-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsetup-caddy.sh
executable file
·212 lines (171 loc) · 5.77 KB
/
setup-caddy.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
#!/bin/bash
#
# 設定 Caddyfile
#
# 樣板檔
TPL_FILE="caddy/Caddyfile.tpl"
# 暫存檔
TEMP_FILE="caddy/Caddyfile.tmp"
# Caddyfile
CADDYFILE="caddy/Caddyfile"
# 例:www.demo.com
FQDN="0.0.0.0:80"
# 例:user@demo.com
EMAIL=""
# 正式環境
TLS_PROD=""
# 練習模式
TLS_TEST=""
# ip to https://FQDN
FORCE_HTTPS=""
exit_when_fqdn_not_exist() {
if [[ $FQDN == "0.0.0.0:80" ]]; then
printf "\n錯誤:沒有設定正確網址\n\n"
exit
fi
}
exit_when_email_not_exist() {
if [[ $EMAIL == "" ]]; then
printf "\n錯誤:沒有設定 Email\n\n"
exit
fi
}
enable_tls() {
TLS_PROD="tls $EMAIL"
}
disable_tls() {
TLS_PROD=""
}
enable_tls_test() {
TLS_TEST="tls $EMAIL {\n\
ca https:\/\/acme-staging-v02.api.letsencrypt.org\/directory\n\
}"
}
disable_tls_test() {
TLS_TEST=""
}
enable_force_https() {
FORCE_HTTPS=":80 {\n redir https:\/\/$FQDN{uri}\n}"
}
disable_force_https() {
FORCE_HTTPS=""
}
#### 開始 ####
# 顯示說明
clear
echo "//////////////////////////////////////////////////"
echo "此步驟設定網頁伺服器 Caddy"
echo "若要一併啟用 SSL,務必先設定好 DNS 之正解"
echo ""
echo "設定檔位於:"
echo " ${PWD}/caddy/Caddyfile"
echo "//////////////////////////////////////////////////"
echo ""
read -p "是否繼續?(預設: Y)[Y/n] " value
if [[ "${value}" != "n" ]] && [[ "${value}" != "N" ]]; then
echo "***** 設定 caddy server *****"
printf "按下 Ctrl + c 可中斷\n\n"
RESET_DEFAULT=false
read -p "重設 Caddyfile 回初始預設值:(預設: N)[y/N] " value
if [[ "$value" == "y" ]] || [[ "$value" == "Y" ]]; then
RESET_DEFAULT=true
fi
if [[ $RESET_DEFAULT == true ]]; then
cp ${CADDYFILE}.orig $CADDYFILE
echo "Caddyfile 已重設為預設值"
exit
fi
#### 以下開始設定 ####
echo ""
echo "//////////////////////////////////////////////////"
echo "若未設定好 DNS 之正解,請先採預設值"
echo "待日後設定好 DNS 之正解,再執行此步驟重新設定"
echo ""
echo "若已設定 DNS 正解,則依設定於此處輸入,例如:"
echo " demo.yljh.ntpc.edu.tw"
echo "//////////////////////////////////////////////////"
echo ""
read -p "網址:(預設: 0.0.0.0:80) " value
if [[ "$value" != "" ]]; then
FQDN=$value
fi
if [[ "$FQDN" != "0.0.0.0:80" ]]; then
echo ""
echo "//////////////////////////////////////////////////"
echo "啟用 SSL 必須提供管理員的 Email"
echo "不論是正式啟用或測試模式"
echo "//////////////////////////////////////////////////"
echo ""
read -p "網站管理員之 Email: " value
if [[ "$value" != "" ]]; then
EMAIL=$value
fi
echo ""
echo "//////////////////////////////////////////////////"
echo "網站正式上線才須正式啟用"
echo ""
echo "因為 Let's Encrypt 核發 SSL 證書有流量限制"
echo "練習時此選項請採用預設值(不正式啟用)以免超過限制"
echo "//////////////////////////////////////////////////"
echo ""
ssl_mode=false
read -p "是否正式啟用 SSL:(預設: N)[y/N] " enable
if [[ "$enable" == "y" ]] || [[ "$enable" == "Y" ]]; then
exit_when_fqdn_not_exist
exit_when_email_not_exist
enable_tls
disable_tls_test
ssl_mode=true
fi
ssl_test=false
if [[ $ssl_mode == false ]]; then
echo ""
echo "//////////////////////////////////////////////////"
echo "啟用 SSL 測試模式"
echo "測試模式下可以 https 連線,但會顯示不安全"
echo "//////////////////////////////////////////////////"
echo ""
read -p "是否啟用 SSL 測試模式:(預設: N)[y/N] " enable_test
if [[ "$enable_test" == "y" ]] || [[ "$enable_test" == "Y" ]]; then
exit_when_fqdn_not_exist
exit_when_email_not_exist
disable_tls
enable_tls_test
ssl_test=true
fi
fi
ip_to_https=false
if [[ $ssl_mode == true ]] || [[ $ssl_test == true ]]; then
echo ""
echo "//////////////////////////////////////////////////"
echo "若啟用 SSL,則無法以 ip 連線"
echo "此項設定是將 http://ip 之連線強制轉向至 https://$FQDN"
echo "//////////////////////////////////////////////////"
echo ""
read -p "強迫 http://ip 轉向 https://$FQDN:(預設: N)[y/N] " enable_ip_to_https
if [[ "$enable_ip_to_https" == "y" ]] || [[ "$enable_ip_to_https" == "Y" ]]; then
# exit_when_fqdn_not_exist
enable_force_https
ip_to_https=true
fi
fi
fi
DATE=`date '+%Y%m%d%H%M%S'`
echo "備份 $CADDYFILE => ${CADDYFILE}.bak-${DATE}"
cp $CADDYFILE ${CADDYFILE}.bak-${DATE}
echo "產生 $CADDYFILE..."
cp $TPL_FILE $TEMP_FILE
sed -i "s/_FQDN_/$FQDN/g" $TEMP_FILE
sed -i "s/_TLS_PROD_/$TLS_PROD/g" $TEMP_FILE
sed -i "s/_TLS_TEST_/$TLS_TEST/g" $TEMP_FILE
sed -i "s/_FORCE_HTTPS_/$FORCE_HTTPS/g" $TEMP_FILE
mv $TEMP_FILE $CADDYFILE
printf "caddy server 設定完成!!\n\n"
echo "///////////////////////////////////////////////"
echo "若 Caddy 容器啟動之後重新設定過"
echo "則執行以下指令可重新啟動 Caddy 容器:"
echo " cd ${PWD}"
echo " docker-compose restart caddy"
echo "///////////////////////////////////////////////"
printf "\n"
fi