diff --git a/install_dehydrated.sh b/install_dehydrated.sh index e8bcbfc..c4bef5a 100755 --- a/install_dehydrated.sh +++ b/install_dehydrated.sh @@ -5,6 +5,8 @@ _DH_CONF_DIR=/etc/dehydrated _DH_BASE_DIR=/var/lib/dehydrated _DH_WELL_KNOWN_DIR=/var/www/dehydrated +STR_SUCCESS="Certificate has been produced" + # ------------- # --- Some functions # ------------- @@ -188,7 +190,8 @@ echo "" echo "[1] Apache2 from Debian Package System" echo "[2] Apache2 installed from Sources" echo "[3] nginx from Debian Package System" -echo "[4] Other Webserver Installation" +echo "[4] GitLab integrated Webserver (GiLab CE Omnibus Package)" +echo "[5] Other Webserver Installation" echo "" echononl "Eingabe: " @@ -196,6 +199,7 @@ echononl "Eingabe: " while [ "$WEBSERVER_INSTALLATION" != "Apache2_Debian" \ -a "$WEBSERVER_INSTALLATION" != "Apache2_Source" \ -a "$WEBSERVER_INSTALLATION" != "Nginx_Debian" \ + -a "$WEBSERVER_INSTALLATION" != "GitLab" \ -a "$WEBSERVER_INSTALLATION" != "Other_Webserver_Installation" ];do read OPTION case $OPTION in @@ -205,10 +209,12 @@ while [ "$WEBSERVER_INSTALLATION" != "Apache2_Debian" \ ;; 3) WEBSERVER_INSTALLATION="Nginx_Debian" ;; - 4) WEBSERVER_INSTALLATION="Other_Webserver_Installation" + 4) WEBSERVER_INSTALLATION="GitLab" + ;; + 5) WEBSERVER_INSTALLATION="Other_Webserver_Installation" ;; *) echo "" - echo -e "\tFalsche Eingabe ! [ 1 = Apache2 Debian ; 2 = Apache2 Sources ; 3 = Nginx Debian ; 4 = Other ]" + echo -e "\tFalsche Eingabe ! [ 1 = Apache2 Debian ; 2 = Apache2 Sources ; 3 = Nginx Debian ; 4 = Other ; 5 = GitLab]" echo "" echononl "Eingabe:" ;; @@ -218,8 +224,11 @@ done _set_apache_conf_symlink=false apache_installed=false nginx_installed=false +gitlab_installed=false +gitlab_reconfigure=false nginx_init_script=/etc/init.d/nginx apache_control_script=/etc/init.d/apache2 +gitlab_ctl_script=/usr/bin/gitlab-ctl if [[ "$WEBSERVER_INSTALLATION" = "Apache2_Debian" ]] ;then APACHE_VHOST_DIR=/etc/apache2/sites-enabled @@ -273,6 +282,10 @@ elif [[ "$WEBSERVER_INSTALLATION" = "Nginx_Debian" ]] ;then NGINX_VHOST_DIR=${NGINX_BASE_DIR}/sites-enabled NGINX_SNIPPET_DIR=${NGINX_BASE_DIR}/snippets nginx_installed=true +elif [[ "$WEBSERVER_INSTALLATION" = "GitLab" ]] ;then + GITLAB_CONF_FILE=/etc/gitlab/gitlab.rb + gitlab_ctl_script=/usr/bin/gitlab-ctl + gitlab_installed=true else APACHE_VHOST_DIR= APACHE_CONF_DIR= @@ -381,7 +394,7 @@ if [[ -n "$NGINX_BASE_DIR" ]]; then echononl " Configure Nginx Webserver: Create alias for WLLKNOWN Directory.." - if ! grep grep -E "location\s+/.well-known/acme-challenge/" ${NGINX_SNIPPET_DIR}/letsencrypt-acme-challenge.conf > /dev/null 2>&1 ; then + if ! grep -E "location\s+/.well-known/acme-challenge/" ${NGINX_SNIPPET_DIR}/letsencrypt-acme-challenge.conf > /dev/null 2>&1 ; then cat < ${NGINX_SNIPPET_DIR}/letsencrypt-acme-challenge.conf location /.well-known/acme-challenge/ { @@ -403,6 +416,42 @@ EOF fi fi +if [[ -n "$GITLAB_CONF_FILE" ]]; then + + echononl " Adjust GitLab Configuration (${GITLAB_CONF_FILE})" + + if ! grep -E "^\s*nginx\['custom_gitlab_server_config'\]" $GITLAB_CONF_FILE 2> /dev/null | grep -q ".well-known/acme-challenge" 2> /dev/null ; then + if ! grep -q -E "^\s*#\s*nginx\['custom_gitlab_server_config'\]" $GITLAB_CONF_FILE 2> /dev/null ; then + cat <> ${GITLAB_CONF_FILE} + +################################################################################ +## Added by dehydrated install script $(basename $0) +################################################################################ + +nginx['custom_gitlab_server_config'] = "location ^~ /.well-known/acme-challenge { alias /var/www/dehydrated; }" + +EOF + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + else + perl -i -n -p -e "s#^(\s*\#\s*(nginx\['custom_gitlab_server_config'\]).