From: Jay Pfaffman <jay@pfaffman.com>
Date: Wed, 8 Mar 2017 22:54:21 +0000 (-0800)
Subject: Warn not to use let's encrypt if hostname doesn't resolve to IP
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=07f3b11ea65addca4b34c15e389c27aaf261b30b;p=discourse_docker.git

Warn not to use let's encrypt if hostname doesn't resolve to IP
---

diff --git a/discourse-setup b/discourse-setup
index 54c0a16..54bc88d 100755
--- a/discourse-setup
+++ b/discourse-setup
@@ -11,6 +11,50 @@ check_root() {
 }
 
 
+##
+## Does the current IP match the domain name?
+##
+check_IP_match () {
+  echo
+  echo Checking your domain name . . .
+  sleep 1
+  local IFACE=none
+  local IFCONFIG=`which ifconfig`
+  /sbin/route |grep default > /tmp/route$PPID
+
+  if grep default /tmp/route$PPID > /dev/null
+  then
+      local IFACE=`cut -c 73-100 /tmp/route$PPID |head -1`
+  else
+    echo WARNING: Cannot check your IP number.
+  fi
+  local IP=`$IFCONFIG $IFACE|grep  "inet addr:" |cut -d":" -f 2|cut -d" " -f1|head -1`
+  local RESOLVED_IP=`dig +short $1`
+
+  IP_LOOKS_GOOD=0
+  if [[ ! -z $RESOLVED_IP ]]
+  then
+      if [ $IP == $RESOLVED_IP ]
+      then
+	  echo $1 resolves to $IP. Looks good!
+	  echo
+	  local IP_LOOKS_GOOD=1
+      fi
+  fi
+  if [ $IP_LOOKS_GOOD == 0 ]
+  then
+      echo "-----------------------------------------"
+      echo $1 does not resolve to $IP.
+      echo IT IS ALMOST CERTAINLY A BAD IDEA TO TURN ON LET\'S ENCRYPT!!
+      echo Unless you know why this check failed, DO NOT USE Let\'s Encrypt.
+      echo
+      echo You should answer \"n\" at the next prompt and disable Let\'s Encrypt.
+      echo You have been warned.
+      echo "-----------------------------------------"
+  fi
+  sleep 1
+}
+
 ##
 ## Do we have docker?
 ##
@@ -350,6 +394,11 @@ ask_user_for_config() {
       fi
     fi
 
+    if [ "$letsencrypt_status" == "Enter 'OFF' to disable." ]
+    then
+       check_IP_match $hostname
+    fi
+
     echo -e "\nDoes this look right?\n"
     echo "Hostname      : $hostname"
     echo "Email         : $developer_emails"
@@ -363,6 +412,7 @@ ask_user_for_config() {
       echo "Let's Encrypt : $letsencrypt_account_email"
     fi
 
+
     echo ""
     read -p "ENTER to continue, 'n' to try again, Ctrl+C to exit: " config_ok
   done