various bug fixes related to HTTPS

entrypoint/entrypoint.sh

@@ -15,8 +15,7 @@ trap "trap_exit" TERM INT QUIT
 # trap SIGHUP
 function trap_reload() {
 	echo "[*] Catched reload operation"
-	if [ "$MULTISITE" = "yes" ] && [ "$SWARM_MODE" != "yes" ] ; then
-		/opt/entrypoint/certbot.sh
+	if [ "$SWARM_MODE" != "yes" ] ; then
 		/opt/entrypoint/jobs.sh
 	fi
 	if [ -f /tmp/nginx.pid ] ; then
@@ -59,11 +58,8 @@ if [ ! -f "/etc/nginx/global.env" ] ; then
 		# call the generator
 		/opt/gen/main.py --settings /opt/settings.json --templates /opt/confs --output /etc/nginx --variables /tmp/variables.env
 
-		# background jobs
+		# external jobs
 		/opt/entrypoint/jobs.sh
-
-		# certbot
-		/opt/entrypoint/certbot.sh
 	fi
 else
 	echo "[*] Skipping configuration process"

entrypoint/jobs.sh

@@ -68,3 +68,50 @@ if [ "$(has_value BLOCK_ABUSERS yes)" != "" ] ; then
 		/opt/scripts/abusers.sh > /dev/null 2>&1 &
 	fi
 fi
+
+# self signed certs for sites
+files=$(has_value GENERATE_SELF_SIGNED_SSL yes)
+if [ "$files" != " " ] ; then
+	for file in $files ; do
+		site=$(echo $file | cut -f 4 -d '/')
+		dest="/etc/nginx/"
+		if [ "$site" != "site.env" ] ; then
+			dest="${dest}/${site}/"
+		fi
+		SELF_SIGNED_SSL_EXPIRY="$(sed -nE 's/^SELF_SIGNED_SSL_EXPIRY=(.*)$/\1/p' $file)"
+		SELF_SIGNED_SSL_COUNTRY="$(sed -nE 's/^SELF_SIGNED_SSL_COUNTRY=(.*)$/\1/p' $file)"
+		SELF_SIGNED_SSL_STATE="$(sed -nE 's/^SELF_SIGNED_SSL_STATE=(.*)$/\1/p' $file)"
+		SELF_SIGNED_SSL_CITY="$(sed -nE 's/^SELF_SIGNED_SSL_CITY=(.*)$/\1/p' $file)"
+		SELF_SIGNED_SSL_ORG="$(sed -nE 's/^SELF_SIGNED_SSL_ORG=(.*)$/\1/p' $file)"
+		SELF_SIGNED_SSL_OU="$(sed -nE 's/^SELF_SIGNED_SSL_OU=(.*)$/\1/p' $file)"
+		SELF_SIGNED_SSL_CN="$(sed -nE 's/^SELF_SIGNED_SSL_CN=(.*)$/\1/p' $file)"
+		openssl req -nodes -x509 -newkey rsa:4096 -keyout ${dest}self-key.pem -out ${dest}self-cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN"
+	done
+fi
+
+# self signed cert for default server
+if [ "$(has_value AUTO_LETS_ENCRYPT yes)" != "" ] || [ "$(has_value GENERATE_SELF_SIGNED_SSL yes)" != "" ] || [ "$(has_value USE_CUSTOM_HTTPS yes)" != "" ] ; then
+	SELF_SIGNED_SSL_EXPIRY="999"
+	SELF_SIGNED_SSL_COUNTRY="US"
+	SELF_SIGNED_SSL_STATE="Utah"
+	SELF_SIGNED_SSL_CITY="Lehi"
+	SELF_SIGNED_SSL_ORG="Your Company, Inc."
+	SELF_SIGNED_SSL_OU="IT"
+	SELF_SIGNED_SSL_CN="www.yourdomain.com"
+	openssl req -nodes -x509 -newkey rsa:4096 -keyout /etc/nginx/default-key.pem -out /etc/nginx/default-cert.pem -days $SELF_SIGNED_SSL_EXPIRY -subj "/C=$SELF_SIGNED_SSL_COUNTRY/ST=$SELF_SIGNED_SSL_STATE/L=$SELF_SIGNED_SSL_CITY/O=$SELF_SIGNED_SSL_ORG/OU=$SELF_SIGNED_SSL_OU/CN=$SELF_SIGNED_SSL_CN"
+fi
+
+# certbot
+files=$(has_value AUTO_LETS_ENCRYPT yes)
+if [ "$files" != " " ] ; then
+	for file in $files ; do
+		SERVER_NAME="$(sed -nE 's/^SERVER_NAME=(.*)$/\1/p' $file)"
+		FIRST_SERVER="$(echo $SERVER_NAME | cut -d ' ' -f 1)"
+		EMAIL_LETS_ENCRYPT="$(sed -nE 's/^EMAIL_LETS_ENCRYPT=(.*)$/\1/p' $file)"
+		if [ "$EMAIL_LETS_ENCRYPT" = "" ] ; then
+			EMAIL_LETS_ENCRYPT="contact@${FIRST_SERVER}"
+		fi
+		/opt/scripts/certbot-new.sh "$(echo -n $SERVER_NAME | sed 's/ /,/g')" "$EMAIL_LETS_ENCRYPT"
+
+	done
+fi

entrypoint/utils.sh

@@ -27,7 +27,7 @@ function has_value() {
 	envs=$(find /etc/nginx -name "*.env")
 	for file in $envs ; do
 		if [ "$(grep "^${1}=${2}$" $file)" != "" ] ; then
-			echo "ok"
+			echo "$file"
 			return 0
 		fi
 	done
@@ -38,4 +38,4 @@ function job_log() {
 	when="$(date '+[%Y-%m-%d %H:%M:%S]')"
 	what="$1"
 	echo "$when $what" >> /var/log/jobs.log
-}
+}