*)#\1\n\2 = \"location ^~ /.well-known/acme-challenge { alias \/var\/www\/dehydrated; }\"#" $GITLAB_CONF_FILE + if [[ $? -eq 0 ]] ; then + echo_ok + gitlab_reconfigure=true + else + echo_failed + fi + fi + else + echo_skipped + fi +fi + + if [[ -d "$DH_WELL_KNOWN_DIR" ]]; then echononl " Backup \"$DH_WELL_KNOWN_DIR\" directory.." mv $DH_WELL_KNOWN_DIR $DH_WELL_KNOWN_DIR.$_date @@ -515,8 +564,6 @@ if $apache_installed ; then echo_skipped warn "Apache Control Script (apachectl) not found." fi -else - apache_installed=/etc/init.d/apache2 fi if $nginx_installed ; then @@ -530,6 +577,30 @@ if $nginx_installed ; then echo_failed warn "Restart of nginx webserver failed.." fi + else + echo_skipped + warn "Nginx Control Script (nginx_init_script) not found." + fi +fi + + +if $gitlab_installed ; then + echononl " Reconfiguring (and restarting) Gitlab Services.." + if $gitlab_reconfigure ; then + if [[ -x "$gitlab_ctl_script" ]]; then + $gitlab_ctl_script reconfigure > /dev/null 2>&1 + if [[ $? -eq 0 ]] ; then + echo_ok + else + echo_failed + warn "Restart of Gitlab Services failed.." + fi + else + echo_skipped + warn "Gitlab Control Script (gitlab-ctl) not found." + fi + else + echo_skipped fi fi @@ -729,7 +800,7 @@ while read -r line || [[ -n "$line" ]]; do echo " rm \"\${BASEDIR}/certs/\${DOMAIN}/privkey_cert_chain.pem"\" >> $HOOK_OUT_FILE echo " fi" >> $HOOK_OUT_FILE echo " ln -s \"privkey_cert_chain-\${TIMESTAMP}.pem\" \"\${BASEDIR}/certs/\${DOMAIN}/privkey_cert_chain.pem\"" >>$HOOK_OUT_FILE - echo " echo \" + Hook: \$DOMAIN - Certificate has been produced\"" >> $HOOK_OUT_FILE + echo " echo \" + Hook: \$DOMAIN - $STR_SUCCESS\"" >> $HOOK_OUT_FILE echo "" >> $HOOK_OUT_FILE found=false fi @@ -822,6 +893,11 @@ dovecot_installed=false pureftpd_installed=false apache_installed=$apache_installed nginx_installed=$nginx_installed +# - gitlab_installed +# - +# - Set to "true" if webserver nginx is controlled by GitLab (Omnibus Package). +# - Note: in that case, "nginx_installed" must be set to "false" +gitlab_installed=$gitlab_installed # --- @@ -889,7 +965,7 @@ ttl_211=3600 # - Logging in that file and evaluatiog the results will happen in any case, # - even if variable LOGGING is set to true # - -_logfile="/tmp/dehydrated-`date +%Y-%m-%d-%H%M`.log" +_logfile="/tmp/dehydrated-\$(date +%Y-%m-%d-%H%M).log" EOF if [[ $? -eq 0 ]] ; then echo_ok @@ -1337,15 +1413,6 @@ else exit 10 fi -if grep -i "error:" \$_logfile > /dev/null 2>&1 ; then - if \$verbose ; then - warn "Maybe not all certificates are generated. See Output below." - else - echo -e "\\n [ Warn ]: Mayby not all certificates are generated! See Output below." - fi -fi - - # --- # --- Postgeneration Tasks @@ -1357,15 +1424,16 @@ restart_dovecot=false restart_pureftpd=false restart_apache=false restart_nginx=false +restart_gitlab=false declare -a zone_to_reload_arr declare -a _tmp_arr certs_updated=false -_processed_hosts="\$(cat \$_logfile | grep "Certificate has been produced" 2> /dev/null | awk '{print\$3}')" +_processed_hosts="\$(cat \$_logfile | grep "$STR_SUCCESS" 2> /dev/null | awk '{print\$3}')" # - Evaluate dehydrated's output - see if certificates where