|
@@ -429,6 +429,9 @@ DH_KEYLENGTH=2048
|
429
|
429
|
# repo for atheros AR9271 wifi driver
|
430
|
430
|
ATHEROS_WIFI_REPO='https://github.com/qca/open-ath9k-htc-firmware.git'
|
431
|
431
|
|
|
432
|
+LETSENCRYPT_ENABLED="no"
|
|
433
|
+LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
|
|
434
|
+
|
432
|
435
|
function show_help {
|
433
|
436
|
echo ''
|
434
|
437
|
echo 'freedombone -c [configuration file]'
|
|
@@ -788,6 +791,9 @@ function read_configuration {
|
788
|
791
|
fi
|
789
|
792
|
|
790
|
793
|
if [ -f $CONFIGURATION_FILE ]; then
|
|
794
|
+ if grep -q "LETSENCRYPT_SERVER" $CONFIGURATION_FILE; then
|
|
795
|
+ LETSENCRYPT_SERVER=$(grep "LETSENCRYPT_SERVER" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
|
|
796
|
+ fi
|
791
|
797
|
if grep -q "HUBZILLA_COMMIT" $CONFIGURATION_FILE; then
|
792
|
798
|
HUBZILLA_COMMIT=$(grep "HUBZILLA_COMMIT" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
|
793
|
799
|
fi
|
|
@@ -1185,13 +1191,24 @@ function check_certificates {
|
1185
|
1191
|
if [ ! $1 ]; then
|
1186
|
1192
|
return
|
1187
|
1193
|
fi
|
1188
|
|
- if [ ! -f /etc/ssl/private/$1.key ]; then
|
1189
|
|
- echo "Private certificate for $CHECK_HOSTNAME was not created"
|
1190
|
|
- exit 63959
|
1191
|
|
- fi
|
1192
|
|
- if [ ! -f /etc/ssl/certs/$1.crt ]; then
|
1193
|
|
- echo "Public certificate for $CHECK_HOSTNAME was not created"
|
1194
|
|
- exit 7679
|
|
1194
|
+ if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
|
|
1195
|
+ if [ ! -f /etc/ssl/private/$1.key ]; then
|
|
1196
|
+ echo "Private certificate for $CHECK_HOSTNAME was not created"
|
|
1197
|
+ exit 63959
|
|
1198
|
+ fi
|
|
1199
|
+ if [ ! -f /etc/ssl/certs/$1.crt ]; then
|
|
1200
|
+ echo "Public certificate for $CHECK_HOSTNAME was not created"
|
|
1201
|
+ exit 7679
|
|
1202
|
+ fi
|
|
1203
|
+ else
|
|
1204
|
+ if [ ! -f /etc/letsencrypt/live/${1}/privkey.pem ]; then
|
|
1205
|
+ echo "Private certificate for $CHECK_HOSTNAME was not created"
|
|
1206
|
+ exit 6282
|
|
1207
|
+ fi
|
|
1208
|
+ if [ ! -f /etc/letsencrypt/live/${1}/fullchain.pem ]; then
|
|
1209
|
+ echo "Public certificate for $CHECK_HOSTNAME was not created"
|
|
1210
|
+ exit 5328
|
|
1211
|
+ fi
|
1195
|
1212
|
fi
|
1196
|
1213
|
if [ ! -f /etc/ssl/certs/$1.dhparam ]; then
|
1197
|
1214
|
echo "Diffie–Hellman parameters for $CHECK_HOSTNAME were not created"
|
|
@@ -3072,9 +3089,14 @@ function restore_database {
|
3072
|
3089
|
echo ' rm -rf $USB_MOUNT' >> $script_name
|
3073
|
3090
|
echo ' exit 683' >> $script_name
|
3074
|
3091
|
echo ' fi' >> $script_name
|
3075
|
|
- echo ' # Ensure that the bundled SSL cert is being used' >> $script_name
|
3076
|
|
- echo ' if [ -f /etc/ssl/certs/${2}.bundle.crt ]; then' >> $script_name
|
3077
|
|
- echo ' sed -i "s|${2}.crt|${2}.bundle.crt|g" /etc/nginx/sites-available/${2}' >> $script_name
|
|
3092
|
+ echo ' if [ -d /etc/letsencrypt/live/${2} ]; then' >> $script_name
|
|
3093
|
+ echo ' ln -s /etc/letsencrypt/live/${2}/privkey.pem /etc/ssl/private/${2}.key' >> $script_name
|
|
3094
|
+ echo ' ln -s /etc/letsencrypt/live/${2}/fullchain.pem /etc/ssl/certs/${2}.pem' >> $script_name
|
|
3095
|
+ echo ' else' >> $script_name
|
|
3096
|
+ echo ' # Ensure that the bundled SSL cert is being used' >> $script_name
|
|
3097
|
+ echo ' if [ -f /etc/ssl/certs/${2}.bundle.crt ]; then' >> $script_name
|
|
3098
|
+ echo ' sed -i "s|${2}.crt|${2}.bundle.crt|g" /etc/nginx/sites-available/${2}' >> $script_name
|
|
3099
|
+ echo ' fi' >> $script_name
|
3078
|
3100
|
echo ' fi' >> $script_name
|
