#!/bin/bash # # Dump Traefik certs and install into containers that need them if ! command -v traefik-certs-dumper &> /dev/null; then failcheck "FAILED - traefik-certs-dumper tool not installed" fi fail() { echo -ne "\n\nFAILED - $1\n\n" exit 2; } . /etc/federated if [[ "${PLUS}" != "true" ]]; then echo -ne "\n* Dumping certs from traefik into /federated/certs.new.." traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs.new &> /dev/null [ $? -ne 0 ] && fail "Couldn't dump certs from traefik-certs-dumper into certs.new" echo -ne "done." diff /federated/certs.new/certs/$DOMAIN.crt /federated/certs/certs/$DOMAIN.crt &> /dev/null if [ $? -eq 0 ]; then echo -ne "\n* The certificates are the same (we are not restarting services)." else echo -ne "\n* The certificates are NOT the same (we will restart services)." MATCH="no" fi echo -ne "\n* Moving certs from /federated/certs.new into /federated/certs.." cp /federated/certs.new/certs/$DOMAIN.crt /federated/certs/certs/$DOMAIN.crt [ $? -ne 0 ] && fail "Couldn't move /federated/certs.new to /federated/certs" cp /federated/certs.new/private/$DOMAIN.key /federated/certs/private/$DOMAIN.key [ $? -ne 0 ] && fail "Couldn't move /federated/certs.new to /federated/certs" rm -rf /federated/certs.new echo -ne "done." echo -ne "\n* Installing certs into /federated/apps that use it.." # Install into PostgreSQL container cp /federated/certs/certs/$DOMAIN.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt cp /federated/certs/private/$DOMAIN.key /federated/apps/postgresql/data/var/lib/postgresql/server.key chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key # Install into LDAP container cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/ldap/data/certs/ # Install into Mail container cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/mail/data/root/certs/ # Install into Collabora container #cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/ #chown 104 /federated/apps/collabora/data/root/certs/* # Install into Matrix container cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/matrix/data/matrix/ chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN.crt /federated/apps/matrix/data/matrix/$DOMAIN.key echo -ne "done.\n" if [ "$MATCH" = "no" ]; then echo "\n* Restarting services that use the certificate.." /federated/bin/stop postgresql /federated/bin/stop ldap /federated/bin/stop mail /federated/bin/stop matrix /federated/bin/start postgresql /federated/bin/start ldap /federated/bin/start mail /federated/bin/start matrix echo -ne "done.\n" fi echo -ne "\n\n" else echo -ne "\n* Dumping certs from traefik into /federated/certs.." traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/httpacme.json --dest /federated/certs &> /dev/null [ $? -ne 0 ] && fail "Couldn't dump certs from traefik-certs-dumper into certs" echo -ne "done." echo -ne "\n\n" fi