handle pre-seeding of https and letsencrypt

This commit is contained in:
Praveen Arimbrathodiyil 2017-04-20 11:32:10 +05:30
parent ba96466d12
commit d754030ccd
2 changed files with 48 additions and 22 deletions

2
debian/config vendored
View file

@ -16,6 +16,8 @@ set -e
# debconf db.
db_set gitlab/fqdn "$GITLAB_HOST"
db_set gitlab/user "$gitlab_user"
db_set gitlab/ssl "${GITLAB_HTTPS:-false}"
db_set gitlab/letsencrypt "${gitlab_letsencrypt:-false}"
fi
# What is your fqdn?

48
debian/postinst vendored
View file

@ -146,6 +146,13 @@ case "$1" in
GITLAB_EMAIL_REPLY_TO="no-reply@$GITLAB_HOST"
db_get gitlab/user
gitlab_user=$RET
# Check if ssl option is selected
db_get gitlab/ssl
GITLAB_HTTPS=$RET
gl_proto="http"
db_get gitlab/letsencrypt
gitlab_letsencrypt=$RET
cp -a -f ${gitlab_debian_conf_private} ${gitlab_debian_conf_private}.tmp
# If the admin deleted or commented some variables but then set
@ -160,18 +167,20 @@ case "$1" in
echo "GITLAB_EMAIL_REPLY_TO=" >> ${gitlab_debian_conf_private}
test -z "$gitlab_user" || grep -Eq '^ *gitlab_user=' ${gitlab_debian_conf_private} || \
echo "gitlab_user=" >> ${gitlab_debian_conf_private}
test -z "$GITLAB_HTTPS" || grep -Eq '^ *GITLAB_HTTPS=' ${gitlab_debian_conf_private} || \
echo "GITLAB_HTTPS=" >> ${gitlab_debian_conf_private}
test -z "$gitlab_letsencrypt" || grep -Eq '^ *gitlab_letsencrypt=' ${gitlab_debian_conf_private} || \
echo "gitlab_letsencrypt=" >> ${gitlab_debian_conf_private}
sed -e "s/^ *GITLAB_HOST=.*/GITLAB_HOST=\"$GITLAB_HOST\"/" \
-e "s/^ *GITLAB_EMAIL_FROM=.*/GITLAB_EMAIL_FROM=\"$GITLAB_EMAIL_FROM\"/" \
-e "s/^ *GITLAB_EMAIL_DISPLAY_NAME=.*/GITLAB_EMAIL_DISPLAY_NAME=\"$GITLAB_EMAIL_DISPLAY_NAME\"/" \
-e "s/^ *GITLAB_EMAIL_REPLY_TO=.*/GITLAB_EMAIL_REPLY_TO=\"$GITLAB_EMAIL_REPLY_TO\"/" \
-e "s/^ *gitlab_user=.*/gitlab_user=\"$gitlab_user\"/" \
-e "s/^ *GITLAB_HTTPS=.*/GITLAB_HTTPS=\"$GITLAB_HTTPS\"/" \
-e "s/^ *gitlab_letsencrypt=.*/gitlab_letsencrypt=\"$gitlab_letsencrypt\"/" \
< ${gitlab_debian_conf_private} > ${gitlab_debian_conf_private}.tmp
mv -f ${gitlab_debian_conf_private}.tmp ${gitlab_debian_conf_private}
# Check if ssl option is selected
db_get gitlab/ssl
gl_proto="http"
# Copy example configurations
test -f ${gitlab_yml_private} || \
cp ${gitlab_yml_example} ${gitlab_yml_private}
@ -183,10 +192,8 @@ case "$1" in
# Update gitlab user (its a hack, proper fix is to have gitlab accept GITLAB_USER variable)
sed -i "s/^ *user:.* #gitlab_user/ user: $gitlab_user #gitlab_user/" ${gitlab_yml_private}
if [ "${RET}" = "true" ]; then
if [ "$GITLAB_HTTPS" = "true" ]; then
echo "Configuring nginx with HTTPS..."
if ! grep GITLAB_HTTPS ${gitlab_debian_conf_private}; then
echo GITLAB_HTTPS=${RET} >> ${gitlab_debian_conf_private}
# Workaround for #813770
gl_proto="https"
echo "Configuring gitlab with HTTPS..."
@ -196,14 +203,12 @@ case "$1" in
sed -i \
"s/gitlab_url: http*:\/\/.*/gitlab_url: ${gl_proto}:\/\/${GITLAB_HOST}/"\
${gitlab_shell_config_private}
fi
mkdir -p /etc/gitlab/ssl
nginx_conf_example=${nginx_ssl_conf_example}
# Check if letsencrypt option is selected
db_get gitlab/letsencrypt
if [ "${RET}" = "true" ]; then
if [ "$gitlab_letsencrypt" = "true" ]; then
echo "Configuring letsencrypt..."
ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem \
/etc/gitlab/ssl/gitlab.crt
@ -220,13 +225,33 @@ case "$1" in
invoke-rc.d nginx stop
fi
letsencrypt -d ${GITLAB_HOST} certonly || {
letsencrypt --standalone -d ${GITLAB_HOST} certonly || {
echo "letsencrypt auto configuration failed..."
echo "Stop your webserver and try running letsencrypt manually..."
echo "letsencrypt -d ${GITLAB_HOST} certonly"
}
fi
fi
else
# Revert https setting
sed -i "s/port: 443/#port: 80/" ${gitlab_yml_private}
sed -i "s/https: true/https: false/" ${gitlab_yml_private}
fi
# Cleanup in case letsencrypt were disabled later
if [ "$gitlab_letsencrypt" = "false" ]; then
if [ -L /etc/gitlab/ssl/gitlab.crt ]; then
if [ "$(file /etc/gitlab/ssl/gitlab.crt|awk '{ print $NF }')" = "/etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem" ]; then
echo "Removing symbolic links to letsencrypt certificate..."
rm -f /etc/gitlab/ssl/gitlab.crt
fi
fi
if [ -L /etc/gitlab/ssl/gitlab.key ]; then
if [ "$(file /etc/gitlab/ssl/gitlab.key|awk '{ print $NF }')" = "/etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem" ]; then
echo "Removing symbolic links to letsencrypt certificate private key..."
rm -f /etc/gitlab/ssl/gitlab.key
fi
fi
fi
# Manage tmpfiles.d/gitlab.conf via ucf
@ -269,7 +294,6 @@ case "$1" in
ucf --debconf-ok --three-way ${nginx_site_private} ${nginx_site}
ucfr gitlab ${nginx_site}
ln -fs ${nginx_site} /etc/nginx/sites-enabled/
rm -f ${nginx_conf_example_tmp}
else
echo "nginx example configuration file not found"
exit 1