From 24f269191c39f1a64fec25ee6987f94776625f76 Mon Sep 17 00:00:00 2001
From: Galonza Peter <p.galonza@evaron.ru>
Date: Mon, 25 Oct 2021 01:16:02 +0300
Subject: [PATCH] =?UTF-8?q?added=20Let=E2=80=99s=20Encrypt=20via=20certbot?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/certbot.ini      |  4 ++++
 src/requirements.txt |  3 ++-
 src/wgd.sh           | 50 +++++++++++++++++++++++++++++++++++---------
 3 files changed, 46 insertions(+), 11 deletions(-)
 create mode 100644 src/certbot.ini

diff --git a/src/certbot.ini b/src/certbot.ini
new file mode 100644
index 0000000..cf9b7a2
--- /dev/null
+++ b/src/certbot.ini
@@ -0,0 +1,4 @@
+authenticator = standalone
+noninteractive = true
+agree-tos = true
+rsa-key-size = 2048
\ No newline at end of file
diff --git a/src/requirements.txt b/src/requirements.txt
index 73bb8e4..ff0b156 100644
--- a/src/requirements.txt
+++ b/src/requirements.txt
@@ -3,4 +3,5 @@ tinydb
 ifcfg
 icmplib
 flask-qrcode
-gunicorn
\ No newline at end of file
+gunicorn
+certbot
\ No newline at end of file
diff --git a/src/wgd.sh b/src/wgd.sh
index 0e70579..39442c2 100755
--- a/src/wgd.sh
+++ b/src/wgd.sh
@@ -3,6 +3,14 @@
 app_name="dashboard.py"
 app_official_name="WGDashboard"
 environment=$(if [[ $ENVIRONMENT ]]; then echo $ENVIRONMENT; else echo 'develop'; fi)
+if [[ $CONFIGURATION_PATH ]]; then
+  cb_work_dir=$CONFIGURATION_PATH/letsencrypt/work-dir
+  cb_config_dir=$CONFIGURATION_PATH/letsencrypt/config-dir
+else
+  cb_work_dir=/etc/letsencrypt
+  cb_config_dir=/var/lib/letsencrypt
+fi
+
 dashes='------------------------------------------------------------'
 equals='============================================================'
 help () {
@@ -57,20 +65,42 @@ check_wgd_status(){
   fi
 }
 
+certbot_create_ssl () {
+  certbot certonly --config ./certbot.ini --email "$EMAIL" --work-dir $cb_work_dir --config-dir $cb_config_dir --domain "$SERVERURL"
+}
+
+certbot_renew_ssl () {
+  certbot renew --work-dir $cb_work_dir --config-dir $cb_config_dir
+}
+
 gunicorn_start () {
-    printf "%s\n" "$dashes"
-    printf "| Starting WGDashboard in the background.          |\n"
-    if [ ! -d "log" ]
-      then mkdir "log"
-    fi
-    d=$(date '+%Y%m%d%H%M%S')
-    if [[ $USER == root ]]; then
-      export PATH=$PATH:/usr/local/bin:$HOME/.local/bin
+  if [[ $SSL ]]; then
+    if [ ! -d $cb_config_dir ]; then
+      certbot_create_ssl
+    else
+      certbot_renew_ssl
     fi
+  fi
+  printf "%s\n" "$dashes"
+  printf "| Starting WGDashboard in the background.          |\n"
+  if [ ! -d "log" ]; then
+    mkdir "log"
+  fi
+  d=$(date '+%Y%m%d%H%M%S')
+  if [[ $USER == root ]]; then
+    export PATH=$PATH:/usr/local/bin:$HOME/.local/bin
+  fi
+  if [[ $SSL ]]; then
+    gunicorn --certfile $cb_config_dir/live/"$SERVERURL"/cert.pem \
+    --keyfile $cb_config_dir/live/"$SERVERURL"/privkey.pem \
+    --access-logfile log/access_"$d".log \
+    --error-logfile log/error_"$d".log 'dashboard:run_dashboard()'
+  else
     gunicorn --access-logfile log/access_"$d".log \
     --error-logfile log/error_"$d".log 'dashboard:run_dashboard()'
-    printf "| Log files is under log/                                  |\n"
-    printf "%s\n" "$dashes"
+  fi
+  printf "| Log files is under log/                                  |\n"
+  printf "%s\n" "$dashes"
 }
 
 gunicorn_stop () {