[DRE-commits] [gitlab] 01/02: handle pre-seeding of https and letsencrypt
Praveen Arimbrathodiyil
praveen at moszumanska.debian.org
Thu Apr 20 06:11:15 UTC 2017
This is an automated email from the git hooks/post-receive script.
praveen pushed a commit to branch master
in repository gitlab.
commit d754030ccde83113f2ef4f6c98ae9c39722b56e8
Author: Praveen Arimbrathodiyil <praveen at debian.org>
Date: Thu Apr 20 11:32:10 2017 +0530
handle pre-seeding of https and letsencrypt
---
debian/config | 2 ++
debian/postinst | 68 ++++++++++++++++++++++++++++++++++++++-------------------
2 files changed, 48 insertions(+), 22 deletions(-)
diff --git a/debian/config b/debian/config
index dfd6f0c..cb714ed 100755
--- a/debian/config
+++ b/debian/config
@@ -16,6 +16,8 @@ set -e
# debconf db.
db_set gitlab/fqdn "$GITLAB_HOST"
db_set gitlab/user "$gitlab_user"
+ db_set gitlab/ssl "${GITLAB_HTTPS:-false}"
+ db_set gitlab/letsencrypt "${gitlab_letsencrypt:-false}"
fi
# What is your fqdn?
diff --git a/debian/postinst b/debian/postinst
index 351b638..9250129 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -146,6 +146,13 @@ case "$1" in
GITLAB_EMAIL_REPLY_TO="no-reply@$GITLAB_HOST"
db_get gitlab/user
gitlab_user=$RET
+ # Check if ssl option is selected
+ db_get gitlab/ssl
+ GITLAB_HTTPS=$RET
+ gl_proto="http"
+ db_get gitlab/letsencrypt
+ gitlab_letsencrypt=$RET
+
cp -a -f ${gitlab_debian_conf_private} ${gitlab_debian_conf_private}.tmp
# If the admin deleted or commented some variables but then set
@@ -160,18 +167,20 @@ case "$1" in
echo "GITLAB_EMAIL_REPLY_TO=" >> ${gitlab_debian_conf_private}
test -z "$gitlab_user" || grep -Eq '^ *gitlab_user=' ${gitlab_debian_conf_private} || \
echo "gitlab_user=" >> ${gitlab_debian_conf_private}
+ test -z "$GITLAB_HTTPS" || grep -Eq '^ *GITLAB_HTTPS=' ${gitlab_debian_conf_private} || \
+ echo "GITLAB_HTTPS=" >> ${gitlab_debian_conf_private}
+ test -z "$gitlab_letsencrypt" || grep -Eq '^ *gitlab_letsencrypt=' ${gitlab_debian_conf_private} || \
+ echo "gitlab_letsencrypt=" >> ${gitlab_debian_conf_private}
sed -e "s/^ *GITLAB_HOST=.*/GITLAB_HOST=\"$GITLAB_HOST\"/" \
-e "s/^ *GITLAB_EMAIL_FROM=.*/GITLAB_EMAIL_FROM=\"$GITLAB_EMAIL_FROM\"/" \
-e "s/^ *GITLAB_EMAIL_DISPLAY_NAME=.*/GITLAB_EMAIL_DISPLAY_NAME=\"$GITLAB_EMAIL_DISPLAY_NAME\"/" \
-e "s/^ *GITLAB_EMAIL_REPLY_TO=.*/GITLAB_EMAIL_REPLY_TO=\"$GITLAB_EMAIL_REPLY_TO\"/" \
-e "s/^ *gitlab_user=.*/gitlab_user=\"$gitlab_user\"/" \
+ -e "s/^ *GITLAB_HTTPS=.*/GITLAB_HTTPS=\"$GITLAB_HTTPS\"/" \
+ -e "s/^ *gitlab_letsencrypt=.*/gitlab_letsencrypt=\"$gitlab_letsencrypt\"/" \
< ${gitlab_debian_conf_private} > ${gitlab_debian_conf_private}.tmp
mv -f ${gitlab_debian_conf_private}.tmp ${gitlab_debian_conf_private}
- # Check if ssl option is selected
- db_get gitlab/ssl
- gl_proto="http"
-
# Copy example configurations
test -f ${gitlab_yml_private} || \
cp ${gitlab_yml_example} ${gitlab_yml_private}
@@ -183,27 +192,23 @@ case "$1" in
# Update gitlab user (its a hack, proper fix is to have gitlab accept GITLAB_USER variable)
sed -i "s/^ *user:.* #gitlab_user/ user: $gitlab_user #gitlab_user/" ${gitlab_yml_private}
- if [ "${RET}" = "true" ]; then
+ if [ "$GITLAB_HTTPS" = "true" ]; then
echo "Configuring nginx with HTTPS..."
