lets encrypt: email required, remove staging flag

This commit is contained in:
chandi 2024-11-28 13:04:33 +01:00
parent 1a79f73fe3
commit 4afa12bcf2
5 changed files with 16 additions and 21 deletions

View File

@ -446,8 +446,7 @@ services:
environment:
- IGNORE_TLS_CERT_ERRORS={{$ignore_tls_cert_errors}}
- CERT1=${DOMAIN}
- STAGING=true
- EMAIL=test@chandi.it
- EMAIL=${LETSENCRYPT_EMAIL}
network_mode: host
{{end}}

View File

@ -7,7 +7,7 @@ set -e
declare -p | grep -Ev '^declare -[[:alpha:]]*r' > /container.env
if [ "$IGNORE_TLS_CERT_ERRORS" ]; then
if [ "$IGNORE_TLS_CERT_ERRORS" ] && [ "$IGNORE_TLS_CERT_ERRORS" != "false" ]; then
# use self signed certificate
if [ ! -f /etc/haproxy/certs/haproxy-10.7.7.1.pem ]; then
mkdir -p /etc/haproxy/certs

View File

@ -6,8 +6,7 @@
# HTTPS Proxy
# fully automated Lets Encrypt certificates
ENABLE_HTTPS_PROXY=true
# If your network doesn't allow access to DNS at 8.8.8.8 specify your own resolvers
#RESOLVER_ADDRESS=x.x.x.x
LETSENCRYPT_EMAIL=test@example.net
# Greenlight Frontend
# https://docs.bigbluebutton.org/greenlight/gl-overview.html

View File

@ -18,6 +18,13 @@ if [ -z "$EXTERNAL_IPv4" ]; then
exit 1
fi
if [ "$ENABLE_HTTPS_PROXY" ] && [ -z "$LETSENCRYPT_EMAIL" ]; then
echo "ERROR: LETSENCRYPT_EMAIL is not set in .env"
echo "you need to specify an email adress, otherwise the certificate"
echo "retrieval will fail"
exit 1
fi
function get_tag {
# is submodule checked out?
if [ -f "$1/.git" ]; then

View File

@ -18,6 +18,7 @@ then
exit 1
fi
. scripts/functions.sh
ensure_bbbhtml5yml
EXTERNAL_IPv4=$(curl -4 -s https://icanhazip.com)
@ -29,21 +30,15 @@ while [[ ! $greenlight =~ ^(y|n)$ ]]; do
done
https_proxy=""
LETSENCRYPT_EMAIL=""
while [[ ! $https_proxy =~ ^(y|n)$ ]]; do
read -p "Should an automatic HTTPS Proxy be included? (y/n): " https_proxy
done
if [ "$coturn" == "y" ] && [ ! "$https_proxy" == "y" ]
if [ "$https_proxy" == "y" ]
then
echo "Coturn needs TLS to function properly."
echo " Since automatic HTTPS Proxy is disabled,"
echo " you must provide a relative or absolute path"
echo " to your certificates."
while [[ -z "$CERTPATH" ]]; do
read -p "Please enter path to cert.pem: " CERTPATH
done
while [[ -z "$KEYPATH" ]]; do
read -p "Please enter path to key.pem: " KEYPATH
while [[ ! $LETSENCRYPT_EMAIL =~ ^.+@.+\..+$ ]]; do
read -p "Please enter an Email adress for the Let's Encrypt notifications: " LETSENCRYPT_EMAIL
done
fi
@ -142,6 +137,7 @@ fi
if [ ! "$https_proxy" == "y" ]
then
sed -i "s/ENABLE_HTTPS_PROXY.*/#ENABLE_HTTPS_PROXY=true/" .env
sed -i "s/LETSENCRYPT_EMAIL=.*/LETSENCRYPT_EMAIL=$LETSENCRYPT_EMAIL/" .env
fi
if [ "$recording" == "y" ]
@ -156,12 +152,6 @@ then
fi
if [ -n "$CERTPATH" ] && [ -n "$KEYPATH" ]
then
sed -i "s,#COTURN_TLS_CERT_PATH=.*,COTURN_TLS_CERT_PATH=$CERTPATH," .env
sed -i "s,#COTURN_TLS_KEY_PATH=.*,COTURN_TLS_KEY_PATH=$KEYPATH," .env
fi
if [ "$prometheus_exporter" == "y" ]
then
sed -i "s/#ENABLE_PROMETHEUS_EXPORTER=.*/ENABLE_PROMETHEUS_EXPORTER=true/" .env