102 lines
3.0 KiB
Bash
102 lines
3.0 KiB
Bash
#!/bin/bash
|
|
|
|
# SSL Certificate Setup Script for Multi-Tenant Domain
|
|
# This script sets up Let's Encrypt wildcard certificates
|
|
|
|
set -e
|
|
|
|
DOMAIN="dev.uggla.uamils.com"
|
|
EMAIL="admin@uamils.com"
|
|
STAGING=1 # Set to 0 for production certificates
|
|
|
|
echo "Setting up SSL certificates for domain: $DOMAIN"
|
|
|
|
# Create required directories
|
|
mkdir -p ./certbot/conf
|
|
mkdir -p ./certbot/www
|
|
mkdir -p ./nginx/ssl
|
|
|
|
# Function to get certificate
|
|
get_certificate() {
|
|
local domain=$1
|
|
local email=$2
|
|
local staging=$3
|
|
|
|
if [ $staging -eq 1 ]; then
|
|
local staging_flag="--staging"
|
|
echo "Getting STAGING certificate (for testing)..."
|
|
else
|
|
local staging_flag=""
|
|
echo "Getting PRODUCTION certificate..."
|
|
fi
|
|
|
|
echo "Requesting wildcard certificate for $domain and *.$domain"
|
|
|
|
docker-compose -f docker-compose.production.yml run --rm certbot \
|
|
certonly \
|
|
--manual \
|
|
--preferred-challenges=dns \
|
|
--email $email \
|
|
--server https://acme-v02.api.letsencrypt.org/directory \
|
|
--agree-tos \
|
|
--no-eff-email \
|
|
$staging_flag \
|
|
-d $domain \
|
|
-d "*.$domain"
|
|
}
|
|
|
|
# Check if certificate already exists
|
|
if [ -d "./certbot/conf/live/$DOMAIN" ]; then
|
|
echo "Certificate already exists for $DOMAIN"
|
|
read -p "Do you want to renew it? (y/n): " -n 1 -r
|
|
echo
|
|
if [[ $REPLY =~ ^[Yy]$ ]]; then
|
|
echo "Renewing certificate..."
|
|
docker-compose -f docker-compose.production.yml run --rm certbot renew
|
|
fi
|
|
else
|
|
echo "No certificate found. Creating new certificate..."
|
|
|
|
echo "IMPORTANT: You need to manually add DNS TXT records during this process!"
|
|
echo "The certbot will pause and show you the TXT records to add."
|
|
echo ""
|
|
echo "You'll need to add DNS TXT records like:"
|
|
echo " _acme-challenge.$DOMAIN TXT \"[value-shown-by-certbot]\""
|
|
echo " _acme-challenge.$DOMAIN TXT \"[another-value-for-wildcard]\""
|
|
echo ""
|
|
read -p "Press Enter when you're ready to continue..."
|
|
|
|
get_certificate $DOMAIN $EMAIL $STAGING
|
|
fi
|
|
|
|
# Set up certificate renewal cron job
|
|
echo "Setting up automatic certificate renewal..."
|
|
|
|
# Create renewal script
|
|
cat > ./scripts/renew-certs.sh << 'EOF'
|
|
#!/bin/bash
|
|
cd /path/to/your/project
|
|
docker-compose -f docker-compose.production.yml run --rm certbot renew
|
|
docker-compose -f docker-compose.production.yml exec nginx nginx -s reload
|
|
EOF
|
|
|
|
chmod +x ./scripts/renew-certs.sh
|
|
|
|
echo ""
|
|
echo "SSL certificate setup completed!"
|
|
echo ""
|
|
echo "NEXT STEPS:"
|
|
echo "1. Add this to your crontab for automatic renewal:"
|
|
echo " 0 12 * * * /path/to/your/project/scripts/renew-certs.sh"
|
|
echo ""
|
|
echo "2. Update your .env.production file with correct domain settings"
|
|
echo ""
|
|
echo "3. Start the production environment:"
|
|
echo " docker-compose -f docker-compose.production.yml up -d"
|
|
echo ""
|
|
|
|
if [ $STAGING -eq 1 ]; then
|
|
echo "NOTE: You're using STAGING certificates (for testing)."
|
|
echo "Change STAGING=0 in this script and run again for production certificates."
|
|
fi
|