added the start of certbot fun

2020-01-22 23:32:14 -05:00 · 2020-01-22 23:32:14 -05:00 · 35f620ef31
commit 35f620ef31
parent ca0063d8e2
1 changed files with 30 additions and 19 deletions
--- a/deploy.sh
+++ b/deploy.sh
@ -6,25 +6,25 @@
 # 20190930 v1

 ##### EDIT HERE ####
-#siteName="_"
-#siteTitle="TEST"
-#adminEmail="test@test.com"
-#siteURL="test.url.com"
-#siteProto="http://"
+# acme.sh location
+acmebin="/root/.acme.sh/acme.sh"

+# httpd server user
 wwwUser="nginx"
+
 #### DON"T TOUCH BELOW HERE ####

 get_info () {
 read -p "Enter Site Name: " siteName
 read -p "Enter Site Title: " siteTitle
-read -p "If SSL type ssl otherwise don't: " siteProtoIn
+read -p "SSL [Y/n]: " siteProtoIn
+read -p "Certbot ready?: cbReady
 read -p "Enter Site URL: " siteURL
 read -p "Enter WPAdmin email: " adminEmail

-if [[ $siteProtoIn == "ssl" ]]; then
-	siteProto="https://"
-	ssl=1
+if [[ $siteProtoIn == "n" ]]; then
+	siteProto="http://"
+	ssl=0
 fi

 fullURL="${siteProto}${siteURL}"
@ -34,15 +34,25 @@ genSSL () {
 mkdir -p "/etc/nginx/ssl/${siteURL}/" || exit
 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/${siteURL}/key -out /etc/nginx/ssl/${siteURL}/crt \
    -subj "/C=TT/ST=TT/L=TT/O=TEMP/OU=TEMP/CN=$siteURL/emailAddress=TEMP"
+
+sslCert="/etc/nginx/ssl/${siteURL}/crt"
+sslKey="/etc/nginx/ssl/${siteURL}/key"
+}
+
+acmeSSL () {
+	"${acmebin}" --issue --dns dns_cf -d "${siteURL}" --reloadcmd "systemctl reload nginx" --force
+
+	sslCert="/root/.acme.sh/${siteURL}/fullchain.cer"
+	sslKey="/root/.acme.sh/${siteURL}/${siteURL}.key"
 }

 create_wp_db () {
-siteNoP=$(echo "${siteURL}" | sed 's/\.//g')
-# create wordpress user with passwd
-wpasswd=$(openssl rand 39 -base64 | cut -c1-37)
-wpapasswd=$(openssl rand 39 -base64 | cut -c1-37)
-mysql -e "create database ${siteNoP}"
-mysql -e "grant all on ${siteNoP}.* to ${siteNoP}@localhost identified by '${wpasswd}'"
+	siteNoP=$(echo "${siteURL}" | sed 's/\.//g')
+	# create wordpress user with passwd
+	wpasswd=$(openssl rand 39 -base64 | cut -c1-37)
+	wpapasswd=$(openssl rand 39 -base64 | cut -c1-37)
+	mysql -e "create database ${siteNoP}"
+	mysql -e "grant all on ${siteNoP}.* to ${siteNoP}@localhost identified by '${wpasswd}'"
 }

 vHostHTTP () {
@ -158,8 +168,9 @@ server {
        fastcgi_param   SCRIPT_FILENAME    \$document_root\$fastcgi_script_name;
        fastcgi_param   SCRIPT_NAME        \$fastcgi_script_name;
    }
-    ssl_certificate /etc/nginx/ssl/${siteURL}/crt;
-    ssl_certificate_key /etc/nginx/ssl/${siteURL}/key;
+
+    ssl_certificate "${sslCert}";
+    ssl_certificate_key "${sslKey}";

    ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
@ -191,8 +202,8 @@ fi
 ########################################################################

 # set defaults
-siteProto="http://"
-ssl=0
+siteProto="https://"
+ssl=1

 # get mdata
 get_info