From 2ef33877fddce670fd87dd561141c92c03b4f615 Mon Sep 17 00:00:00 2001
From: Felix Ableitner <me@nutomic.com>
Date: Thu, 28 Feb 2019 12:39:00 +0100
Subject: [PATCH] Update domains (fixes #33)

---
 scripts/init-repo.sh                          | 25 +++++++++++--------
 scripts/postinstall.sh                        |  2 +-
 scripts/ssl-renew.sh                          | 11 +++-----
 .../docker-compose/docker-compose-base.yml    |  2 +-
 .../{autoconfig => autoconfig.conf}           |  0
 .../nginx/sites-enabled/{dba => dba.conf}     |  0
 .../nginx/sites-enabled/drive-redirect.conf   | 19 ++++++++++++++
 .../sites-enabled/{drive => nextcloud.conf}   |  8 +++---
 .../sites-enabled/{office => onlyoffice.conf} |  0
 .../sites-enabled/{mail => postfixadmin.conf} |  0
 .../nginx/sites-enabled/{spam => rspamd.conf} |  0
 .../nginx/sites-enabled/webmail-redirect.conf | 19 ++++++++++++++
 .../sites-enabled/{welcome => welcome.conf}   |  0
 13 files changed, 61 insertions(+), 25 deletions(-)
 rename templates/nginx/sites-enabled/{autoconfig => autoconfig.conf} (100%)
 rename templates/nginx/sites-enabled/{dba => dba.conf} (100%)
 create mode 100644 templates/nginx/sites-enabled/drive-redirect.conf
 rename templates/nginx/sites-enabled/{drive => nextcloud.conf} (82%)
 rename templates/nginx/sites-enabled/{office => onlyoffice.conf} (100%)
 rename templates/nginx/sites-enabled/{mail => postfixadmin.conf} (100%)
 rename templates/nginx/sites-enabled/{spam => rspamd.conf} (100%)
 create mode 100644 templates/nginx/sites-enabled/webmail-redirect.conf
 rename templates/nginx/sites-enabled/{welcome => welcome.conf} (100%)

diff --git a/scripts/init-repo.sh b/scripts/init-repo.sh
index efa19e1..1a7beef 100755
--- a/scripts/init-repo.sh
+++ b/scripts/init-repo.sh
@@ -16,7 +16,7 @@ DC_DIR="templates/docker-compose/"
 case $INSTALL_ONLYOFFICE in
     [Yy]* )
     cat "${DC_DIR}docker-compose-base.yml" "${DC_DIR}docker-compose-onlyoffice.yml" "${DC_DIR}docker-compose-networks.yml" > docker-compose.yml;
-    cat templates/nginx/sites-enabled/office | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/office.$DOMAIN.conf"
+    cat "templates/nginx/sites-enabled/onlyoffice.conf" | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/onlyoffice.conf"
     OFFICE_DOMAIN=",office.$DOMAIN"
     OFFICE_LETSENCRYPT_KEY="config-dynamic/letsencrypt/certstore/live/office.$DOMAIN/privkey.pem"
     NUM_CERTIFICATES="7"
@@ -46,8 +46,8 @@ echo "VIRTUAL_HOST=$VIRTUAL_HOST" >> "$ENVFILE"
 # finished .env file generation
 
 # fille autorenew config
-echo "$VIRTUAL_HOST,dba.$DOMAIN,drive.$DOMAIN,mail.$DOMAIN,spam.$DOMAIN,webmail.$DOMAIN,welcome.$DOMAIN$OFFICE_DOMAIN" | tr "," "\n" | while read CURDOMAIN; do
-    echo "sub        $CURDOMAIN" >> config-dynamic/letsencrypt/autorenew/ssl-domains.dat
+echo "$DOMAIN,$VIRTUAL_HOST,dba.$DOMAIN,drive.$DOMAIN,mail.$DOMAIN,spam.$DOMAIN,webmail.$DOMAIN,welcome.$DOMAIN$OFFICE_DOMAIN" | tr "," "\n" | while read CURDOMAIN; do
+    echo "$CURDOMAIN" >> config-dynamic/letsencrypt/autorenew/ssl-domains.dat
 :; done
 