created # - -if grep -i "Hook:" \$_logfile > /dev/null 2>&1 ; then +if [[ -n "\$_processed_hosts" ]] ; then certs_updated=true @@ -1385,6 +1453,8 @@ if grep -i "Hook:" \$_logfile > /dev/null 2>&1 ; then restart_apache=true elif \$nginx_installed ; then restart_nginx=true + elif \$gitlab_installed ; then + restart_gitlab=true fi # --- @@ -1666,13 +1736,10 @@ fi # - Nothing to do if al is up tp date # - -if ! \$certs_updated ; then +if ! \$certs_updated && ! grep -q -i "error:" \$_logfile 2> /dev/null ; then if \$verbose ; then info "All Certificates are up to date." - fi - - if \$verbose || grep -i "error:" \$_logfile > /dev/null 2>&1 ; then echo "" echo "" echo "Output message from dehydrated script:" @@ -1680,11 +1747,11 @@ if ! \$certs_updated ; then echo "" cat \$_logfile echo "" + echo "" fi rm -f \$_logfile - \$verbose && echo "" exit 0 fi @@ -1787,98 +1854,154 @@ fi # --- Restart Services # --- -if \$restart_apache ; then - if [[ -x "$apache_control_script" ]]; then - $apache_control_script graceful > /dev/null 2>&1 +if \$certs_updated ; then + if \$restart_apache ; then + if [[ -x "$apache_control_script" ]]; then + $apache_control_script graceful > /dev/null 2>&1 + if [[ \$? -gt 0 ]]; then + if \$verbose ; then + error "Restarting Apache Webserver failed!" + else + echo -e "\\n [ Error ]: Restarting Apache Webserver failed! \\n" + fi + else + if \$verbose ; then + info "Apache Webserver restarted." + else + echo -e "\\n [ Info ]: Apache Webserver restarted.\\n" + fi + fi + else + if \$verbose ; then + warn "Apache Control Script (apachectl) not found. Take care to restart webservice manually" + else + echo -e "\\n [ Warn ]: Apache Control Script (apachectl) not found. Take care to restart webservice manually" + fi + fi + fi + if \$restart_gitlab ; then + if [[ -x "$gitlab_ctl_script" ]]; then + $gitlab_ctl_script hup > /dev/null 2>&1 + if [[ \$? -gt 0 ]]; then + if \$verbose ; then + error "Graceful restart of GitLab Services (sending HUP signal) failed!" + else + echo -e "\\n [ Error ]: Graceful restart of GitLab Services (sending HUP signal) failed! \\n" + fi + else + if \$verbose ; then + info "GitLab Services reloaded." + else + echo -e "\\n [ Info ]: GitLab Services reloaded.\\n" + fi + fi + else + if \$verbose ; then + warn "GitLab Control Script (gitlab-ctl) not found. Take care to restart service manually" + else + echo -e "\\n [ Warn ]: GitLab Control Script (gitlab-ctl) not found. Take care to restart service manually" + fi + fi + fi + if \$restart_postfix ; then + /etc/init.d/postfix reload > /dev/null 2>&1 if [[ \$? -gt 0 ]]; then if \$verbose ; then - error "Restarting Apache Webserver failed!" + error "Restarting Postfix failed!" else - echo -e "\\n [ Error ]: Restarting Apache Webserver failed! \\n" + echo -e "\\n [ Error ]: Restarting Postfix failed! \\n" fi else if \$verbose ; then - info "Apache Webserver restarted." + info "Postfix service restarted." else - echo -e "\\n [ Info ]: Apache Webserver restarted.\\n" + echo -e "\\n [ Info ]: Postfix service restarted.\\n" fi fi - else - if \$verbose ; then - warn "Apache Control Script (apachectl) not found. Take care to restart webservice manually" + fi + if \$restart_dovecot ; then + /etc/init.d/dovecot restart > /dev/null 2>&1 + if [[ \$? -gt 0 ]]; then + if \$verbose ; then + error "Restarting Dovecot Service failed!" + else + echo -e "\\n [ Error ]: Restarting Dovecot Service failed! \\n" + fi else - echo -e "\\n [ Warn ]: Apache Control Script (apachectl) not found. Take care to restart webservice manually" + if \$verbose ; then + info "Dovecot service restarted." + else + echo -e "\\n [ Info ]: Dovecot service restarted.