3079
|
3101
|
echo ' fi' >> $script_name
|
3080
|
3102
|
echo ' fi' >> $script_name
|
|
@@ -3698,6 +3720,10 @@ function create_restore_script {
|
3698
|
3720
|
echo " if [ -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.bundle.crt ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3699
|
3721
|
echo " sed -i 's|$WIKI_DOMAIN_NAME.crt|$WIKI_DOMAIN_NAME.bundle.crt|g' /etc/nginx/sites-available/$WIKI_DOMAIN_NAME" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3700
|
3722
|
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3723
|
+ echo " if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3724
|
+ echo " ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3725
|
+ echo " ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3726
|
+ echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3701
|
3727
|
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3702
|
3728
|
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3703
|
3729
|
|
|
@@ -3739,7 +3765,10 @@ function create_restore_script {
|
3739
|
3765
|
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3740
|
3766
|
echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3741
|
3767
|
echo ' done' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3742
|
|
-
|
|
3768
|
+ echo " if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3769
|
+ echo " ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3770
|
+ echo " ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem" >> /usr/bin/$RESTORE_SCRIPT_NAME
|
|
3771
|
+ echo ' fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3743
|
3772
|
echo 'fi' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3744
|
3773
|
echo '' >> /usr/bin/$RESTORE_SCRIPT_NAME
|
3745
|
3774
|
|
|
@@ -4822,9 +4851,14 @@ function restore_database_from_friend {
|
4822
|
4851
|
echo ' if [ ! "$?" = "0" ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
4823
|
4852
|
echo ' exit 683' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
4824
|
4853
|
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
4825
|
|
- echo ' # Ensure that the bundled SSL cert is being used' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
4826
|
|
- echo ' if [ -f /etc/ssl/certs/${2}.bundle.crt ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
4827
|
|
- echo ' sed -i "s|${2}.crt|${2}.bundle.crt|g" /etc/nginx/sites-available/${2}' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
4854
|
+ echo ' if [ -d /etc/letsencrypt/live/${2} ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
4855
|
+ echo ' ln -s /etc/letsencrypt/live/${2}/privkey.pem /etc/ssl/private/${2}.key' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
4856
|
+ echo ' ln -s /etc/letsencrypt/live/${2}/fullchain.pem /etc/ssl/certs/${2}.pem' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
4857
|
+ echo ' else' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
4858
|
+ echo ' # Ensure that the bundled SSL cert is being used' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
4859
|
+ echo ' if [ -f /etc/ssl/certs/${2}.bundle.crt ]; then' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
4860
|
+ echo ' sed -i "s|${2}.crt|${2}.bundle.crt|g" /etc/nginx/sites-available/${2}' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
4861
|
+ echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
4828
|
4862
|
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
4829
|
4863
|
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
4830
|
4864
|
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
@@ -5402,6 +5436,10 @@ function restore_from_friend {
