mirror/XenOrchestraInstallerUpdater
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add Let's Encrypt support

Browse Source
This commit is contained in:
Roni Väyrynen
2022-07-29 14:21:32 +03:00
parent 2a40ddbd1b
commit eb82cc37f6
2 changed files with 42 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
sample.xo-install.cfg
View File

@@ -84,6 +84,16 @@ PRESERVE="3"
# options: true/false # options: true/false
#AUTOCERT="false" #AUTOCERT="false"
# Enable automatic Let's Encrypt certificate creation.
# Setting this to true will configure HTTP and HTTPS listeners to ports 80/443 (overwrites PORT variable),
# enables autocert, sets certificate paths if missing and adds http to https redirect.
#LETSENCRYPT="false"
# Let's Encrypt domain for which the certificate is generated.
# Domain needs to be pointed towards XO server public ip-address and ports 80 and 443 allowed.
#LETSENCRYPT_DOMAIN=""
# Optional email address to receive notifications related to certificate
#LETSENCRYPT_EMAIL=""
# If set to true, this will install the rpm/deb repositories necessary for the Xen Orchestra install. # If set to true, this will install the rpm/deb repositories necessary for the Xen Orchestra install.
# If set to false, these repositories will not be installed. Also automatic nodejs upgrade will be disabled. # If set to false, these repositories will not be installed. Also automatic nodejs upgrade will be disabled.
# Note that installation will fail if all needed packages aren't available from configured repositories. See README for list of packages. # Note that installation will fail if all needed packages aren't available from configured repositories. See README for list of packages.

40
xo-install.sh
View File

@@ -41,6 +41,7 @@ PATH_TO_HTTPS_CERT="${PATH_TO_HTTPS_CERT:-""}"
PATH_TO_HTTPS_KEY="${PATH_TO_HTTPS_KEY:-""}" PATH_TO_HTTPS_KEY="${PATH_TO_HTTPS_KEY:-""}"
PATH_TO_HOST_CA="${PATH_TO_HOST_CA:-""}" PATH_TO_HOST_CA="${PATH_TO_HOST_CA:-""}"
AUTOCERT="${AUTOCERT:-"false"}" AUTOCERT="${AUTOCERT:-"false"}"
LETSENCRYPT="${LETSENCRYPT:-"false"}"
USESUDO="${USESUDO:-"false"}" USESUDO="${USESUDO:-"false"}"
GENSUDO="${GENSUDO:-"false"}" GENSUDO="${GENSUDO:-"false"}"
INSTALL_REPOS="${INSTALL_REPOS:-"true"}" INSTALL_REPOS="${INSTALL_REPOS:-"true"}"
@@ -68,14 +69,6 @@ FAIL="[${COLOR_RED}fail${COLOR_N}]"
INFO="[${COLOR_BLUE}info${COLOR_N}]" INFO="[${COLOR_BLUE}info${COLOR_N}]"
PROGRESS="[${COLOR_BLUE}..${COLOR_N}]" PROGRESS="[${COLOR_BLUE}..${COLOR_N}]"
# Protocol to use for webserver. If both of the X.509 certificate paths are defined,
# then assume that we want to enable HTTPS for the server.
if [[ -n "$PATH_TO_HTTPS_CERT" ]] && [[ -n "$PATH_TO_HTTPS_KEY" ]]; then
HTTPS=true
else
HTTPS=false
fi
# create logpath if doesn't exist # create logpath if doesn't exist
if [[ ! -d "$LOGPATH" ]]; then if [[ ! -d "$LOGPATH" ]]; then
mkdir -p "$LOGPATH" mkdir -p "$LOGPATH"
@@ -794,6 +787,16 @@ function InstallXO {
# shellcheck disable=SC1117 # shellcheck disable=SC1117
runcmd "sed -i \"s%# autoCert = false%autoCert = true%\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml" runcmd "sed -i \"s%# autoCert = false%autoCert = true%\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
fi fi
if [[ "$LETSENCRYPT" == "true" ]]; then
runcmd "sed -i \"s%# \[\[http.listen\]\]%\[\[http.listen\]\]%\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
runcmd "sed -i \"s%# port = 443%port = 443%\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
runcmd "sed -i \"s%^# redirectToHttps = true%redirectToHttps = true%\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
runcmd "sed -i \"/^autoCert =.*/a acmeCa = 'letsencrypt/production'\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
runcmd "sed -i \"/^autoCert = .*/a acmeDomain = '$LETSENCRYPT_DOMAIN'\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
if [[ -n "$LETSENCRYPT_EMAIL" ]]; then
runcmd "sed -i \"/^autoCert =.*/a acmeEmail = '$LETSENCRYPT_EMAIL'\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/sample.config.toml"
fi
fi
sleep 2 sleep 2
fi fi
if [[ "$USESUDO" == "true" ]] && [[ "$XOUSER" != "root" ]]; then if [[ "$USESUDO" == "true" ]] && [[ "$XOUSER" != "root" ]]; then
@@ -1538,6 +1541,27 @@ function StartUpScreen {
} }
# Protocol to use for webserver. If both of the X.509 certificate paths are defined,
# then assume that we want to enable HTTPS for the server.
if [[ -n "$PATH_TO_HTTPS_CERT" ]] && [[ -n "$PATH_TO_HTTPS_KEY" ]]; then
HTTPS=true
else
HTTPS=false
fi
# Override port to 80, set https true and autocert to true if letsencrypt
if [[ "$LETSENCRYPT" == "true" ]]; then
if [[ -z "$LETSENCRYPT_DOMAIN" ]]; then
printfail "LETSENCRYPT_DOMAIN needs to be set when using Let's Encrypt"
exit 1
fi
PORT="80"
HTTPS="true"
AUTOCERT="true"
PATH_TO_HTTPS_CERT="${PATH_TO_HTTPS_CERT:-"./certificate.pem"}"
PATH_TO_HTTPS_KEY="${PATH_TO_HTTPS_KEY:-"./key.pem"}"
fi
# if no arguments given, we assume interactive mode. # if no arguments given, we assume interactive mode.
# set here because some of the following checks either prompt user input or not. # set here because some of the following checks either prompt user input or not.
if [[ $# == "0" ]]; then if [[ $# == "0" ]]; then