add option to use own cert during install
This commit is contained in:
wh1te909
57
install.sh
57
install.sh
@@ -4,6 +4,9 @@ SCRIPT_VERSION="83"
|
||||
SCRIPT_URL="https://raw.githubusercontent.com/amidaware/tacticalrmm/master/install.sh"
|
||||
|
||||
sudo apt install -y curl wget dirmngr gnupg lsb-release ca-certificates
|
||||
sudo apt install -y software-properties-common
|
||||
sudo apt update
|
||||
sudo apt install -y openssl
|
||||
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
@@ -118,6 +121,14 @@ print_green() {
|
||||
printf >&2 "\n"
|
||||
}
|
||||
|
||||
print_error() {
|
||||
printf >&2 "${RED}${1}${NC}\n"
|
||||
}
|
||||
|
||||
print_yellow() {
|
||||
printf >&2 "${YELLOW}${1}${NC}\n"
|
||||
}
|
||||
|
||||
cls
|
||||
|
||||
while [[ $rmmdomain != *[.]*[.]* ]]; do
|
||||
@@ -143,6 +154,34 @@ while [[ $letsemail != *[@]*[.]* ]]; do
|
||||
read letsemail
|
||||
done
|
||||
|
||||
byocert=false
|
||||
if [[ $* == *--use-own-cert* ]]; then
|
||||
byocert=true
|
||||
fi
|
||||
|
||||
if [[ "$byocert" = true ]]; then
|
||||
while true; do
|
||||
|
||||
print_yellow "Please enter the full path to your fullchain.pem file:"
|
||||
read -r fullchain_path
|
||||
print_yellow "Please enter the full path to your privkey.pem file:"
|
||||
read -r privkey_path
|
||||
|
||||
if [[ ! -f "$fullchain_path" || ! -f "$privkey_path" ]]; then
|
||||
print_error "One or both files do not exist. Please try again."
|
||||
continue
|
||||
fi
|
||||
|
||||
openssl x509 -in "$fullchain_path" -noout >/dev/null
|
||||
if [[ $? -ne 0 ]]; then
|
||||
print_error "ERROR: The provided file is not a valid certificate."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
break
|
||||
done
|
||||
fi
|
||||
|
||||
if grep -q manage_etc_hosts /etc/hosts; then
|
||||
sudo sed -i '/manage_etc_hosts: true/d' /etc/cloud/cloud.cfg >/dev/null
|
||||
echo -e "\nmanage_etc_hosts: false" | sudo tee --append /etc/cloud/cloud.cfg >/dev/null
|
||||
@@ -172,10 +211,6 @@ if [[ $* == *--insecure* ]]; then
|
||||
insecure=true
|
||||
fi
|
||||
|
||||
sudo apt install -y software-properties-common
|
||||
sudo apt update
|
||||
sudo apt install -y openssl
|
||||
|
||||
if [[ "$insecure" = true ]]; then
|
||||
print_green 'Generating self-signed cert'
|
||||
certdir='/etc/ssl/tactical'
|
||||
@@ -188,6 +223,10 @@ if [[ "$insecure" = true ]]; then
|
||||
-nodes -keyout ${CERT_PRIV_KEY} -out ${CERT_PUB_KEY} -subj "/CN=${rootdomain}" \
|
||||
-addext "subjectAltName=DNS:${rootdomain},DNS:*.${rootdomain}"
|
||||
|
||||
elif [[ "$byocert" = true ]]; then
|
||||
CERT_PRIV_KEY=$privkey_path
|
||||
CERT_PUB_KEY=$fullchain_path
|
||||
sudo chown ${USER}:${USER} $CERT_PRIV_KEY $CERT_PUB_KEY
|
||||
else
|
||||
sudo apt install -y certbot
|
||||
print_green 'Getting wildcard cert'
|
||||
@@ -461,6 +500,16 @@ if [[ "$insecure" = true ]]; then
|
||||
echo "TRMM_INSECURE = True" | tee --append $local_settings >/dev/null
|
||||
fi
|
||||
|
||||
if [[ "$byocert" = true ]]; then
|
||||
owncerts="$(
|
||||
cat <<EOF
|
||||
CERT_FILE = "${CERT_PUB_KEY}"
|
||||
KEY_FILE = "${CERT_PRIV_KEY}"
|
||||
EOF
|
||||
)"
|
||||
echo "${owncerts}" | tee --append $local_settings >/dev/null
|
||||
fi
|
||||
|
||||
if [ "$arch" = "x86_64" ]; then
|
||||
natsapi='nats-api'
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user