From ecef4e3cc9f2d414b817b18a0b9c7303c39e519a Mon Sep 17 00:00:00 2001
From: terminaldweller <thabogre@gmail.com>
Date: Sun, 17 Jan 2021 09:48:35 +0330
Subject: matrix server docker-compose WIP

---
 .../certbot/scripts/concatenate-certificates.sh        |  5 +++++
 matrix-server/certbot/scripts/create-certificates.sh   | 10 ++++++++++
 matrix-server/certbot/scripts/renew-certificates.sh    | 18 ++++++++++++++++++
 .../certbot/scripts/update-haproxy-certificates.sh     | 10 ++++++++++
 4 files changed, 43 insertions(+)
 create mode 100644 matrix-server/certbot/scripts/concatenate-certificates.sh
 create mode 100644 matrix-server/certbot/scripts/create-certificates.sh
 create mode 100644 matrix-server/certbot/scripts/renew-certificates.sh
 create mode 100644 matrix-server/certbot/scripts/update-haproxy-certificates.sh

(limited to 'matrix-server/certbot/scripts')

diff --git a/matrix-server/certbot/scripts/concatenate-certificates.sh b/matrix-server/certbot/scripts/concatenate-certificates.sh
new file mode 100644
index 0000000..5238a9b
--- /dev/null
+++ b/matrix-server/certbot/scripts/concatenate-certificates.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+if [ -f /etc/letsencrypt/live/davole.com/fullchain.pem -a -f /etc/letsencrypt/live/davole.com/privkey.pem ]; then
+  cat /etc/letsencrypt/live/davole.com/fullchain.pem /etc/letsencrypt/live/davole.com/privkey.pem > /etc/certificates/davole.com.pem
+fi
diff --git a/matrix-server/certbot/scripts/create-certificates.sh b/matrix-server/certbot/scripts/create-certificates.sh
new file mode 100644
index 0000000..5fb6345
--- /dev/null
+++ b/matrix-server/certbot/scripts/create-certificates.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# Request certificates
+certbot certonly --standalone \
+  --non-interactive --agree-tos --email info@davole.com --http-01-port=380 \
+  --cert-name davole.com \
+  -d davole.com
+# Concatenate certificates
+. /etc/scripts/concatenate-certificates.sh
+# Update certificates in HAProxy
+. /etc/scripts/update-haproxy-certificates.sh
diff --git a/matrix-server/certbot/scripts/renew-certificates.sh b/matrix-server/certbot/scripts/renew-certificates.sh
new file mode 100644
index 0000000..e46d412
--- /dev/null
+++ b/matrix-server/certbot/scripts/renew-certificates.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Certificates exist
+if [ -d /etc/letsencrypt/live/davole.com ]; then
+  # Check certificates and renew them
+  certbot renew --http-01-port=380
+
+  # Concatenate certificates
+  . /etc/scripts/concatenate-certificates.sh
+
+  # Update certificates in HAProxy
+  . /etc/scripts/update-haproxy-certificates.sh
+
+# Certificates don't exist
+else
+  #  Execute certificate creation script
+  . /etc/scripts/create-certificates.sh
+fi
diff --git a/matrix-server/certbot/scripts/update-haproxy-certificates.sh b/matrix-server/certbot/scripts/update-haproxy-certificates.sh
new file mode 100644
index 0000000..a1f9fc6
--- /dev/null
+++ b/matrix-server/certbot/scripts/update-haproxy-certificates.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Start transaction
+echo -e "set ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem <<\n$(cat /etc/certificates/davole.com.pem)\n" | socat tcp-connect:haproxy:9999 -
+
+# Commit transaction
+echo "commit ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem" | socat tcp-connect:haproxy:9999 -
+
+# Show certification info (not essential)
+echo "show ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem" | socat tcp-connect:haproxy:9999 -
-- 
cgit v1.2.3