docker-compose/authentik
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
authentik/scripts/init.sh
Philip Henning ac1e1f7008 add location for acme; update scripts
2024-11-19 12:11:49 +01:00

65 lines
2.3 KiB
Bash
Executable file
Raw Blame History

#!/usr/bin/env bash
set -euf -o pipefail
# Function to securely query user for a password, verify it, and return it for further use
prompt_password() {
local purpose="$1"
local password password_confirm
while true; do
printf "Enter password for %s: " "$purpose"
read -rs password
printf "\nConfirm password for %s: " "$purpose"
read -rs password_confirm
printf "\n"
# Check if passwords match
if [[ "$password" == "$password_confirm" ]]; then
RETURNED_PASSWORD="$password"
printf "Password verified for %s.\n" "$purpose"
return 0
else
printf "Error: Passwords do not match. Please try again.\n" >&2
fi
done
}
# Trap SIGINT to exit gracefully if the user aborts with CTRL+C
trap 'printf "\nOperation aborted by user.\n" >&2; exit 1' SIGINT
cd "$(dirname "$(realpath "$0")")/../"
# Check if .env exists and exit if it is
[[ -f ./.env ]] && echo ".env already exists. Exiting!" && exit 1 || true
cat ./env.template >> ./.env
echo "# SECRETS" >> ./.env
echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> ./.env
echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> ./.env
prompt_password "AUTHENTIK_EMAIL__PASSWORD"; echo "AUTHENTIK_EMAIL__PASSWORD=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD
prompt_password "GEOIPUPDATE_LICENSE_KEY"; echo "GEOIPUPDATE_LICENSE_KEY=${RETURNED_PASSWORD}" >> ./.env; unset RETURNED_PASSWORD
echo "" >> ./.env
# Generate dhparam, if not existing
[[ ! -d ./data/nginx/certs ]] && mkdir -p ./data/nginx/certs && chmod 700 ./data/nginx/certs || true
[[ ! -f ./data/nginx/certs/dhparams.pem ]] && echo "" && openssl dhparam -out ./data/nginx/certs/dhparams.pem 4096 \
&& echo "" && echo "Checking generated dhparams" && openssl dhparam -check -in ./data/nginx/certs/dhparams.pem || true
# Create certificate
echo ""
echo "Create certificate"
lego \
--path ./data/.lego \
--accept-tos \
--email="acme@base23.de" \
--domains="sso.base23.de" \
--http run
# Link certificates to correct directory
ln -s ../../.lego/certificates/sso.base23.de.crt ./data/nginx/certs/sso.base23.de.crt
ln -s ../../.lego/certificates/sso.base23.de.issuer.crt ./data/nginx/certs/sso.base23.de.issuer.crt
ln -s ../../.lego/certificates/sso.base23.de.key ./data/nginx/certs/sso.base23.de.key
# Setup cronjob to automatically renew certificates
Reference in a new issue View git blame Copy permalink