#!/bin/sh os="$(cat "${__global:?}"/explorer/os)" case "$os" in alpine) nginx_user=nginx nginx_certdir=/etc/nginx/ssl ;; debian|ubuntu) nginx_user=www-data nginx_certdir=/etc/nginx/ssl ;; *) echo "This type does not support $os yet. Aborting." >&2; exit 1; ;; esac if [ -f "${__object:?}/parameter/domain" ]; then domain="$(cat "${__object:?}/parameter/domain")" else domain="${__object_id:?}" fi altdomains= if [ -f "${__object:?}/parameter/altdomains" ]; then altdomains="$(cat "${__object:?}/parameter/altdomains")" fi set_custom_uacme_hookscript= if [ -f "${__object:?}/parameter/uacme-hookscript" ]; then uacme_hookscript="$(cat "${__object:?}/parameter/uacme-hookscript")" set_custom_uacme_hookscript="--hookscript $uacme_hookscript" fi set_custom_acme_url= if [ -f "${__object:?}/parameter/acme-url" ]; then custom_acme_url=$(cat "${__object:?}/parameter/acme-url") set_custom_acme_url="--acme-url $custom_acme_url" fi set_acme_eab_credentials= if [ -f "${__object:?}/parameter/acme-eab-credentials" ]; then acme_eab_credentials=$(cat "${__object:?}/parameter/acme-eab-credentials") set_acme_eab_credentials="--eab-credentials $acme_eab_credentials" fi # Deploy simple HTTP vhost, allowing to serve ACME challenges. __nginx_vhost "301-to-https-$domain" \ --domain "$domain" --altdomains "$altdomains" --to-https # Obtaining TLS cert. cert_ownership=$nginx_user if [ -f "${__object:?}/parameter/force-cert-ownership-to" ]; then cert_ownership=$(cat "${__object:?}/parameter/force-cert-ownership-to") fi # shellcheck disable=SC2086 __uacme_account \ $set_custom_acme_url \ $set_acme_eab_credentials \ # shellcheck disable=SC2086 require="__nginx_vhost/301-to-https-$domain __uacme_account" \ __uacme_obtain "$domain" \ --altdomains "$altdomains" \ $set_custom_uacme_hookscript \ $set_custom_acme_url \ $set_acme_eab_credentials \ --owner "$cert_ownership" \ --install-key-to "$nginx_certdir/$domain/privkey.pem" \ --install-cert-to "/$nginx_certdir/$domain/fullchain.pem" \ --renew-hook "service nginx reload" # Deploy HTTPS nginx vhost. if [ -f "${__object:?}/parameter/config" ]; then if [ "$(cat "${__object:?}/parameter/config")" = "-" ]; then nginx_logic="${__object:?}/stdin" else nginx_logic="${__object:?}/parameter/config" fi mkdir -p "${__object:?}/files" cat "$nginx_logic" > "${__object:?}/files/config" require="__uacme_obtain/$domain" __nginx_vhost "$domain" \ --altdomains "$altdomains" --config "${__object:?}/files/config" else require="__uacme_obtain/$domain" __nginx_vhost "$domain" \ --altdomains "$altdomains" fi