96 lines
4.9 KiB
Bash
96 lines
4.9 KiB
Bash
#!/bin/bash
|
|
certbot_path=$(which certbot)
|
|
snap_path=$(which snap)
|
|
if [ -z "$(which postfix)" ]; then
|
|
echo "postfix postfix/mailname string $USER" | sudo debconf-set-selections
|
|
echo "postfix postfix/main_mailer_type string 'Local only'" | sudo debconf-set-selections
|
|
sudo -p 'sudo password:' apt-get install -y postfix
|
|
sudo -p 'sudo password:' service postfix start
|
|
fi
|
|
if [ -z $certbot_path ]; then
|
|
echo "checking kernel version"
|
|
kernel_version=$(sudo -p 'sudo password:' uname -r)
|
|
echo "kernel_version: ${kernel_version}"
|
|
if [[ $kernel_version < 4.4 ]]; then
|
|
echo "Downloading certbot by using python3(since kernel < 4.4)..."
|
|
sudo -p 'sudo password:' add-apt-repository ppa:deadsnakes/ppa -y
|
|
echo "execing apt update..."
|
|
sudo -p 'sudo password:' apt-get -y -o DPkg::options::='--force-confdef' -o DPkg::options::='--force-confold' update
|
|
# if [ ! -z "$(sudo -p 'sudo password:' apt list --upgradable|grep 'linux-generic' )" ]; then
|
|
# echo "execing apt upgrade..."
|
|
# sudo -p 'sudo password:' apt-get -y -o DPkg::options::='--force-confdef' -o DPkg::options::='--force-confold' upgrade
|
|
# echo "Computer will reboot 60 seconds later!"
|
|
# sleep 60 && sudo reboot
|
|
# exit 0
|
|
# fi
|
|
echo "Installing python3.8 python3.8-venv libaugeas0 ..."
|
|
sudo -p 'sudo password:' apt-get install python3.8 python3.8-venv libaugeas0 -y
|
|
python_path="$(which python3.8)"
|
|
if [ -z "$python_path" ]; then
|
|
echo "python3.8 not found!"
|
|
echo "Installing python3.8 from source!"
|
|
wget https://www.python.org/ftp/python/3.8.13/Python-3.8.13.tgz
|
|
echo "Installing building tools!"
|
|
sudo -p 'sudo password:' apt-get install -y make build-essential libssl-dev zlibc zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev
|
|
echo "Installing openssl 1.1.1m..."
|
|
wget https://www.openssl.org/source/openssl-1.1.1m.tar.gz --no-check-certificate
|
|
tar xzvf openssl-1.1.1m.tar.gz
|
|
cd openssl-1.1.1m
|
|
./config no-ssl2 no-ssl3 zlib-dynamic -fPIC shared --prefix=/usr/local/openssl
|
|
make depend -j8 && sudo -p 'sudo password:' make install
|
|
cd ..
|
|
sudo -p 'sudo password:' bash -l -c "echo '/usr/local/openssl/lib' >> /etc/ld.so.conf.d/openssl.conf"
|
|
sudo -p 'sudo password:' ldconfig -v
|
|
tar xvf Python-3.8.13.tgz
|
|
cd Python-3.8.13/ && ./configure --with-openssl=/usr/local/openssl --enable-optimizations --with-ensurepip=install
|
|
sudo -p 'sudo password:' make altinstall
|
|
cd ..
|
|
python_path="$(which python3.8)"
|
|
fi
|
|
sudo -p 'sudo password:' rm -rf /opt/certbot/
|
|
echo "generating venv for certbot ..."
|
|
sudo -p 'sudo password:' python3.8 -m venv /opt/certbot/
|
|
sudo -p 'sudo password:' /opt/certbot/bin/pip install --trusted-host pypi.python.org --trusted-host pypi.org --upgrade pip
|
|
echo "Installing certbot on python3.8 ..."
|
|
sudo -p 'sudo password:' /opt/certbot/bin/pip install --trusted-host pypi.python.org --trusted-host pypi.org certbot certbot-nginx
|
|
sudo -p 'sudo password:' rm -f /usr/bin/certbot
|
|
sudo -p 'sudo password:' ln -s /opt/certbot/bin/certbot /usr/bin/certbot
|
|
sudo -p 'sudo password:' certbot register --email bohung@rulingcom.com --agree-tos -n
|
|
sudo -p 'sudo password:' certbot --nginx -n 2>/dev/null || true
|
|
echo "Finish install certbot!"
|
|
certbot_path="/usr/bin/certbot"
|
|
else
|
|
if [ -z $snap_path ]; then
|
|
echo "execing apt update..."
|
|
sudo -p 'sudo password:' apt-get -y -o DPkg::options::='--force-confdef' -o DPkg::options::='--force-confold' update
|
|
echo "Installing snap..."
|
|
sudo -p 'sudo password:' apt install snapd -y
|
|
snap_path=$(which snap)
|
|
fi
|
|
if [ ! -z $snap_path ]; then
|
|
echo "Installing snap core..."
|
|
sudo -p 'sudo password:' bash -l -c 'snap install core && snap refresh core'
|
|
echo "Installing certbot with snap..."
|
|
sudo -p 'sudo password:' snap install --classic certbot
|
|
sudo -p 'sudo password:' ln -s /snap/bin/certbot /usr/bin/certbot
|
|
sudo -p 'sudo password:' certbot register --email bohung@rulingcom.com --agree-tos -n
|
|
sudo -p 'sudo password:' certbot --nginx -n 2>/dev/null || true
|
|
echo "Finish install certbot!"
|
|
certbot_path="/usr/bin/certbot"
|
|
else
|
|
echo "There was some error when installing snap!"
|
|
fi
|
|
fi
|
|
fi
|
|
if [ ! -z $certbot_path ]; then
|
|
echo "Setting certbot renew to cronjob..."
|
|
crontab_lines=$(sudo -p 'sudo password:' crontab -l)
|
|
certbot_renew_command=$(sudo -p 'sudo password:' crontab -l|grep "certbot"|grep "renew")
|
|
if [ -z "$certbot_renew_command" ]; then
|
|
echo "Add certbot renew cronjob!"
|
|
certbot_renew_command="30 2 * * * $certbot_path renew --no-self-upgrade --renew-hook 'sudo service nginx restart' > /var/log/le-renew.log"
|
|
echo "$certbot_renew_command"
|
|
CRON="$certbot_renew_command" && (sudo -p 'sudo password:' crontab -l; echo "$CRON" ) | sudo -p 'sudo password:' crontab -
|
|
fi
|
|
echo "Finish setting renew cronjob!"
|
|
fi |