git/nextcloud-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d1245fac70d18faa81d933028ac361efe06f299e
nextcloud-docker/scripts/renew-production-tls.sh
Raghav 08990f6420 Add automated TLS renewal and deployment documentation 
Co-Authored-By: Oz <oz-agent@warp.dev>
2026-04-17 08:44:28 +05:30

70 lines
2.0 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# scripts/renew-production-tls.sh
# Non-interactive renewal wrapper:
# - loads renewal env defaults
# - loads Cloudflare token export script
# - runs certificate provisioning
# - restarts only nextcloud-web when certificate changed
set -euo pipefail
REPO_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
DOMAIN="${DOMAIN:-nxt.bhatfamily.in}"
SSL_DIR="${REPO_DIR}/nginx/ssl"
TLS_ENV_FILE="${TLS_ENV_FILE:-${REPO_DIR}/.tls-renewal.env}"
CLOUDFLARE_TOKEN_SCRIPT_DEFAULT="${HOME}/bin/cloudflare-api-usertoken.sh"
if [ -f "${TLS_ENV_FILE}" ]; then
# shellcheck disable=SC1090
set -a
source "${TLS_ENV_FILE}"
set +a
fi
CLOUDFLARE_TOKEN_SCRIPT="${CLOUDFLARE_TOKEN_SCRIPT:-${CLOUDFLARE_TOKEN_SCRIPT_DEFAULT}}"
if [ -z "${CF_DNS_API_TOKEN:-}" ] && [ -f "${CLOUDFLARE_TOKEN_SCRIPT}" ]; then
# shellcheck disable=SC1090
source "${CLOUDFLARE_TOKEN_SCRIPT}"
fi
if [ -z "${CF_DNS_API_TOKEN:-}" ]; then
echo "ERROR: CF_DNS_API_TOKEN is not set and could not be loaded from ${CLOUDFLARE_TOKEN_SCRIPT}."
exit 1
fi
if [ -z "${LETSENCRYPT_EMAIL:-}" ]; then
echo "ERROR: LETSENCRYPT_EMAIL is not set."
echo "Set it in ${TLS_ENV_FILE} or export it in the shell before running this script."
exit 1
fi
mkdir -p "${REPO_DIR}/logs"
CERT_FILE="${SSL_DIR}/${DOMAIN}.crt"
BEFORE_SHA=""
if [ -f "${CERT_FILE}" ]; then
BEFORE_SHA="$(sha256sum "${CERT_FILE}" | awk '{print $1}')"
fi
echo "==> Running production TLS provisioning/renewal..."
"${REPO_DIR}/scripts/provision-production-tls.sh"
AFTER_SHA=""
if [ -f "${CERT_FILE}" ]; then
AFTER_SHA="$(sha256sum "${CERT_FILE}" | awk '{print $1}')"
fi
if [ "${BEFORE_SHA}" != "${AFTER_SHA}" ]; then
echo "==> Certificate changed; restarting nextcloud-web..."
if command -v docker >/dev/null 2>&1 && docker compose version >/dev/null 2>&1; then
docker compose -f "${REPO_DIR}/docker-compose.yml" restart web
else
docker-compose -f "${REPO_DIR}/docker-compose.yml" restart web
fi
else
echo "==> Certificate unchanged; no container restart required."
fi
echo "==> Renewal workflow complete."
Reference in New Issue View Git Blame Copy Permalink