forked from FedericoGregori/odoo-nginx-le
-
Notifications
You must be signed in to change notification settings - Fork 0
/
odoo-nginx-le.sh
69 lines (54 loc) · 3.23 KB
/
odoo-nginx-le.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#! /bin/bash
###################################################################################################
#
# Author: Lucas L. Soto
# Company: Calyx Servicios S.A.
# License: AGPL-3
# Description: Script aims to transform a non-proxied Odoo into a SSL protected one (NGINX + LE).
#
###################################################################################################
# Run some stuff to fix broken packages, still wondering why...
sudo dpkg --configure -a && sudo apt-get -f install
# Now add the repositories Certbot.
echo "Adding Certbot repositories..."
sudo add-apt-repository ppa:certbot/certbot -y
# Let’s begin by updating the package lists and installing software-properties-common and NGINX.
# Commands separated by && will run in succession.
echo "Updating and installing software-properties-common and NGINX..."
sudo apt-get update && sudo apt-get install software-properties-common nginx certbot python-certbot-nginx -y
# Go to NGINX sites-* path and delete all. After that, create a dummy server for ACME challenge.
echo "Removing default NGINX servers and creating server for ACME challenge..."
cd /etc/nginx/sites-enabled/ && sudo rm default
cd /etc/nginx/sites-available/ && sudo rm default
sudo wget -O odoo https://raw.githubusercontent.com/sotolucas/odoo-nginx-le/master/etc/nginx/sites-available/no-ssl && sudo ln -s /etc/nginx/sites-available/odoo /etc/nginx/sites-enabled/odoo
# Ask user to input domains.
read -p "Ingrese el dominio principal: " PRI_DOM
read -p "Ingrese los dominios secundarios separados por coma SIN espacios: " SEC_DOM
# Build strings with all domains to use on Certbot request and NGINX server_name block.
ALL_DOM="$PRI_DOM,$SEC_DOM"
# Replace example domain with domains provided by user.
echo "Replacing example domain with domains provided by user..."
sudo sed -i "s/foo-bar.calyx-cloud.com.ar/$ALL_DOM/g" odoo
# As NGINX doesn't accepts comma separated values, we remove them.
sudo sed -i "s/,/ /g" odoo
# Restart NGINX server.
echo "Restarting NGINX..."
sudo service nginx restart
# Issue SSL Let's Encrypt! certificate.
echo "Issuing SSL Let's Encrypt! certificate..."
sudo certbot --nginx --non-interactive --domains $ALL_DOM --agree-tos -m [email protected]
# Go to NGINX sites-* path and delete all. After that, create definitive server.
echo "Removing ACME challenge NGINX servers and creating server for Odoo..."
cd /etc/nginx/sites-enabled/ && sudo rm odoo
cd /etc/nginx/sites-available/ && sudo rm odoo
sudo wget -O odoo https://raw.githubusercontent.com/sotolucas/odoo-nginx-le/master/etc/nginx/sites-available/wh-ssl && sudo ln -s /etc/nginx/sites-available/odoo /etc/nginx/sites-enabled/odoo
# Make this in to parts as replacing all foo-bar with ALL_DOM would add it to LE certs path, so...
# First replace example server name for all domains that we need to listen to.
# Then, replace example server name for main domain which is also certificate's main domain.
sudo sed -i "s/server_name foo-bar.calyx-cloud.com.ar/server_name $ALL_DOM/g" odoo
sudo sed -i "s/foo-bar.calyx-cloud.com.ar/$PRI_DOM/g" odoo
# As NGINX doesn't accepts comma separated values, we remove them.
sudo sed -i "s/,/ /g" odoo
# Restart NGINX server.
echo "Restarting NGINX..."
sudo service nginx restart