|
5402
|
5436
|
echo " if [ -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.bundle.crt ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
5403
|
5437
|
echo " sed -i 's|$WIKI_DOMAIN_NAME.crt|$WIKI_DOMAIN_NAME.bundle.crt|g' /etc/nginx/sites-available/$WIKI_DOMAIN_NAME" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
5404
|
5438
|
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
5439
|
+ echo " if [ -d /etc/letsencrypt/live/${WIKI_DOMAIN_NAME} ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
5440
|
+ echo " ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${WIKI_DOMAIN_NAME}.key" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
5441
|
+ echo " ln -s /etc/letsencrypt/live/${WIKI_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${WIKI_DOMAIN_NAME}.pem" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
5442
|
+ echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
5405
|
5443
|
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
5406
|
5444
|
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
5407
|
5445
|
|
|
@@ -5440,6 +5478,10 @@ function restore_from_friend {
|
5440
|
5478
|
echo '/$USERNAME/blog/uncategorized/post ' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
5441
|
5479
|
echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
5442
|
5480
|
echo ' done' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
5481
|
+ echo " if [ -d /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME} ]; then" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
5482
|
+ echo " ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/privkey.pem /etc/ssl/private/${FULLBLOG_DOMAIN_NAME}.key" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
5483
|
+ echo " ln -s /etc/letsencrypt/live/${FULLBLOG_DOMAIN_NAME}/fullchain.pem /etc/ssl/certs/${FULLBLOG_DOMAIN_NAME}.pem" >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
|
5484
|
+ echo ' fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
5443
|
5485
|
echo 'fi' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
5444
|
5486
|
echo '' >> /usr/bin/$RESTORE_FROM_FRIEND_SCRIPT_NAME
|
5445
|
5487
|
|
|
@@ -7128,7 +7170,11 @@ function configure_imap_client_certs {
|
7128
|
7170
|
fi
|
7129
|
7171
|
# make a CA cert
|
7130
|
7172
|
if [ ! -f /etc/ssl/private/ca-$DEFAULT_DOMAIN_NAME.key ]; then
|
7131
|
|
- freedombone-addcert -h $DEFAULT_DOMAIN_NAME --ca "" --dhkey $DH_KEYLENGTH
|
|
7173
|
+ if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
|
|
7174
|
+ freedombone-addcert -h $DEFAULT_DOMAIN_NAME --ca "" --dhkey $DH_KEYLENGTH
|
|
7175
|
+ else
|
|
7176
|
+ freedombone-addcert -e $DEFAULT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
|
|
7177
|
+ fi
|
7132
|
7178
|
fi
|
7133
|
7179
|
# CA configuration
|
7134
|
7180
|
echo '[ ca ]' > /etc/ssl/dovecot-ca.cnf
|
|
@@ -8142,44 +8188,6 @@ function install_web_server {
|
8142
|
8188
|
echo 'install_web_server' >> $COMPLETION_FILE
|
8143
|
8189
|
}
|
8144
|
8190
|
|
8145
|
|
-function install_letsencrypt {
|
8146
|
|
- if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
|
8147
|
|
- return
|
8148
|
|
- fi
|
8149
|
|
- if grep -Fxq "install_letsencrypt" $COMPLETION_FILE; then
|
8150
|
|
- return
|
8151
|
|
- fi
|
8152
|
|
- #apt-get -y install python-pip git
|
8153
|
|
- #pip install -U setuptools
|
8154
|
|
- #pip install --upgrade cffi
|
8155
|
|
- cd $INSTALL_DIR
|
8156
|
|
-
|
8157
|
|
- # This is experimental developer preview and I hope at some stage
|
8158
|
|
- # there will be a debian package for it.