 
@@ -58,17 +58,20 @@ cat templates/automx/automx.conf | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > config-dynam
 
 # automx
 echo "$DOMAIN,$ADD_DOMAINS" | tr "," "\n" | while read CURDOMAIN; do
-    cat templates/nginx/sites-enabled/autoconfig | sed "s/@@@DOMAIN@@@/$CURDOMAIN/g" | sed "s/@@@SERVICE@@@/autoconfig/g" > "config-dynamic/nginx/sites-enabled/autoconfig.$CURDOMAIN.conf"
-    cat templates/nginx/sites-enabled/autoconfig | sed "s/@@@DOMAIN@@@/$CURDOMAIN/g" | sed "s/@@@SERVICE@@@/autodiscover/g" > "config-dynamic/nginx/sites-enabled/autodiscover.$CURDOMAIN.conf"
+    cat "templates/nginx/sites-enabled/autoconfig.conf" | sed "s/@@@DOMAIN@@@/$CURDOMAIN/g" | sed "s/@@@SERVICE@@@/autoconfig/g" > "config-dynamic/nginx/sites-enabled/autoconfig.$CURDOMAIN.conf"
+    cat "templates/nginx/sites-enabled/autoconfig.conf" | sed "s/@@@DOMAIN@@@/$CURDOMAIN/g" | sed "s/@@@SERVICE@@@/autodiscover/g" > "config-dynamic/nginx/sites-enabled/autodiscover.$CURDOMAIN.conf"
 :; done
 
 # other hosts
-cat templates/nginx/sites-enabled/dba | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/dba.$DOMAIN.conf"
-cat templates/nginx/sites-enabled/drive | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/drive.$DOMAIN.conf"
-cat templates/nginx/sites-enabled/mail | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/mail.$DOMAIN.conf"
-cat templates/nginx/sites-enabled/spam | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/spam.$DOMAIN.conf"
-cat templates/nginx/sites-enabled/webmail | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/webmail.$DOMAIN.conf"
-cat templates/nginx/sites-enabled/welcome | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/welcome.$DOMAIN.conf"
+cat "templates/nginx/sites-enabled/dba.conf" | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/dba.conf"
+cat "templates/nginx/sites-enabled/nextcloud.conf" | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/nextcloud.conf"
+cat "templates/nginx/sites-enabled/postfixadmin.conf" | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/postfixadmin.conf"
+cat "templates/nginx/sites-enabled/rspamd.conf" | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/rspamd.conf"
+cat "templates/nginx/sites-enabled/welcome.conf" | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/welcome.conf"
+
+# redirects for legacy subdomains
+cat "templates/nginx/sites-enabled/webmail-redirect.conf" | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/webmail-redirect.conf"
+cat "templates/nginx/sites-enabled/drive-redirect.conf" | sed "s/@@@DOMAIN@@@/$DOMAIN/g" > "config-dynamic/nginx/sites-enabled/drive-redirect.conf"
 
 # confirm DNS is ready
 echo ""
diff --git a/scripts/postinstall.sh b/scripts/postinstall.sh
index 29f2514..37cf61e 100755
--- a/scripts/postinstall.sh
+++ b/scripts/postinstall.sh
@@ -18,7 +18,7 @@ do
 done
 
 echo "Tweaking nextcloud config"
-sed -i "s/localhost/drive.$DOMAIN/g" /mnt/repo-base/volumes/nextcloud/config/config.php
+sed -i "s/localhost/$DOMAIN/g" /mnt/repo-base/volumes/nextcloud/config/config.php
 sed -i "s/);//g" /mnt/repo-base/volumes/nextcloud/config/config.php
 /bin/echo -e "   'skeletondirectory' => '',\n   'mail_from_address' => 'drive',\n   'mail_smtpmode' => 'smtp',\n   'mail_smtpauthtype' => 'PLAIN',\n   'mail_domain' => '$DOMAIN',\n   'mail_smtpauth' => 1,\n   'mail_smtphost' => 'mail.$DOMAIN',\n   'mail_smtpname' => 'drive@$DOMAIN',\n   'mail_smtppassword' => '$DRIVE_SMTP_PASSWORD',\n   'mail_smtpport' => '587',\n   'mail_smtpsecure' => 'tls'," >> /mnt/repo-base/volumes/nextcloud/config/config.php
 cat /mnt/repo-base/templates/nextcloud/plugin-config/user_sql_raw_config.conf | sed "s/@@@DBNAME@@@/$PFDB_DB/g" | sed "s/@@@DBUSER@@@/$PFDB_USR/g" | sed "s/@@@DBPW@@@/$PFDB_DBPASS/g" >> /mnt/repo-base/volumes/nextcloud/config/config.php
diff --git a/scripts/ssl-renew.sh b/scripts/ssl-renew.sh
index 53d76cd..85399b7 100755
--- a/scripts/ssl-renew.sh
+++ b/scripts/ssl-renew.sh
@@ -17,23 +17,18 @@ SERVERADMIN="admin@$DOMAIN"
 PUBIP=0.0.0.0
 CERTBOT_IMAGE="certbot/certbot:v0.30.2"
 
