Letsencrypt: support second domain (#1025)

Co-Authored-By: nachoparker <nacho@ownyourbits.com>
Signed-off-by: Henning Schiebenhoefer <henning.schiebenhoefer@posteo.de>
Signed-off-by: nachoparker <nacho@ownyourbits.com>

Author: rababerladuseladim

bin/ncp-provisioning.sh

@@ -13,6 +13,7 @@ REDISPASS="$( grep "^requirepass" /etc/redis/redis.conf | cut -f2 -d' ' )"
   REDISPASS="$( openssl rand -base64 32 )"
   echo Provisioning Redis password
   sed -i -E "s|^requirepass .*|requirepass $REDISPASS|" /etc/redis/redis.conf
+  chown redis:redis /etc/redis/redis.conf
   [[ "$DOCKERBUILD" != 1 ]] && systemctl restart redis
 }
 

bin/ncp/CONFIG/nc-limits.sh

@@ -59,6 +59,7 @@ configure()
   local CURRENT_REDIS_MEM=$( grep "^maxmemory" "$CONF" | awk '{ print $2 }' )
   [[ "$REDISMEM" != "$CURRENT_REDIS_MEM" ]] && {
     sed -i "s|^maxmemory .*|maxmemory $REDISMEM|" "$CONF"
+    chown redis:redis "$CONF"
     service redis-server restart
   }
 }

bin/ncp/NETWORKING/letsencrypt.sh

@@ -54,7 +54,15 @@ configure()
     sed -i "/DocumentRoot/aServerName $DOMAIN" $vhostcfg
 
   # Do it
-  $letsencrypt certonly -n --force-renew --no-self-upgrade --webroot -w $ncdir --hsts --agree-tos -m $EMAIL -d $DOMAIN && {
+  local domain_string=""
+  for domain in $DOMAIN $ADDITIONAL_DOMAIN; do
+    [[ "$domain" != "" ]] && {
+      [[ $domain_string == "" ]] && \
+        domain_string+="${domain}" || \
+        domain_string+=",${domain}"
+    }
+  done
+  $letsencrypt certonly -n --force-renew --no-self-upgrade --webroot -w $ncdir --hsts --agree-tos -m $EMAIL -d $domain_string && {
 
     # Set up auto-renewal
     cat > /etc/cron.weekly/letsencrypt-ncp <<EOF
@@ -91,7 +99,13 @@ EOF
     sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $vhostcfg2
 
     # Configure Nextcloud
-    ncc config:system:set trusted_domains 4 --value=$DOMAIN
+    local domain_index=12
+    for dom in $DOMAIN $ADDITIONAL_DOMAIN; do
+      [[ "$dom" != "" ]] && {
+        ncc config:system:set trusted_domains $domain_index --value=$dom
+        ((domain_index++))
+      }
+    done
     ncc config:system:set overwrite.cli.url --value=https://"$DOMAIN"/
 
     # delayed in bg so it does not kill the connection, and we get AJAX response

changelog.md

@@ -1,5 +1,7 @@
 
-[v1.18.0](https://github.com/nextcloud/nextcloudpi/commit/c140109) (2019-10-27) add ncp-previews
+[v1.18.1](https://github.com/nextcloud/nextcloudpi/commit/ebe9592) (2019-11-18) Letsencrypt: support second domain (#1025)
+
+[v1.18.0, master](https://github.com/nextcloud/nextcloudpi/commit/0fc2390) (2019-10-27) add ncp-previews
 
 [v1.17.1 ](https://github.com/nextcloud/nextcloudpi/commit/c63cb27) (2019-09-29) nc-backup: exclude group folders in dataless backup
 

docker/nextcloud/020nextcloud

@@ -22,6 +22,7 @@ ln -s /data/nextcloud /var/www/nextcloud
 
 echo "Starting Redis"
 sed -i 's|^requirepass .*|requirepass default|' /etc/redis/redis.conf
+chown redis:redis /etc/redis/redis.conf
 mkdir -p /var/run/redis
 chown redis /var/run/redis
 sudo -u redis redis-server /etc/redis/redis.conf

etc/ncp-config.d/letsencrypt.cfg

@@ -12,6 +12,12 @@
       "value": "mycloud.ownyourbits.com",
       "suggest": "mycloud.ownyourbits.com"
     },
+    {
+      "id": "ADDITIONAL_DOMAIN",
+      "name": "Additional domain",
+      "value": "",
+      "suggest": "optional.cloud.ownyourbits.com"
+    },
     {
       "id": "EMAIL",
       "name": "Email",