lets encrypt: email required, remove staging flag

docker-compose.tmpl.yml

@@ -446,8 +446,7 @@ services:
     environment:
       - IGNORE_TLS_CERT_ERRORS={{$ignore_tls_cert_errors}}
       - CERT1=${DOMAIN}
-      - STAGING=true
-      - EMAIL=test@chandi.it
+      - EMAIL=${LETSENCRYPT_EMAIL}
     network_mode: host
 {{end}}
 

mod/haproxy/bootstrap.sh

@@ -7,7 +7,7 @@ set -e
 
 declare -p | grep -Ev '^declare -[[:alpha:]]*r' > /container.env
 
-if [ "$IGNORE_TLS_CERT_ERRORS" ]; then
+if [ "$IGNORE_TLS_CERT_ERRORS"  ] && [ "$IGNORE_TLS_CERT_ERRORS" != "false" ]; then
     # use self signed certificate
     if [ ! -f /etc/haproxy/certs/haproxy-10.7.7.1.pem ]; then
         mkdir -p /etc/haproxy/certs

sample.env

@@ -6,8 +6,7 @@
 # HTTPS Proxy
 # fully automated Lets Encrypt certificates
 ENABLE_HTTPS_PROXY=true
-# If your network doesn't allow access to DNS at 8.8.8.8 specify your own resolvers
-#RESOLVER_ADDRESS=x.x.x.x
+LETSENCRYPT_EMAIL=test@example.net
 
 # Greenlight Frontend
 # https://docs.bigbluebutton.org/greenlight/gl-overview.html

scripts/generate-compose

@@ -18,6 +18,13 @@ if [ -z "$EXTERNAL_IPv4" ]; then
     exit 1
 fi
 
+if [ "$ENABLE_HTTPS_PROXY" ] && [ -z "$LETSENCRYPT_EMAIL" ]; then
+    echo "ERROR: LETSENCRYPT_EMAIL is not set in .env"
+    echo "you need to specify an email adress, otherwise the certificate"
+    echo "retrieval will fail"
+    exit 1
+fi
+
 function get_tag {
   # is submodule checked out?
   if [ -f "$1/.git" ]; then

scripts/setup

@@ -18,6 +18,7 @@ then
   exit 1
 fi
 
+. scripts/functions.sh
 ensure_bbbhtml5yml
 
 EXTERNAL_IPv4=$(curl -4 -s https://icanhazip.com)
@@ -29,21 +30,15 @@ while [[ ! $greenlight =~ ^(y|n)$ ]]; do
 done
 
 https_proxy=""
+LETSENCRYPT_EMAIL=""
 while [[ ! $https_proxy =~ ^(y|n)$ ]]; do
     read -p "Should an automatic HTTPS Proxy be included? (y/n): " https_proxy
 done
 
-if [ "$coturn" == "y" ] && [ ! "$https_proxy" == "y" ]
+if [ "$https_proxy" == "y" ]
 then
-    echo "Coturn needs TLS to function properly."
-    echo "   Since automatic HTTPS Proxy is disabled,"
-    echo "   you must provide a relative or absolute path"
-    echo "   to your certificates."
-    while [[ -z "$CERTPATH" ]]; do
-        read -p "Please enter path to cert.pem: " CERTPATH
-    done
-    while [[ -z "$KEYPATH" ]]; do
-        read -p "Please enter path to key.pem: " KEYPATH
+    while [[ ! $LETSENCRYPT_EMAIL =~ ^.+@.+\..+$ ]]; do
+        read -p "Please enter an Email adress for the Let's Encrypt notifications: " LETSENCRYPT_EMAIL
     done
 fi
 
@@ -142,6 +137,7 @@ fi
 if [ ! "$https_proxy" == "y" ]
 then
     sed -i "s/ENABLE_HTTPS_PROXY.*/#ENABLE_HTTPS_PROXY=true/" .env
+    sed -i "s/LETSENCRYPT_EMAIL=.*/LETSENCRYPT_EMAIL=$LETSENCRYPT_EMAIL/" .env
 fi
 
 if [ "$recording" == "y" ]
@@ -156,12 +152,6 @@ then
 fi
 
 
-if [ -n "$CERTPATH" ] && [ -n "$KEYPATH" ]
-then
-    sed -i "s,#COTURN_TLS_CERT_PATH=.*,COTURN_TLS_CERT_PATH=$CERTPATH," .env
-    sed -i "s,#COTURN_TLS_KEY_PATH=.*,COTURN_TLS_KEY_PATH=$KEYPATH," .env
-fi
-
 if [ "$prometheus_exporter" == "y" ]
 then
     sed -i "s/#ENABLE_PROMETHEUS_EXPORTER=.*/ENABLE_PROMETHEUS_EXPORTER=true/" .env