|
||||
|
||||
# SSL Setup Script for Sibedas PBG Web
|
||||
# This script handles SSL certificate generation and renewal
|
||||
|
||||
set -e
|
||||
|
||||
DOMAIN="${DOMAIN:-sibedas.yourdomain.com}"
|
||||
EMAIL="${EMAIL:-admin@yourdomain.com}"
|
||||
SSL_DIR="/etc/nginx/ssl"
|
||||
CERT_FILE="$SSL_DIR/sibedas.crt"
|
||||
KEY_FILE="$SSL_DIR/sibedas.key"
|
||||
|
||||
# Function to generate self-signed certificate
|
||||
generate_self_signed() {
|
||||
echo "Generating self-signed SSL certificate for $DOMAIN..."
|
||||
|
||||
# Create SSL directory if it doesn't exist
|
||||
mkdir -p "$SSL_DIR"
|
||||
|
||||
# Generate self-signed certificate
|
||||
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
|
||||
-keyout "$KEY_FILE" \
|
||||
-out "$CERT_FILE" \
|
||||
-subj "/C=ID/ST=Jakarta/L=Jakarta/O=Sibedas/OU=IT/CN=$DOMAIN/emailAddress=$EMAIL"
|
||||
|
||||
echo "Self-signed certificate generated successfully!"
|
||||
}
|
||||
|
||||
# Function to setup Let's Encrypt certificate
|
||||
setup_letsencrypt() {
|
||||
echo "Setting up Let's Encrypt certificate for $DOMAIN..."
|
||||
|
||||
# Check if certbot is available
|
||||
if ! command -v certbot &> /dev/null; then
|
||||
echo "Certbot not found. Installing..."
|
||||
apk add --no-cache certbot certbot-nginx
|
||||
fi
|
||||
|
||||
# Stop nginx temporarily
|
||||
nginx -s stop || true
|
||||
|
||||
# Get certificate
|
||||
certbot certonly --standalone \
|
||||
--email "$EMAIL" \
|
||||
--agree-tos \
|
||||
--no-eff-email \
|
||||
-d "$DOMAIN"
|
||||
|
||||
# Copy certificates to nginx ssl directory
|
||||
cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem "$CERT_FILE"
|
||||
cp /etc/letsencrypt/live/$DOMAIN/privkey.pem "$KEY_FILE"
|
||||
|
||||
# Set proper permissions
|
||||
chmod 644 "$CERT_FILE"
|
||||
chmod 600 "$KEY_FILE"
|
||||
|
||||
# Start nginx
|
||||
nginx
|
||||
|
||||
echo "Let's Encrypt certificate setup completed!"
|
||||
}
|
||||
|
||||
# Function to renew Let's Encrypt certificate
|
||||
renew_certificate() {
|
||||
echo "Renewing Let's Encrypt certificate..."
|
||||
|
||||
certbot renew --quiet
|
||||
|
||||
# Copy renewed certificates
|
||||
cp /etc/letsencrypt/live/$DOMAIN/fullchain.pem "$CERT_FILE"
|
||||
cp /etc/letsencrypt/live/$DOMAIN/privkey.pem "$KEY_FILE"
|
||||
|
||||
# Reload nginx
|
||||
nginx -s reload
|
||||
|
||||
echo "Certificate renewal completed!"
|
||||
}
|
||||
|
||||
# Function to check certificate validity
|
||||
check_certificate() {
|
||||
if [ -f "$CERT_FILE" ] && [ -f "$KEY_FILE" ]; then
|
||||
echo "Certificate files exist."
|
||||
echo "Certificate details:"
|
||||
openssl x509 -in "$CERT_FILE" -text -noout | grep -E "(Subject:|Not Before|Not After)"
|
||||
return 0
|
||||
else
|
||||
echo "Certificate files not found."
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
# Main script logic
|
||||
case "${1:-setup}" in
|
||||
"setup")
|
||||
if [ "$SSL_TYPE" = "letsencrypt" ]; then
|
||||
setup_letsencrypt
|
||||
else
|
||||
generate_self_signed
|
||||
fi
|
||||
;;
|
||||
"renew")
|
||||
renew_certificate
|
||||
;;
|
||||
"check")
|
||||
check_certificate
|
||||
;;
|
||||
"self-signed")
|
||||
generate_self_signed
|
||||
;;
|
||||
"letsencrypt")
|
||||
setup_letsencrypt
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 {setup|renew|check|self-signed|letsencrypt}"
|
||||
echo ""
|
||||
echo "Environment variables:"
|
||||
echo " DOMAIN: Domain name (default: sibedas.yourdomain.com)"
|
||||
echo " EMAIL: Email address for Let's Encrypt (default: admin@yourdomain.com)"
|
||||
echo " SSL_TYPE: Type of SSL (letsencrypt or self-signed, default: self-signed)"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
Reference in New Issue
Block a user