From dbed4729258e1524bec7f1b4022370bdb4d89c2e Mon Sep 17 00:00:00 2001
From: Philip Henning <philip.henning@base23.de>
Date: Tue, 19 Nov 2024 14:17:44 +0100
Subject: [PATCH] fix dhparams path; copy certificates instead of linking them

---
 scripts/init.sh | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/scripts/init.sh b/scripts/init.sh
index 7eb1db3..15459ff 100755
--- a/scripts/init.sh
+++ b/scripts/init.sh
@@ -43,8 +43,8 @@ echo "" >> ./.env
 
 # Generate dhparam, if not existing
 [[ ! -d ./data/nginx/certs ]] && mkdir -p ./data/nginx/certs && chmod 700 ./data/nginx/certs || true
-[[ ! -f ./data/nginx/certs/dhparams.pem ]] && echo "" && openssl dhparam -out ./data/nginx/certs/dhparams.pem 4096 \
-	&& echo "" && echo "Checking generated dhparams" && openssl dhparam -check -in ./data/nginx/certs/dhparams.pem || true
+[[ ! -f ./data/nginx/dhparams.pem ]] && echo "" && openssl dhparam -out ./data/nginx/dhparams.pem 4096 \
+	&& echo "" && echo "Checking generated dhparams" && openssl dhparam -check -in ./data/nginx/dhparams.pem || true
 
 # Create certificate
 if [[ ! -d ./data/.lego ]]; then
@@ -55,13 +55,8 @@ if [[ ! -d ./data/.lego ]]; then
 		--accept-tos \
 		--email="acme@base23.de" \
 		--domains="sso.base23.de" \
-		--http run
-
-	# Link certificates to correct directory
-
-	ln -s ../../.lego/certificates/sso.base23.de.crt ./data/nginx/certs/sso.base23.de.crt
-	ln -s ../../.lego/certificates/sso.base23.de.issuer.crt ./data/nginx/certs/sso.base23.de.issuer.crt
-	ln -s ../../.lego/certificates/sso.base23.de.key ./data/nginx/certs/sso.base23.de.key
+		--http run \
+		&& install -m 400 -o 101 -g 101 "./data/.lego/certificates"/{sso.base23.de.crt,sso.base23.de.issuer.crt,sso.base23.de.key} "./data/nginx/certs"
 fi
 
 # Setup directory for acme cheallenges