-cat "$CONFIG" | while read TYPE DOMAIN; do
-        ALIAS=""
-        if [ "$TYPE" = "main" ]
-        then
-                ALIAS="-d www.$DOMAIN"
-        fi
+cat "$CONFIG" | while read DOMAIN; do
         # For the first run, we have to use standalone auth because Nginx won't start without the cert files present.
         if [ ! -f "$CERTSTORE/$DOMAIN/fullchain.pem" ]
         then
             docker run -t --rm -v $CERTSTOREBASE:/etc/letsencrypt \
                 -p $PUBIP:80:80 -p $PUBIP:443:443 \
-                "$CERTBOT_IMAGE" certonly --non-interactive --agree-tos -m $SERVERADMIN -d $DOMAIN $ALIAS \
+                "$CERTBOT_IMAGE" certonly --non-interactive --agree-tos -m $SERVERADMIN -d $DOMAIN \
                 --standalone
         else
             docker run -t --rm -v $CERTSTOREBASE:/etc/letsencrypt \
                 -v /mnt/repo-base/letsencrypt/acme-challenge:/etc/letsencrypt/acme-challenge \
-                "$CERTBOT_IMAGE" certonly --non-interactive --agree-tos -m $SERVERADMIN -d $DOMAIN $ALIAS \
+                "$CERTBOT_IMAGE" certonly --non-interactive --agree-tos -m $SERVERADMIN -d $DOMAIN \
                 --webroot -w /etc/letsencrypt/acme-challenge \
                 --post-hook "touch /etc/letsencrypt/live/$DOMAIN/cert-updated"
             CERT_UPDATED_FILE="$CERTSTORE/$DOMAIN/cert-updated"
diff --git a/templates/docker-compose/docker-compose-base.yml b/templates/docker-compose/docker-compose-base.yml
index 1876614..0f490f1 100644
--- a/templates/docker-compose/docker-compose-base.yml
+++ b/templates/docker-compose/docker-compose-base.yml
@@ -161,7 +161,7 @@ services:
       - /mnt/repo-base/config-dynamic/automx/automx.conf:/etc/automx.conf
 