\\n" + fi fi fi -fi -if \$restart_postfix ; then - /etc/init.d/postfix reload > /dev/null 2>&1 - if [[ \$? -gt 0 ]]; then - if \$verbose ; then - error "Restarting Postfix failed!" + if \$restart_pureftpd ; then + /etc/init.d/pure-ftpd restart > /dev/null 2>&1 + if [[ \$? -gt 0 ]]; then + if \$verbose ; then + error "Restarting PureFTP Server failed!" + else + echo -e "\\n [ Error ]: Restarting PureFTP Server failed! \\n" + fi else - echo -e "\\n [ Error ]: Restarting Postfix failed! \\n" - fi - else - if \$verbose ; then - info "Postfix service restarted." - else - echo -e "\\n [ Info ]: Postfix service restarted.\\n" + if \$verbose ; then + info "PureFTP Server restarted." + else + echo -e "\\n [ Info ]: PureFTP Server restarted.\\n" + fi fi fi -fi -if \$restart_dovecot ; then - /etc/init.d/dovecot restart > /dev/null 2>&1 - if [[ \$? -gt 0 ]]; then - if \$verbose ; then - error "Restarting Dovecot Service failed!" + if \$restart_nginx ; then + /etc/init.d/nginx restart > /dev/null 2>&1 + if [[ \$? -gt 0 ]]; then + if \$verbose ; then + error "Restarting Nginx Webserver failed!" + else + echo -e "\\n [ Error ]: Restarting Nginx Webserver failed! \\n" + fi else - echo -e "\\n [ Error ]: Restarting Dovecot Service failed! \\n" - fi - else - if \$verbose ; then - info "Dovecot service restarted." - else - echo -e "\\n [ Info ]: Dovecot service restarted.\\n" - fi - fi -fi -if \$restart_pureftpd ; then - /etc/init.d/pure-ftpd restart > /dev/null 2>&1 - if [[ \$? -gt 0 ]]; then - if \$verbose ; then - error "Restarting PureFTP Server failed!" - else - echo -e "\\n [ Error ]: Restarting PureFTP Server failed! \\n" - fi - else - if \$verbose ; then - info "PureFTP Server restarted." - else - echo -e "\\n [ Info ]: PureFTP Server restarted.\\n" - fi - fi -fi -if \$restart_nginx ; then - /etc/init.d/nginx restart > /dev/null 2>&1 - if [[ \$? -gt 0 ]]; then - if \$verbose ; then - error "Restarting Nginx Webserver failed!" - else - echo -e "\\n [ Error ]: Restarting Nginx Webserver failed! \\n" - fi - else - if \$verbose ; then - info "Nginx Webserver restarted." - else - echo -e "\\n [ Info ]: Nginx Webserver restarted.\\n" + if \$verbose ; then + info "Nginx Webserver restarted." + else + echo -e "\\n [ Info ]: Nginx Webserver restarted.\\n" + fi fi fi fi +if [[ -n "\$_processed_hosts" ]] ; then -if \$verbose || grep -i "error:" \$_logfile > /dev/null 2>&1 || grep -i "done\!" \$_logfile > /dev/null 2>&1; then + echo "" + echo "" + echo "Certificates successfully created:" + echo "==================================" + echo "" + for _hostname in \$_processed_hosts ; do + echo " \$_hostname" + done + + echo "" +fi + + +if grep -i "error:" \$_logfile > /dev/null 2>&1 > /dev/null 2>&1; then + + cp -a \$_logfile /var/log/ > /dev/null 2>&1 + + if \$verbose ; then + error "Creating (some) Certificates failed!\\n\\t See also /var/log/\$(basename \$_logfile)" + else + echo -e "\\n[ Error ]: Creating (some) Certificates failed!" + echo -e " See also /var/log/\$(basename \$_logfile) \\n" + fi + echo "" + echo "Output message from dehydrated script:" + echo "======================================" + echo "" + cat \$_logfile + echo "" +elif \$verbose ; then echo "" echo "" echo "Output message from dehydrated script:"