michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5e74ce73a693d2a84e54607b10f1ebb91eedead3
michaelschiemer/scripts/ssl/ssl-init.sh
Michael Schiemer 36ef2a1e2c
Some checks failed
🚀 Build & Deploy Image / Determine Build Necessity (push) Failing after 10m14s
Details
🚀 Build & Deploy Image / Build Runtime Base Image (push) Has been skipped
Details
🚀 Build & Deploy Image / Build Docker Image (push) Has been skipped
Details
🚀 Build & Deploy Image / Run Tests & Quality Checks (push) Has been skipped
Details
🚀 Build & Deploy Image / Auto-deploy to Staging (push) Has been skipped
Details
🚀 Build & Deploy Image / Auto-deploy to Production (push) Has been skipped
Details
Security Vulnerability Scan / Check for Dependency Changes (push) Failing after 11m25s
Details
Security Vulnerability Scan / Composer Security Audit (push) Has been cancelled
Details
fix: Gitea Traefik routing and connection pool optimization 
- Remove middleware reference from Gitea Traefik labels (caused routing issues)
- Optimize Gitea connection pool settings (MAX_IDLE_CONNS=30, authentication_timeout=180s)
- Add explicit service reference in Traefik labels
- Fix intermittent 504 timeouts by improving PostgreSQL connection handling

Fixes Gitea unreachability via git.michaelschiemer.de
2025-11-09 14:46:15 +01:00

123 lines
4.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# SSL Certificate Initialization Script
# Obtains initial Let's Encrypt certificates for production deployment
#
# Usage: ./scripts/ssl-init.sh [domain] [email]
#
set -euo pipefail
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
# Default values from environment or command line
DOMAIN="${1:-${DOMAIN_NAME:-michaelschiemer.de}}"
EMAIL="${2:-${SSL_EMAIL:-mail@michaelschiemer.de}}"
STAGING="${LETSENCRYPT_STAGING:-0}"
echo -e "${BLUE}=== Let's Encrypt SSL Certificate Initialization ===${NC}"
echo -e "${BLUE}Domain:${NC} $DOMAIN"
echo -e "${BLUE}Email:${NC} $EMAIL"
echo -e "${BLUE}Mode:${NC} $([ "$STAGING" = "1" ] && echo "Staging (Testing)" || echo "Production")"
echo ""
# Check if running with docker-compose
if ! command -v docker-compose &> /dev/null; then
echo -e "${RED}Error: docker-compose not found${NC}"
exit 1
fi
# Check if .env.production exists
if [ ! -f ".env.production" ]; then
echo -e "${YELLOW}Warning: .env.production not found${NC}"
echo -e "${YELLOW}Creating from .env.production.example...${NC}"
cp .env.production.example .env.production
echo -e "${YELLOW}Please edit .env.production and run this script again${NC}"
exit 1
fi
# Create required directories
echo -e "${BLUE}Creating required directories...${NC}"
mkdir -p ./docker/nginx/certbot-www/.well-known/acme-challenge
mkdir -p ./docker/nginx/certbot-conf/live/${DOMAIN}
# Check if certificates already exist
if [ -f "./docker/nginx/certbot-conf/live/${DOMAIN}/fullchain.pem" ]; then
echo -e "${YELLOW}Certificates already exist for ${DOMAIN}${NC}"
read -p "Do you want to renew them? (y/N) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo -e "${BLUE}Skipping certificate generation${NC}"
exit 0
fi
fi
# Start only web and php services (not full stack)
echo -e "${BLUE}Starting nginx and php services...${NC}"
docker-compose -f docker-compose.yml up -d web php
# Wait for nginx to be ready
echo -e "${BLUE}Waiting for nginx to be ready...${NC}"
sleep 5
# Test if port 80 is accessible
if ! curl -sf http://localhost/.well-known/acme-challenge/test > /dev/null 2>&1; then
echo -e "${YELLOW}Port 80 test endpoint not accessible, continuing anyway...${NC}"
fi
# Obtain certificate
echo -e "${BLUE}Obtaining SSL certificate from Let's Encrypt...${NC}"
CERTBOT_CMD="certbot certonly --webroot -w /var/www/certbot \
--email ${EMAIL} \
--agree-tos \
--no-eff-email"
# Add staging flag if needed
if [ "$STAGING" = "1" ]; then
CERTBOT_CMD="$CERTBOT_CMD --staging"
fi
# Add domain
CERTBOT_CMD="$CERTBOT_CMD -d ${DOMAIN}"
# Run certbot in docker
docker run --rm \
-v "$(pwd)/docker/nginx/certbot-conf:/etc/letsencrypt" \
-v "$(pwd)/docker/nginx/certbot-www:/var/www/certbot" \
certbot/certbot:latest \
$CERTBOT_CMD
# Check if certificates were created
if [ -f "./docker/nginx/certbot-conf/live/${DOMAIN}/fullchain.pem" ]; then
echo -e "${GREEN}✓ SSL certificates obtained successfully!${NC}"
echo -e "${GREEN}✓ Location: ./docker/nginx/certbot-conf/live/${DOMAIN}/${NC}"
# Update nginx to use Let's Encrypt certificates
echo -e "${BLUE}Updating nginx configuration...${NC}"
# Reload nginx
echo -e "${BLUE}Reloading nginx...${NC}"
docker-compose -f docker-compose.yml -f docker-compose.production.yml restart web
echo -e "${GREEN}✓ Nginx reloaded with new certificates${NC}"
echo ""
echo -e "${GREEN}=== SSL Setup Complete ===${NC}"
echo -e "${GREEN}Your site should now be accessible at: https://${DOMAIN}${NC}"
echo ""
echo -e "${BLUE}Next steps:${NC}"
echo -e " 1. Test HTTPS: curl -I https://${DOMAIN}"
echo -e " 2. Start certbot renewal service: docker-compose -f docker-compose.yml -f docker-compose.production.yml up -d certbot"
echo -e " 3. Check SSL grade: https://www.ssllabs.com/ssltest/analyze.html?d=${DOMAIN}"
else
echo -e "${RED}✗ Failed to obtain SSL certificates${NC}"
echo -e "${RED}Check the logs above for errors${NC}"
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink