Commit | Line | Data |
---|---|---|
a956d7ec GXT |
1 | env: |
2 | LETSENCRYPT_DIR: "/shared/letsencrypt" | |
3 | ||
6ca9e768 GXT |
4 | hooks: |
5 | after_ssl: | |
83d224e7 GXT |
6 | - exec: |
7 | cmd: | |
8 | - if [ -z "$LETSENCRYPT_ACCOUNT_EMAIL" ]; then echo "LETSENCRYPT_ACCOUNT_EMAIL ENV variable is required and has not been set."; exit 1; fi | |
9 | - /bin/bash -c "if [[ ! \"$LETSENCRYPT_ACCOUNT_EMAIL\" =~ ([^@]+)@([^\.]+) ]]; then echo \"LETSENCRYPT_ACCOUNT_EMAIL is not a valid email address\"; exit 1; fi" | |
10 | ||
6ca9e768 GXT |
11 | - exec: |
12 | cmd: | |
13 | - cd /root && git clone https://github.com/Neilpang/le.git | |
14 | - touch /var/spool/cron/crontabs/root | |
15 | - install -d -m 0755 -g root -o root $LETSENCRYPT_DIR | |
16 | - cd /root/le && LE_WORKING_DIR="${LETSENCRYPT_DIR}" ./le.sh install | |
17 | ||
18 | - file: | |
19 | path: /etc/runit/1.d/letsencrypt | |
20 | chmod: "+x" | |
21 | contents: | | |
22 | #!/bin/bash | |
6ca9e768 GXT |
23 | LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh issue no $$ENV_DISCOURSE_HOSTNAME no 4096 |
24 | LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh installcert $$ENV_DISCOURSE_HOSTNAME /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer "sv reload nginx" | |
25 | # After the initial install, switch to Webroot plugin | |
26 | LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh _setopt $$ENV_LETSENCRYPT_DIR/$$ENV_DISCOURSE_HOSTNAME/$$ENV_DISCOURSE_HOSTNAME.conf "Le_Webroot" "=" "/var/www/discourse/public" | |
27 | ||
28 | - replace: | |
29 | filename: "/etc/nginx/conf.d/discourse.conf" | |
30 | from: /ssl_certificate.+/ | |
31 | to: | | |
32 | ssl_certificate /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer; | |
33 | ||
83d224e7 GXT |
34 | - replace: |
35 | filename: /shared/letsencrypt/account.conf | |
36 | from: /#ACCOUNT_EMAIL=.+/ | |
37 | to: | | |
38 | ACCOUNT_EMAIL=$$ENV_LETSENCRYPT_ACCOUNT_EMAIL | |
39 | ||
6ca9e768 GXT |
40 | - replace: |
41 | filename: "/etc/nginx/conf.d/discourse.conf" | |
42 | from: /ssl_certificate_key.+/ | |
43 | to: | | |
44 | ssl_certificate_key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key; # remember the certificate for 2 months and automatically connect to HTTPS for this domain | |
45 | ||
46 | - replace: | |
47 | filename: "/etc/nginx/conf.d/discourse.conf" | |
48 | from: /add_header.+/ | |
49 | to: | | |
50 | add_header Strict-Transport-Security 'max-age=5184000'; |