bugfix certif nginx

11 months ago · 958a6225b1
3 changed files with 10 additions and 16 deletions
--- a/files/snster-kaz/hoster-a/kaz1/provision.sh
+++ b/files/snster-kaz/hoster-a/kaz1/provision.sh
@ -55,14 +55,12 @@ echo "export SNSTERGUARD='true'" >> /root/.bashrc


 # On place les certifs
-# On place les certifs
-if  [ -f tls/root_ca.crt ]; then
-  cp -ar tls/root_ca.crt /usr/local/share/ca-certificates/
-  /usr/sbin/update-ca-certificates --fresh
-fi
-if  [ -d letsencrypt ]; then
-  cp -ar letsencrypt /etc/
-fi
+cp -ar tls/root_ca.crt /usr/local/share/ca-certificates/
+/usr/sbin/update-ca-certificates --fresh
+
+mkdir -p /etc/letsencrypt/live/kaz.sns
+cp tls/wildcard.crt /etc/letsencrypt/live/kaz.sns/fullchain.pem
+cp tls/wildcard.key /etc/letsencrypt/live/kaz.sns/privkey.pem

 # On sauve le proxy APT
 proxy=$(/sbin/ip route | awk '/default/ { print $3 }' | head -1)
--- a/files/vm-provision.sh
+++ b/files/vm-provision.sh
@ -159,10 +159,6 @@ EOF

    step certificate create "*.kaz.sns" /root/tls/wildcard.crt /root/tls/wildcard.key --profile leaf --ca /root/.step/certs/intermediate_ca.crt --ca-key /root/.step/secrets/intermediate_ca_key --ca-password-file /root/ca-passwordfile --bundle --force --no-password --insecure

-   	mkdir -p /etc/letsencrypt/live/kaz.sns/
-    ln -sf /root/tls/wildcard.crt /etc/letsencrypt/live/kaz.sns/fullchain.pem
-    ln -sf /root/tls/wildcard.key /etc/letsencrypt/live/kaz.sns/privkey.pem
-
    # Cache docker registry
    echo "proxy:
  remoteurl: https://registry-1.docker.io
@ -196,8 +192,8 @@ auth:
    cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root

    # crypto keys
-    cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/
-    cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/
+    cp -ar /root/tls /root/snster-kaz/hoster-a/kaz1/
+    cp -ar /root/tls /root/snster-kaz/hoster-b/kaz2/
    cp -ar /root/tls /root/snster-kaz/isp-a/home/
    cp -ar /root/tls /root/snster-kaz/mica/infra/

--- a/files/vm-upgrade.sh
+++ b/files/vm-upgrade.sh
@ -26,8 +26,8 @@ git switch "${KAZBRANCH}"
 # On écrase les anciens fichiers
 cp -ar /tmp/kaz-vagrant/files/snster-kaz /root/
 # crypto keys
-cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/
-cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/
+cp -ar /root/tls /root/snster-kaz/hoster-a/kaz1/
+cp -ar /root/tls /root/snster-kaz/hoster-b/kaz2/
 cp -ar /root/tls /root/snster-kaz/isp-a/home/
 cp -ar /root/tls /root/snster-kaz/mica/infra/