- if ! grep GITLAB_HTTPS ${gitlab_debian_conf_private}; then
- echo GITLAB_HTTPS=${RET} >> ${gitlab_debian_conf_private}
- # Workaround for #813770
- gl_proto="https"
- echo "Configuring gitlab with HTTPS..."
- sed -i "s/#port: 80/port: 443/" ${gitlab_yml_private}
- sed -i "s/https: false/https: true/" ${gitlab_yml_private}
- echo "Updating gitlab_url in gitlab-shell configuration..."
- sed -i \
- "s/gitlab_url: http*:\/\/.*/gitlab_url: ${gl_proto}:\/\/${GITLAB_HOST}/"\
- ${gitlab_shell_config_private}
- fi
+ # Workaround for #813770
+ gl_proto="https"
+ echo "Configuring gitlab with HTTPS..."
+ sed -i "s/#port: 80/port: 443/" ${gitlab_yml_private}
+ sed -i "s/https: false/https: true/" ${gitlab_yml_private}
+ echo "Updating gitlab_url in gitlab-shell configuration..."
+ sed -i \
+ "s/gitlab_url: http*:\/\/.*/gitlab_url: ${gl_proto}:\/\/${GITLAB_HOST}/"\
+ ${gitlab_shell_config_private}
mkdir -p /etc/gitlab/ssl
nginx_conf_example=${nginx_ssl_conf_example}
# Check if letsencrypt option is selected
- db_get gitlab/letsencrypt
- if [ "${RET}" = "true" ]; then
+ if [ "$gitlab_letsencrypt" = "true" ]; then
echo "Configuring letsencrypt..."
ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem \
/etc/gitlab/ssl/gitlab.crt
@@ -220,13 +225,33 @@ case "$1" in
invoke-rc.d nginx stop
fi
- letsencrypt -d ${GITLAB_HOST} certonly || {
+ letsencrypt --standalone -d ${GITLAB_HOST} certonly || {
echo "letsencrypt auto configuration failed..."
echo "Stop your webserver and try running letsencrypt manually..."
echo "letsencrypt -d ${GITLAB_HOST} certonly"
}
- fi
+ fi
fi
+ else
+ # Revert https setting
+ sed -i "s/port: 443/#port: 80/" ${gitlab_yml_private}
+ sed -i "s/https: true/https: false/" ${gitlab_yml_private}
+ fi
+
+ # Cleanup in case letsencrypt were disabled later
+ if [ "$gitlab_letsencrypt" = "false" ]; then
+ if [ -L /etc/gitlab/ssl/gitlab.crt ]; then
+ if [ "$(file /etc/gitlab/ssl/gitlab.crt|awk '{ print $NF }')" = "/etc/letsencrypt/live/${GITLAB_HOST}/fullchain.pem" ]; then
+ echo "Removing symbolic links to letsencrypt certificate..."
+ rm -f /etc/gitlab/ssl/gitlab.crt
+ fi
+ fi
+ if [ -L /etc/gitlab/ssl/gitlab.key ]; then
+ if [ "$(file /etc/gitlab/ssl/gitlab.key|awk '{ print $NF }')" = "/etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem" ]; then
+ echo "Removing symbolic links to letsencrypt certificate private key..."
+ rm -f /etc/gitlab/ssl/gitlab.key
+ fi
+ fi
fi
# Manage tmpfiles.d/gitlab.conf via ucf
@@ -269,7 +294,6 @@ case "$1" in
ucf --debconf-ok --three-way ${nginx_site_private} ${nginx_site}
ucfr gitlab ${nginx_site}
ln -fs ${nginx_site} /etc/nginx/sites-enabled/
- rm -f ${nginx_conf_example_tmp}
else
echo "nginx example configuration file not found"
exit 1
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/gitlab.git
More information about the Pkg-ruby-extras-commits
mailing list