added Let’s Encrypt via certbot

2024-11-22 15:20:09 +01:00 · 2021-10-25 01:16:02 +03:00 · 2021-10-25 01:16:02 +03:00 · 24f269191c
commit 24f269191c
parent 94a0d5a0a4
3 changed files with 46 additions and 11 deletions
--- a/src/certbot.ini
+++ b/src/certbot.ini
@ -0,0 +1,4 @@
+authenticator = standalone
+noninteractive = true
+agree-tos = true
+rsa-key-size = 2048
--- a/src/requirements.txt
+++ b/src/requirements.txt
@ -4,3 +4,4 @@ ifcfg
 icmplib
 flask-qrcode
 gunicorn
+certbot
--- a/src/wgd.sh
+++ b/src/wgd.sh
@ -3,6 +3,14 @@
 app_name="dashboard.py"
 app_official_name="WGDashboard"
 environment=$(if [[ $ENVIRONMENT ]]; then echo $ENVIRONMENT; else echo 'develop'; fi)
+if [[ $CONFIGURATION_PATH ]]; then
+  cb_work_dir=$CONFIGURATION_PATH/letsencrypt/work-dir
+  cb_config_dir=$CONFIGURATION_PATH/letsencrypt/config-dir
+else
+  cb_work_dir=/etc/letsencrypt
+  cb_config_dir=/var/lib/letsencrypt
+fi
+
 dashes='------------------------------------------------------------'
 equals='============================================================'
 help () {
@ -57,20 +65,42 @@ check_wgd_status(){
  fi
 }

+certbot_create_ssl () {
+  certbot certonly --config ./certbot.ini --email "$EMAIL" --work-dir $cb_work_dir --config-dir $cb_config_dir --domain "$SERVERURL"
+}
+
+certbot_renew_ssl () {
+  certbot renew --work-dir $cb_work_dir --config-dir $cb_config_dir
+}
+
 gunicorn_start () {
-    printf "%s\n" "$dashes"
-    printf "| Starting WGDashboard in the background.          |\n"
-    if [ ! -d "log" ]
-      then mkdir "log"
-    fi
-    d=$(date '+%Y%m%d%H%M%S')
-    if [[ $USER == root ]]; then
-      export PATH=$PATH:/usr/local/bin:$HOME/.local/bin
+  if [[ $SSL ]]; then
+    if [ ! -d $cb_config_dir ]; then
+      certbot_create_ssl
+    else
+      certbot_renew_ssl
    fi
+  fi
+  printf "%s\n" "$dashes"
+  printf "| Starting WGDashboard in the background.          |\n"
+  if [ ! -d "log" ]; then
+    mkdir "log"
+  fi
+  d=$(date '+%Y%m%d%H%M%S')
+  if [[ $USER == root ]]; then
+    export PATH=$PATH:/usr/local/bin:$HOME/.local/bin
+  fi
+  if [[ $SSL ]]; then
+    gunicorn --certfile $cb_config_dir/live/"$SERVERURL"/cert.pem \
+    --keyfile $cb_config_dir/live/"$SERVERURL"/privkey.pem \
+    --access-logfile log/access_"$d".log \
+    --error-logfile log/error_"$d".log 'dashboard:run_dashboard()'
+  else
    gunicorn --access-logfile log/access_"$d".log \
    --error-logfile log/error_"$d".log 'dashboard:run_dashboard()'
-    printf "| Log files is under log/                                  |\n"
-    printf "%s\n" "$dashes"
+  fi
+  printf "| Log files is under log/                                  |\n"
+  printf "%s\n" "$dashes"
 }

 gunicorn_stop () {