   create-account:
-    image: registry.gitlab.e.foundation:5000/e/infra/docker-create-account:0.1.2
+    image: registry.gitlab.e.foundation:5000/e/infra/docker-create-account:0.1.3
     container_name: create-account
     environment:
       - NEXTCLOUD_ADMIN_USER=${NEXTCLOUD_ADMIN_USER}
diff --git a/templates/nginx/sites-enabled/autoconfig b/templates/nginx/sites-enabled/autoconfig.conf
similarity index 100%
rename from templates/nginx/sites-enabled/autoconfig
rename to templates/nginx/sites-enabled/autoconfig.conf
diff --git a/templates/nginx/sites-enabled/dba b/templates/nginx/sites-enabled/dba.conf
similarity index 100%
rename from templates/nginx/sites-enabled/dba
rename to templates/nginx/sites-enabled/dba.conf
diff --git a/templates/nginx/sites-enabled/drive-redirect.conf b/templates/nginx/sites-enabled/drive-redirect.conf
new file mode 100644
index 0000000..a7aac77
--- /dev/null
+++ b/templates/nginx/sites-enabled/drive-redirect.conf
@@ -0,0 +1,19 @@
+server {
+  listen 8000;
+  server_name drive.@@@DOMAIN@@@;
+  rewrite ^/(.*)$ https://@@@DOMAIN@@@/$1 permanent;
+}
+
+server {
+  listen 4430 ssl http2;
+  server_name drive.@@@DOMAIN@@@;
+
+  rewrite ^/(.*)$ https://@@@DOMAIN@@@/$1 permanent;
+
+  ssl_certificate /certs/live/drive.@@@DOMAIN@@@/fullchain.pem;
+  ssl_certificate_key /certs/live/drive.@@@DOMAIN@@@/privkey.pem;
+
+  include /etc/nginx/params/ssl_params;
+  include /etc/nginx/params/headers_params;
+}
+
diff --git a/templates/nginx/sites-enabled/drive b/templates/nginx/sites-enabled/nextcloud.conf
similarity index 82%
rename from templates/nginx/sites-enabled/drive
rename to templates/nginx/sites-enabled/nextcloud.conf
index 025de37..cfce2cc 100644
--- a/templates/nginx/sites-enabled/drive
+++ b/templates/nginx/sites-enabled/nextcloud.conf
@@ -1,15 +1,15 @@
 server {
   listen 8000;
-  server_name drive.@@@DOMAIN@@@;
+  server_name @@@DOMAIN@@@;
   return 301 https://$host$request_uri;
 }
 
 server {
   listen 4430 ssl http2;
-  server_name drive.@@@DOMAIN@@@;
+  server_name @@@DOMAIN@@@;
 
-  ssl_certificate /certs/live/drive.@@@DOMAIN@@@/fullchain.pem;
-  ssl_certificate_key /certs/live/drive.@@@DOMAIN@@@/privkey.pem;
+  ssl_certificate /certs/live/@@@DOMAIN@@@/fullchain.pem;
+  ssl_certificate_key /certs/live/@@@DOMAIN@@@/privkey.pem;
 
   include /etc/nginx/params/ssl_params;
   #include /etc/nginx/params/headers_params;
diff --git a/templates/nginx/sites-enabled/office b/templates/nginx/sites-enabled/onlyoffice.conf
similarity index 100%
rename from templates/nginx/sites-enabled/office
rename to templates/nginx/sites-enabled/onlyoffice.conf
diff --git a/templates/nginx/sites-enabled/mail b/templates/nginx/sites-enabled/postfixadmin.conf
similarity index 100%
rename from templates/nginx/sites-enabled/mail
rename to templates/nginx/sites-enabled/postfixadmin.conf
diff --git a/templates/nginx/sites-enabled/spam b/templates/nginx/sites-enabled/rspamd.conf
similarity index 100%
rename from templates/nginx/sites-enabled/spam
rename to templates/nginx/sites-enabled/rspamd.conf
diff --git a/templates/nginx/sites-enabled/webmail-redirect.conf b/templates/nginx/sites-enabled/webmail-redirect.conf
new file mode 100644
index 0000000..539dc1e
--- /dev/null
+++ b/templates/nginx/sites-enabled/webmail-redirect.conf
@@ -0,0 +1,19 @@
+server {
+  listen 8000;
+  server_name webmail.@@@DOMAIN@@@;
+  rewrite ^/(.*)$ https://@@@DOMAIN@@@/$1 permanent;
+}
+
+server {
+  listen 4430 ssl http2;
+  server_name webmail.@@@DOMAIN@@@;
+
+  rewrite ^/(.*)$ https://@@@DOMAIN@@@/$1 permanent;
+
+  ssl_certificate /certs/live/webmail.@@@DOMAIN@@@/fullchain.pem;
+  ssl_certificate_key /certs/live/webmail.@@@DOMAIN@@@/privkey.pem;
+
+  include /etc/nginx/params/ssl_params;
+  include /etc/nginx/params/headers_params;
+}
+
diff --git a/templates/nginx/sites-enabled/welcome b/templates/nginx/sites-enabled/welcome.conf
similarity index 100%
rename from templates/nginx/sites-enabled/welcome
rename to templates/nginx/sites-enabled/welcome.conf
-- 
GitLab