221 lines
6.1 KiB
Bash
221 lines
6.1 KiB
Bash
|
#!/bin/bash
|
||
|
SCRIPTHOME=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
|
||
|
export SSLHOME=$SCRIPTHOME/SSL
|
||
|
|
||
|
secho() {
|
||
|
for ((i=0;i<$1;i++)); do echo ""; done
|
||
|
echo $2
|
||
|
}
|
||
|
|
||
|
sudo echo -n ""
|
||
|
if [ $(whoami) = "root" ]; then
|
||
|
echo "sudo せずに実行してください"
|
||
|
exit 0
|
||
|
fi
|
||
|
|
||
|
echo "0" > $SCRIPTHOME/.setupphase.txt
|
||
|
|
||
|
echo "================================================"
|
||
|
echo " 認証局の作成"
|
||
|
echo "================================================"
|
||
|
cd $SSLHOME
|
||
|
|
||
|
./CA.pl -newca
|
||
|
|
||
|
if [ $? -ne 0 ]; then
|
||
|
echo "処理を中止します"
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
secho 3 "=== CA証明書部分を切り出す"
|
||
|
sed -n "/-----BEGIN/,/CERTIFICATE-----/p" exampleCA/cacert.pem > exampleCA/example.net.ca.crt
|
||
|
|
||
|
secho 3 "=== OSにCA証明書を登録"
|
||
|
sudo cp exampleCA/example.net.ca.crt /usr/local/share/ca-certificates/
|
||
|
sudo update-ca-certificates
|
||
|
|
||
|
echo "1" > $SCRIPTHOME/.setupphase.txt
|
||
|
|
||
|
secho 5
|
||
|
echo "================================================"
|
||
|
echo " SSL証明書の作成"
|
||
|
echo "================================================"
|
||
|
cd exampleCA/certs/
|
||
|
|
||
|
echo "=== 証明書署名要求の作成"
|
||
|
SSLCERTDIR=$(date +%Y%m%d%H%M)_wildcard.example.net
|
||
|
mkdir $SSLCERTDIR
|
||
|
cd $SSLCERTDIR
|
||
|
$SSLHOME/CA.pl -newreq
|
||
|
|
||
|
if [ $? -ne 0 ]; then
|
||
|
echo "処理を中止します"
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
secho 3 "=== CAで署名"
|
||
|
$SSLHOME/CA.pl -sign
|
||
|
|
||
|
secho 3 "=== SSL証明書部分を切り出す"
|
||
|
sed -n "/-----BEGIN/,/CERTIFICATE-----/p" newcert.pem > wildcard.example.net.crt
|
||
|
|
||
|
secho 3 "=== 秘密鍵からパスフレーズを削除"
|
||
|
openssl pkey -in newkey.pem -out wildcard.example.net.key
|
||
|
|
||
|
if [ $? -ne 0 ]; then
|
||
|
echo "処理を中止します"
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
secho 3 "=== SSL証明書と秘密鍵を配置"
|
||
|
sudo cp wildcard.example.net.crt /etc/ssl/private
|
||
|
sudo cp wildcard.example.net.key /etc/ssl/private
|
||
|
|
||
|
echo "2" > $SCRIPTHOME/.setupphase.txt
|
||
|
|
||
|
secho 5
|
||
|
echo "================================================"
|
||
|
echo " Apacheの設定"
|
||
|
echo "================================================"
|
||
|
cd $SCRIPTHOME
|
||
|
|
||
|
echo "=== Apacheのインストール"
|
||
|
sudo apt -y install apache2
|
||
|
|
||
|
if [ $? -ne 0 ]; then
|
||
|
echo "処理を中止します"
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
secho 3 "=== サイト設定"
|
||
|
sudo a2dissite 000-default
|
||
|
sudo cp apache/*.conf /etc/apache2/sites-available/
|
||
|
sudo a2ensite example.net gitea kopano
|
||
|
|
||
|
secho 3 "=== モジュールの有効化"
|
||
|
sudo a2enmod ssl rewrite proxy_http headers
|
||
|
|
||
|
secho 3 "=== 警告を止める設定"
|
||
|
echo "ServerName localhost" | sudo tee /etc/apache2/conf-available/fqdn.conf > /dev/null
|
||
|
sudo a2enconf fqdn
|
||
|
|
||
|
secho 3 "=== Apacheの再起動"
|
||
|
sudo systemctl restart apache2
|
||
|
|
||
|
echo "3" > $SCRIPTHOME/.setupphase.txt
|
||
|
|
||
|
secho 5
|
||
|
echo "================================================"
|
||
|
echo " git接続設定の構成"
|
||
|
echo "================================================"
|
||
|
sudo apt -y install ssh
|
||
|
|
||
|
if [ $? -ne 0 ]; then
|
||
|
echo "処理を中止します"
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
ssh-keygen -t ed25519 -C "$(whoami) git key" -f ~/.ssh/git-key
|
||
|
cat <<EOF >> ~/.ssh/config
|
||
|
host git.example.net
|
||
|
HostName git.example.net
