[discourse_docker.git] / templates / web.letsencrypt.ssl.template.yml

env:
  LETSENCRYPT_DIR: "/shared/letsencrypt"

hooks:
  after_ssl:
    - exec:
       cmd:
         - if [ -z "$LETSENCRYPT_ACCOUNT_EMAIL" ]; then echo "LETSENCRYPT_ACCOUNT_EMAIL ENV variable is required and has not been set."; exit 1; fi
         - /bin/bash -c "if [[ ! \"$LETSENCRYPT_ACCOUNT_EMAIL\" =~ ([^@]+)@([^\.]+) ]]; then echo \"LETSENCRYPT_ACCOUNT_EMAIL is not a valid email address\"; exit 1; fi"

    - exec:
       cmd:
         - cd /root && git clone https://github.com/Neilpang/le.git
         - touch /var/spool/cron/crontabs/root
         - install -d -m 0755 -g root -o root $LETSENCRYPT_DIR
         - cd /root/le && LE_WORKING_DIR="${LETSENCRYPT_DIR}" ./le.sh install

    - file:
       path: /etc/runit/1.d/letsencrypt
       chmod: "+x"
       contents: |
          #!/bin/bash
          LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh issue no $$ENV_DISCOURSE_HOSTNAME no 4096
          LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh installcert $$ENV_DISCOURSE_HOSTNAME /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer "sv reload nginx"
          # After the initial install, switch to Webroot plugin
          LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh _setopt $$ENV_LETSENCRYPT_DIR/$$ENV_DISCOURSE_HOSTNAME/$$ENV_DISCOURSE_HOSTNAME.conf "Le_Webroot" "=" "/var/www/discourse/public"

    - replace:
       filename: "/etc/nginx/conf.d/discourse.conf"
       from: /ssl_certificate.+/
       to: |
         ssl_certificate /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer;

    - replace:
       filename: /shared/letsencrypt/account.conf
       from: /#ACCOUNT_EMAIL=.+/
       to: |
         ACCOUNT_EMAIL=$$ENV_LETSENCRYPT_ACCOUNT_EMAIL

    - replace:
       filename: "/etc/nginx/conf.d/discourse.conf"
       from: /ssl_certificate_key.+/
       to: |
         ssl_certificate_key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key; # remember the certificate for 2 months and automatically connect to HTTPS for this domain

    - replace:
       filename: "/etc/nginx/conf.d/discourse.conf"
       from: /add_header.+/
       to: |
         add_header Strict-Transport-Security 'max-age=5184000';
Commit	Line	Data
a956d7ec GXT	1	env:
	2	LETSENCRYPT_DIR: "/shared/letsencrypt"
	3
6ca9e768 GXT	4	hooks:
6ca9e768 GXT	5	after_ssl:
83d224e7 GXT	6	- exec:
	7	cmd:
	8	- if [ -z "$LETSENCRYPT_ACCOUNT_EMAIL" ]; then echo "LETSENCRYPT_ACCOUNT_EMAIL ENV variable is required and has not been set."; exit 1; fi
	9	- /bin/bash -c "if [[ ! \"$LETSENCRYPT_ACCOUNT_EMAIL\" =~ ([^@]+)@([^\.]+) ]]; then echo \"LETSENCRYPT_ACCOUNT_EMAIL is not a valid email address\"; exit 1; fi"
	10
6ca9e768 GXT	11	- exec:
	12	cmd:
	13	- cd /root && git clone https://github.com/Neilpang/le.git
	14	- touch /var/spool/cron/crontabs/root
	15	- install -d -m 0755 -g root -o root $LETSENCRYPT_DIR
	16	- cd /root/le && LE_WORKING_DIR="${LETSENCRYPT_DIR}" ./le.sh install
	17
	18	- file:
	19	path: /etc/runit/1.d/letsencrypt
	20	chmod: "+x"
	21	contents: \|
	22	#!/bin/bash
6ca9e768 GXT	23	LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh issue no $$ENV_DISCOURSE_HOSTNAME no 4096
	24	LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh installcert $$ENV_DISCOURSE_HOSTNAME /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer "sv reload nginx"
	25	# After the initial install, switch to Webroot plugin
	26	LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh _setopt $$ENV_LETSENCRYPT_DIR/$$ENV_DISCOURSE_HOSTNAME/$$ENV_DISCOURSE_HOSTNAME.conf "Le_Webroot" "=" "/var/www/discourse/public"
	27
	28	- replace:
	29	filename: "/etc/nginx/conf.d/discourse.conf"
	30	from: /ssl_certificate.+/
	31	to: \|
	32	ssl_certificate /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer;
	33
83d224e7 GXT	34	- replace:
	35	filename: /shared/letsencrypt/account.conf
	36	from: /#ACCOUNT_EMAIL=.+/
	37	to: \|
	38	ACCOUNT_EMAIL=$$ENV_LETSENCRYPT_ACCOUNT_EMAIL
	39
6ca9e768 GXT	40	- replace:
	41	filename: "/etc/nginx/conf.d/discourse.conf"
	42	from: /ssl_certificate_key.+/
	43	to: \|
	44	ssl_certificate_key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key; # remember the certificate for 2 months and automatically connect to HTTPS for this domain
	45
	46	- replace:
	47	filename: "/etc/nginx/conf.d/discourse.conf"
	48	from: /add_header.+/
	49	to: \|
	50	add_header Strict-Transport-Security 'max-age=5184000';