|
8159
|
|
-
|
8160
|
|
- # obtain the repo
|
8161
|
|
- if [ ! -d $INSTALL_DIR/letsencrypt ]; then
|
8162
|
|
- git clone https://github.com/letsencrypt/letsencrypt
|
8163
|
|
- if [ ! -d $INSTALL_DIR/letsencrypt ]; then
|
8164
|
|
- exit 76283
|
8165
|
|
- fi
|
8166
|
|
- else
|
8167
|
|
- cd $INSTALL_DIR/letsencrypt
|
8168
|
|
- git stash
|
8169
|
|
- git pull
|
8170
|
|
- fi
|
8171
|
|
-
|
8172
|
|
- cd $INSTALL_DIR/letsencrypt
|
8173
|
|
- # TODO this requires user interaction - is there a non-interactive mode?
|
8174
|
|
- ./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly
|
8175
|
|
- if [ ! "$?" = "0" ]; then
|
8176
|
|
- echo 'Failed to install letsencrypt'
|
8177
|
|
- exit 63216
|
8178
|
|
- fi
|
8179
|
|
-
|
8180
|
|
- echo 'install_letsencrypt' >> $COMPLETION_FILE
|
8181
|
|
-}
|
8182
|
|
-
|
8183
|
8191
|
function configure_php {
|
8184
|
8192
|
sed -i "s/memory_limit = 128M/memory_limit = ${MAX_PHP_MEMORY}M/g" /etc/php5/fpm/php.ini
|
8185
|
8193
|
sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php5/fpm/php.ini
|
|
@@ -8591,7 +8599,11 @@ quit" > $INSTALL_DIR/batch.sql
|
8591
|
8599
|
configure_php
|
8592
|
8600
|
|
8593
|
8601
|
if [ ! -f /etc/ssl/certs/$OWNCLOUD_DOMAIN_NAME.dhparam ]; then
|
8594
|
|
- freedombone-addcert -h $OWNCLOUD_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
8602
|
+ if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
|
|
8603
|
+ freedombone-addcert -h $OWNCLOUD_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
8604
|
+ else
|
|
8605
|
+ freedombone-addcert -e $OWNCLOUD_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
|
|
8606
|
+ fi
|
8595
|
8607
|
check_certificates $OWNCLOUD_DOMAIN_NAME
|
8596
|
8608
|
fi
|
8597
|
8609
|
|
|
@@ -8840,7 +8852,11 @@ quit" > $INSTALL_DIR/batch.sql
|
8840
|
8852
|
configure_php
|
8841
|
8853
|
|
8842
|
8854
|
if [ ! -f /etc/ssl/certs/$GIT_DOMAIN_NAME.dhparam ]; then
|
8843
|
|
- freedombone-addcert -h $GIT_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
8855
|
+ if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
|
|
8856
|
+ freedombone-addcert -h $GIT_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
8857
|
+ else
|
|
8858
|
+ freedombone-addcert -e $GIT_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
|
|
8859
|
+ fi
|
8844
|
8860
|
check_certificates $GIT_DOMAIN_NAME
|
8845
|
8861
|
fi
|
8846
|
8862
|
|
|
@@ -9298,7 +9314,11 @@ function install_wiki {
|
9298
|
9314
|
rm -rf /var/www/$WIKI_DOMAIN_NAME/htdocs
|
9299
|
9315
|
fi
|
9300
|
9316
|
if [ ! -f /etc/ssl/certs/$WIKI_DOMAIN_NAME.dhparam ]; then
|
9301
|
|
- freedombone-addcert -h $WIKI_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
9317
|
+ if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
|
|
9318
|
+ freedombone-addcert -h $WIKI_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
9319
|
+ else
|
|
9320
|
+ freedombone-addcert -e $WIKI_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
|
|
9321
|
+ fi
|
9302
|
9322
|
check_certificates $WIKI_DOMAIN_NAME
|
9303
|
9323
|
fi
|
9304
|
9324
|
|
|
@@ -9582,7 +9602,11 @@ function install_blog {