|
||
|
User $(whoami)
|
||
|
IdentityFile ~/.ssh/git-key
|
||
|
EOF
|
||
|
|
||
|
echo "4" > $SCRIPTHOME/.setupphase.txt
|
||
|
|
||
|
secho 5
|
||
|
echo "================================================"
|
||
|
echo " ユーザーgitの作成"
|
||
|
echo "================================================"
|
||
|
sudo useradd -m git
|
||
|
|
||
|
if [ $? -ne 0 ]; then
|
||
|
echo "処理を中止します"
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
echo "=== gitの証明書の作成"
|
||
|
sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key" -f /home/git/.ssh/id_rsa
|
||
|
sudo -u git cp /home/git/.ssh/id_rsa.pub /home/git/.ssh/authorized_keys
|
||
|
sudo -u git chmod 600 /home/git/.ssh/authorized_keys
|
||
|
|
||
|
echo "=== SSHパススルー用のコマンドを生成"
|
||
|
cat <<"EOF" | sudo tee /usr/local/bin/gitea > /dev/null
|
||
|
#!/bin/sh
|
||
|
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
|
||
|
EOF
|
||
|
sudo chmod +x /usr/local/bin/gitea
|
||
|
|
||
|
echo "5" > $SCRIPTHOME/.setupphase.txt
|
||
|
|
||
|
secho 5
|
||
|
echo "================================================"
|
||
|
echo " コンテナの起動"
|
||
|
echo "================================================"
|
||
|
cd $SCRIPTHOME/docker
|
||
|
|
||
|
SSLCERTDIR=$SCRIPTHOME/SSL/exampleCA/certs/$(ls -r ../SSL/exampleCA/certs | head -n1)
|
||
|
|
||
|
echo "=== 証明書の配置"
|
||
|
if [ ! -d config/kopano/packages/cert ]; then
|
||
|
mkdir config/kopano/packages/cert
|
||
|
fi
|
||
|
cp $SSLCERTDIR/wildcard.example.net.crt config/kopano/packages/cert/server.crt
|
||
|
cp $SSLCERTDIR/wildcard.example.net.key config/kopano/packages/cert/server.key
|
||
|
if [ ! -d config/gitea/cert ]; then
|
||
|
mkdir config/gitea/cert
|
||
|
fi
|
||
|
cp ../SSL/exampleCA/example.net.ca.crt config/gitea/cert/ca.crt
|
||
|
|
||
|
secho 3 "=== Kopanoパッケージの配置"
|
||
|
echo "Kopano Community Edition の core と webapp をダウンロードして"
|
||
|
echo "$SCRIPTHOME/docker/config/kopano/packagesにコピーしてください。"
|
||
|
echo " core-XX.X.X.XX.XXXXXXX-Ubuntu_20.04-amd64.tar.gz"
|
||
|
echo " webapp-X.X.X.XX.XXXXXXX-Ubuntu_20.04-all.tar.gz"
|
||
|
echo " ※Xはバージョンを表す英数字になっています。"
|
||
|
echo "https://download.kopano.io/community/"
|
||
|
read -p "コピーが終わったらEnterキーを押してください。"
|
||
|
|
||
|
secho 3 "=== コンテナの起動"
|
||
|
sudo docker compose up -d --build
|
||
|
|
||
|
if [ $? -ne 0 ]; then
|
||
|
echo "処理を中止します"
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
echo "6" > $SCRIPTHOME/.setupphase.txt
|
||
|
|
||
|
secho 5
|
||
|
echo "================================================"
|
||
|
echo " rvmのインストール"
|
||
|
echo "================================================"
|
||
|
cd $SCRIPTHOME
|
||
|
|
||
|
sudo apt install gnupg2
|
||
|
gpg --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
|
||
|
\curl -sSL https://get.rvm.io | bash -s stable
|
||
|
|
||
|
sed -i '$ a \\n[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm" # Load RVM into a shell session *as a function*' ~/.bashrc
|
||
|
|
||
|
if [ $(stat -c %s ~/.bash_profile) -eq 200 ]; then rm ~/.bash_profile; fi
|
||
|
if [ $(stat -c %s ~/.mkshrc) -eq 118 ]; then rm ~/.mkshrc; fi
|
||
|
if [ $(stat -c %s ~/.zlogin) -eq 118 ]; then rm ~/.zlogin; fi
|
||
|
if [ $(stat -c %s ~/.zshrc) -eq 118 ]; then rm ~/.zshrc; fi
|
||
|
|
||
|
echo "7" > $SCRIPTHOME/.setupphase.txt
|
||
|
|
||
|
secho 5
|
||
|
echo "================================================"
|
||
|
echo " hostsの設定"
|
||
|
echo "================================================"
|
||
|
|
||
|
./10-hosts.sh
|
||
|
|
||
|
echo "8" > $SCRIPTHOME/.setupphase.txt
|
||
|
|
||
|
secho 3 "=== セットアップ完了"
|
||
|
exit
|