From fe9de28786d89c5616cf99577b62969708bd196e Mon Sep 17 00:00:00 2001 From: Praveen Arimbrathodiyil Date: Wed, 26 Apr 2017 20:23:50 +0530 Subject: [PATCH] ask email for letsencrypt --- debian/config | 10 ++++++++++ debian/gitlab.templates | 8 +++++++- debian/postinst | 13 ++++++++++--- 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/debian/config b/debian/config index f88ea2f6df..798ed0452b 100755 --- a/debian/config +++ b/debian/config @@ -18,6 +18,9 @@ set -e db_set gitlab/user "$gitlab_user" db_set gitlab/ssl "${GITLAB_HTTPS:-false}" db_set gitlab/letsencrypt "${gitlab_letsencrypt:-false}" + if [ -n "$gitlab_letsencrypt_email" ]; then + db_set gitlab/letsencrypt_email "${gitlab_letsencrypt_email}" + fi fi # What is your fqdn? @@ -36,6 +39,13 @@ if command -v letsencrypt >/dev/null; then then db_input high gitlab/letsencrypt || true db_go + db_get gitlab/letsencrypt + gitlab_letsencrypt_email=$RET + if [ "$gitlab_letsencrypt" = "true" ]; then + # Get email for letsencrypt updates + gitlab_letsencrypt_email=$RET + db_input high gitlab/letsencrypt_email || true + fi fi fi diff --git a/debian/gitlab.templates b/debian/gitlab.templates index 2615dce257..87589d38d2 100644 --- a/debian/gitlab.templates +++ b/debian/gitlab.templates @@ -56,7 +56,13 @@ _Description: Use Let's Encrypt? . Note: letsencrypt does not have a usable nginx plugin currently, so certificates must be renewed manually after 3 months, when current - letsencrypt certificate expire. + letsencrypt certificate expire. If you choose yes here, you will also be + agreeing to letsencrypt terms of service. + +Template: gitlab/letsencrypt_email +Type: string +_Description: Email address for letsencrypt updates: + Please provide a valid email address for letsencrypt updates. Template: gitlab/purge_data Type: boolean diff --git a/debian/postinst b/debian/postinst index 43a49aba43..19d453f7be 100755 --- a/debian/postinst +++ b/debian/postinst @@ -150,6 +150,8 @@ case "$1" in gl_proto="http" db_get gitlab/letsencrypt gitlab_letsencrypt=$RET + db_get gitlab/letsencrypt_email + gitlab_letsencrypt_email=$RET cp -a -f ${gitlab_debian_conf_private} ${gitlab_debian_conf_private}.tmp @@ -169,6 +171,8 @@ case "$1" in echo "GITLAB_HTTPS=" >> ${gitlab_debian_conf_private} test -z "$gitlab_letsencrypt" || grep -Eq '^ *gitlab_letsencrypt=' ${gitlab_debian_conf_private} || \ echo "gitlab_letsencrypt=" >> ${gitlab_debian_conf_private} + test -z "$gitlab_letsencrypt_email" || grep -Eq '^ *gitlab_letsencrypt_email=' ${gitlab_debian_conf_private} || \ + echo "gitlab_letsencrypt_email=" >> ${gitlab_debian_conf_private} sed -e "s/^ *GITLAB_HOST=.*/GITLAB_HOST=\"$GITLAB_HOST\"/" \ -e "s/^ *GITLAB_EMAIL_FROM=.*/GITLAB_EMAIL_FROM=\"$GITLAB_EMAIL_FROM\"/" \ -e "s/^ *GITLAB_EMAIL_DISPLAY_NAME=.*/GITLAB_EMAIL_DISPLAY_NAME=\"$GITLAB_EMAIL_DISPLAY_NAME\"/" \ @@ -176,6 +180,7 @@ case "$1" in -e "s/^ *gitlab_user=.*/gitlab_user=\"$gitlab_user\"/" \ -e "s/^ *GITLAB_HTTPS=.*/GITLAB_HTTPS=\"$GITLAB_HTTPS\"/" \ -e "s/^ *gitlab_letsencrypt=.*/gitlab_letsencrypt=\"$gitlab_letsencrypt\"/" \ + -e "s/^ *gitlab_letsencrypt_email=.*/gitlab_letsencrypt_email=\"$gitlab_letsencrypt_email\"/" \ < ${gitlab_debian_conf_private} > ${gitlab_debian_conf_private}.tmp mv -f ${gitlab_debian_conf_private}.tmp ${gitlab_debian_conf_private} @@ -222,11 +227,13 @@ case "$1" in echo "Stopping nginx for letsencrypt..." invoke-rc.d nginx stop fi - - letsencrypt --standalone -d ${GITLAB_HOST} certonly || { + db_get gitlab/letsencrypt_email + gitlab_letsencrypt_email=$RET + LETSENCRYPT_CMD="letsencrypt --standalone --agree-tos -m $gitlab_letsencrypt_email -d ${GITLAB_HOST} certonly" + $LETSENCRYPT_CMD || { echo "letsencrypt auto configuration failed..." echo "Stop your webserver and try running letsencrypt manually..." - echo "letsencrypt -d ${GITLAB_HOST} certonly" + echo "$LETSENCRYPT_CMD" } fi fi