|
9582
|
9602
|
chown -R www-data:www-data /var/www/$FULLBLOG_DOMAIN_NAME/htdocs
|
9583
|
9603
|
|
9584
|
9604
|
if [ ! -f /etc/ssl/certs/$FULLBLOG_DOMAIN_NAME.dhparam ]; then
|
9585
|
|
- freedombone-addcert -h $FULLBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
9605
|
+ if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
|
|
9606
|
+ freedombone-addcert -h $FULLBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
9607
|
+ else
|
|
9608
|
+ freedombone-addcert -e $FULLBLOG_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
|
|
9609
|
+ fi
|
9586
|
9610
|
check_certificates $FULLBLOG_DOMAIN_NAME
|
9587
|
9611
|
fi
|
9588
|
9612
|
|
|
@@ -9948,7 +9972,11 @@ quit" > $INSTALL_DIR/batch.sql
|
9948
|
9972
|
configure_php
|
9949
|
9973
|
|
9950
|
9974
|
if [ ! -f /etc/ssl/certs/$MICROBLOG_DOMAIN_NAME.dhparam ]; then
|
9951
|
|
- freedombone-addcert -h $MICROBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
9975
|
+ if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
|
|
9976
|
+ freedombone-addcert -h $MICROBLOG_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
9977
|
+ else
|
|
9978
|
+ freedombone-addcert -e $MICROBLOG_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
|
|
9979
|
+ fi
|
9952
|
9980
|
check_certificates $MICROBLOG_DOMAIN_NAME
|
9953
|
9981
|
fi
|
9954
|
9982
|
|
|
@@ -10244,7 +10272,11 @@ quit" > $INSTALL_DIR/batch.sql
|
10244
|
10272
|
configure_php
|
10245
|
10273
|
|
10246
|
10274
|
if [ ! -f /etc/ssl/certs/$HUBZILLA_DOMAIN_NAME.dhparam ]; then
|
10247
|
|
- freedombone-addcert -h $HUBZILLA_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
10275
|
+ if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
|
|
10276
|
+ freedombone-addcert -h $HUBZILLA_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
10277
|
+ else
|
|
10278
|
+ freedombone-addcert -e $HUBZILLA_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
|
|
10279
|
+ fi
|
10248
|
10280
|
check_certificates $HUBZILLA_DOMAIN_NAME
|
10249
|
10281
|
fi
|
10250
|
10282
|
|
|
@@ -10569,7 +10601,11 @@ function install_mediagoblin {
|
10569
|
10601
|
echo '}' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
10570
|
10602
|
|
10571
|
10603
|
if [ ! -f /etc/ssl/certs/$MEDIAGOBLIN_DOMAIN_NAME.dhparam ]; then
|
10572
|
|
- freedombone-addcert -h $MEDIAGOBLIN_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
10604
|
+ if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
|
|
10605
|
+ freedombone-addcert -h $MEDIAGOBLIN_DOMAIN_NAME --dhkey $DH_KEYLENGTH
|
|
10606
|
+ else
|
|
10607
|
+ freedombone-addcert -e $MEDIAGOBLIN_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH
|
|
10608
|
+ fi
|
10573
|
10609
|
check_certificates $MEDIAGOBLIN_DOMAIN_NAME
|
10574
|
10610
|
fi
|
10575
|
10611
|
|
|
@@ -11401,7 +11437,6 @@ encrypt_all_email
|
11401
|
11437
|
import_email
|
11402
|
11438
|
script_for_attaching_usb_drive
|
11403
|
11439
|
install_web_server
|
11404
|
|
-#install_letsencrypt
|
11405
|
11440
|
configure_firewall_for_web_server
|
11406
|
11441
|
install_owncloud
|
11407
|
11442
|
install_owncloud_music_app
|