-
Notifications
You must be signed in to change notification settings - Fork 1.3k
/
10-config
94 lines (83 loc) · 3.43 KB
/
10-config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/usr/bin/with-contenv bash
# make our folders
mkdir -p \
/config/{nginx/site-confs,keys} \
/run \
/var/lib/nginx/tmp/client_body \
/var/tmp/nginx
# generate keys (maybe)
if [[ $DISABLE_HTTPS -ne 1 ]]; then
if [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then
mkdir -p /config/acme.sh
pushd /opt
sh ./acme.sh --install --home /config/acme.sh --accountemail $LETSENCRYPT_EMAIL
popd
STAGING=""
if [[ $LETSENCRYPT_USE_STAGING -eq 1 ]]; then
STAGING="--staging"
fi
export LE_WORKING_DIR="/config/acme.sh"
# TODO: move away from standalone mode to webroot mode.
/config/acme.sh/acme.sh \
$STAGING \
--issue \
--standalone \
--pre-hook "if [[ -d /var/run/s6/services/nginx ]]; then s6-svc -d /var/run/s6/services/nginx; fi" \
--post-hook "if [[ -d /var/run/s6/services/nginx ]]; then s6-svc -u /var/run/s6/services/nginx; fi" \
-d $LETSENCRYPT_DOMAIN
rc=$?
if [[ $rc -eq 1 ]]; then
echo "Failed to obtain a certificate from the Let's Encrypt CA."
# this tries to get the user's attention and to spare the
# authority's rate limit:
sleep 15
echo "Exiting."
exit 1
fi
if [[ $rc -eq 0 ]]; then
mkdir -p /config/acme-certs/$LETSENCRYPT_DOMAIN
if ! /config/acme.sh/acme.sh \
--install-cert -d $LETSENCRYPT_DOMAIN \
--key-file /config/acme-certs/$LETSENCRYPT_DOMAIN/key.pem \
--fullchain-file /config/acme-certs/$LETSENCRYPT_DOMAIN/fullchain.pem ; then
echo "Failed to install certificate."
# this tries to get the user's attention and to spare the
# authority's rate limit:
sleep 15
echo "Exiting."
exit 1
fi
fi
else
# use self-signed certs
if [[ -f /config/keys/cert.key && -f /config/keys/cert.crt ]]; then
echo "using keys found in /config/keys"
else
echo "generating self-signed keys in /config/keys, you can replace these with your own keys if required"
SUBJECT="/C=US/ST=TX/L=Austin/O=jitsi.org/OU=Jitsi Server/CN=*"
openssl req -new -x509 -days 3650 -nodes -out /config/keys/cert.crt -keyout /config/keys/cert.key -subj "$SUBJECT"
fi
fi
fi
# Detect nameserver for Nginx, if not specified.
if [[ -z "$NGINX_RESOLVER" ]]; then
export NGINX_RESOLVER=$(grep nameserver /etc/resolv.conf | cut -d" " -f2 | tr "\n" " " | sed -e "s/[[:space:]]*$//")
fi
echo "Using Nginx resolver: =$NGINX_RESOLVER="
# copy config files
tpl /defaults/nginx.conf > /config/nginx/nginx.conf
tpl /defaults/meet.conf > /config/nginx/meet.conf
if [[ -f /config/nginx/custom-meet.conf ]]; then
cat /config/nginx/custom-meet.conf >> /config/nginx/meet.conf
fi
tpl /defaults/ssl.conf > /config/nginx/ssl.conf
tpl /defaults/default > /config/nginx/site-confs/default
tpl /defaults/system-config.js > /config/config.js
tpl /defaults/settings-config.js >> /config/config.js
if [[ -f /config/custom-config.js ]]; then
cat /config/custom-config.js >> /config/config.js
fi
cp /defaults/interface_config.js /config/interface_config.js
if [[ -f /config/custom-interface_config.js ]]; then
cat /config/custom-interface_config.js >> /config/interface_config.js
fi