mirror/XenOrchestraInstallerUpdater
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: rename letsencrypt to acme for more generic use and allow changing CA

Browse Source
This commit is contained in:
Roni Väyrynen
2022-07-29 14:34:05 +03:00
parent eb82cc37f6
commit 3559945306
2 changed files with 17 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
sample.xo-install.cfg
View File

@@ -84,15 +84,18 @@ PRESERVE="3"
# options: true/false
#AUTOCERT="false"
# Enable automatic Let's Encrypt certificate creation.
# Enable automatic ACME (eq. Let's Encrypt) certificate creation.
# Setting this to true will configure HTTP and HTTPS listeners to ports 80/443 (overwrites PORT variable),
# enables autocert, sets certificate paths if missing and adds http to https redirect.
#LETSENCRYPT="false"
#ACME="false"
# Let's Encrypt domain for which the certificate is generated.
# Domain needs to be pointed towards XO server public ip-address and ports 80 and 443 allowed.
#LETSENCRYPT_DOMAIN=""
#ACME_DOMAIN=""
# Optional email address to receive notifications related to certificate
#LETSENCRYPT_EMAIL=""
#ACME_EMAIL=""
# Optional ACME CA to use. Will default to Let's Encrypt
# Available ones listed here: https://www.npmjs.com/package/acme-client#directory-urls
#ACME_CA="letsencrypt/production"
# If set to true, this will install the rpm/deb repositories necessary for the Xen Orchestra install.
# If set to false, these repositories will not be installed. Also automatic nodejs upgrade will be disabled.

19
xo-install.sh
View File

@@ -41,7 +41,8 @@ PATH_TO_HTTPS_CERT="${PATH_TO_HTTPS_CERT:-""}"
PATH_TO_HTTPS_KEY="${PATH_TO_HTTPS_KEY:-""}"
PATH_TO_HOST_CA="${PATH_TO_HOST_CA:-""}"
AUTOCERT="${AUTOCERT:-"false"}"
LETSENCRYPT="${LETSENCRYPT:-"false"}"
ACME="${ACME:-"false"}"
ACME_CA="${ACME_CA:-"letsencrypt/production"}"
USESUDO="${USESUDO:-"false"}"
GENSUDO="${GENSUDO:-"false"}"
INSTALL_REPOS="${INSTALL_REPOS:-"true"}"
@@ -787,14 +788,14 @@ function InstallXO {
# shellcheck disable=SC1117
runcmd "sed -i \"s%# autoCert = false%autoCert = true%\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
fi
if [[ "$LETSENCRYPT" == "true" ]]; then
if [[ "$ACME" == "true" ]]; then
runcmd "sed -i \"s%# \[\[http.listen\]\]%\[\[http.listen\]\]%\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
runcmd "sed -i \"s%# port = 443%port = 443%\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
runcmd "sed -i \"s%^# redirectToHttps = true%redirectToHttps = true%\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
runcmd "sed -i \"/^autoCert =.*/a acmeCa = 'letsencrypt/production'\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
runcmd "sed -i \"/^autoCert = .*/a acmeDomain = '$LETSENCRYPT_DOMAIN'\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
if [[ -n "$LETSENCRYPT_EMAIL" ]]; then
runcmd "sed -i \"/^autoCert =.*/a acmeEmail = '$LETSENCRYPT_EMAIL'\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
runcmd "sed -i \"/^autoCert =.*/a acmeCa = '$ACME_CA'\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
runcmd "sed -i \"/^autoCert = .*/a acmeDomain = '$ACME_DOMAIN'\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
if [[ -n "$ACME_EMAIL" ]]; then
runcmd "sed -i \"/^autoCert =.*/a acmeEmail = '$ACME_EMAIL'\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
fi
fi
sleep 2
@@ -1550,9 +1551,9 @@ else
fi
# Override port to 80, set https true and autocert to true if letsencrypt
if [[ "$LETSENCRYPT" == "true" ]]; then
if [[ -z "$LETSENCRYPT_DOMAIN" ]]; then
printfail "LETSENCRYPT_DOMAIN needs to be set when using Let's Encrypt"
if [[ "$ACME" == "true" ]]; then
if [[ -z "$ACME_DOMAIN" ]]; then
printfail "ACME_DOMAIN needs to be set when using ACME"
exit 1
fi
PORT="80"