From b4abafd28f354eb6bf508062fe2b3a6175fb117f Mon Sep 17 00:00:00 2001 From: Amirhossein Khalili Date: Thu, 19 Mar 2026 07:11:53 +0800 Subject: [PATCH] feat(ssl): add autimation for ssl configurations (scripts/setup-ssl) with given custom-ssl/privatekey.pem and custom-ssl/fullchain.pem credentials --- .gitignore | 2 ++ run.sh | 7 +++++ scripts/setup-ssl.sh | 68 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 77 insertions(+) create mode 100644 scripts/setup-ssl.sh diff --git a/.gitignore b/.gitignore index b1356af..94f6eec 100644 --- a/.gitignore +++ b/.gitignore @@ -28,3 +28,5 @@ Thumbs.db .idea/ *.swp *.swo + +custom-ssl/ diff --git a/run.sh b/run.sh index 89beb14..3155b83 100644 --- a/run.sh +++ b/run.sh @@ -63,6 +63,13 @@ if [[ $REPLY =~ ^[Yy]$ ]]; then fi fi +echo "" +if [ -f "./scripts/setup-ssl.sh" ]; then + bash ./scripts/setup-ssl.sh +else + echo -e "${YELLOW}[WARNING] ./scripts/setup-ssl.sh not found. Skipping SSL setup.${NC}" +fi + echo -e "\n${CYAN}Starting GitLab via Docker Compose...${NC}" docker compose up -d diff --git a/scripts/setup-ssl.sh b/scripts/setup-ssl.sh new file mode 100644 index 0000000..db76ac6 --- /dev/null +++ b/scripts/setup-ssl.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +RED='\033[0;31m' +GREEN='\033[0;32m' +YELLOW='\033[1;33m' +CYAN='\033[0;36m' +NC='\033[0m' # No Color + +echo -e "${CYAN}==========================================${NC}" +echo -e "${CYAN} Automated SSL Certificate Setup ${NC}" +echo -e "${CYAN}==========================================${NC}\n" + +# 1. Load variables from .env +if [ ! -f ".env" ]; then + echo -e "${RED}[ERROR] .env file not found. Skipping SSL setup.${NC}" + exit 1 +fi +source .env + +# 2. Check if HTTPS is being used +if [[ ! "$GITLAB_EXTERNAL_URL" == https://* ]]; then + echo -e "${YELLOW}[INFO] GITLAB_EXTERNAL_URL is not using HTTPS. Skipping custom SSL setup.${NC}" + exit 0 +fi + +# 3. Extract the clean domain name from the URL (e.g., git.example.com) +DOMAIN=$(echo "$GITLAB_EXTERNAL_URL" | sed -e 's|^[^/]*//||' -e 's|/.*$||') + +if [ -z "$DOMAIN" ]; then + echo -e "${RED}[ERROR] Could not extract domain from GITLAB_EXTERNAL_URL.${NC}" + exit 1 +fi + +# 4. Check if the custom-ssl folder has the required certificates +if [ ! -f "./custom-ssl/fullchain.pem" ] || [ ! -f "./custom-ssl/privatekey.pem" ]; then + echo -e "${YELLOW}[INFO] No custom certificates found in ./custom-ssl/ (missing fullchain.pem or privatekey.pem).${NC}" + echo -e "Skipping automated SSL setup." + exit 0 +fi + +echo -e "${GREEN}[OK] Custom certificates found for $DOMAIN.${NC}" + +# 5. Determine the config directory based on GITLAB_HOME +SSL_DIR="${GITLAB_HOME:-./gitlab-data}/config/ssl" + +# 6. Create the SSL directory if it doesn't exist +mkdir -p "$SSL_DIR" + +# 7. Copy and rename the files to match GitLab's strict requirements +echo -e "Copying and renaming certificates..." +cp ./custom-ssl/fullchain.pem "$SSL_DIR/$DOMAIN.crt" +cp ./custom-ssl/privatekey.pem "$SSL_DIR/$DOMAIN.key" + +# 8. Set the exact required security permissions +chmod 644 "$SSL_DIR/$DOMAIN.crt" +chmod 600 "$SSL_DIR/$DOMAIN.key" + +echo -e "${GREEN}[OK] Certificates copied to $SSL_DIR as $DOMAIN.crt and $DOMAIN.key${NC}" +echo -e "${GREEN}[OK] Strict file permissions applied.${NC}" + +# 9. Force disable internal Let's Encrypt to prevent overwriting +if grep -q "^LETSENCRYPT_ENABLE=true" .env; then + echo -e "${YELLOW}[WARNING] LETSENCRYPT_ENABLE is set to true in .env. Disabling it to prevent conflicts with your custom CDN certs...${NC}" + sed -i 's/^LETSENCRYPT_ENABLE=true/LETSENCRYPT_ENABLE=false/' .env + echo -e "${GREEN}[OK] LETSENCRYPT_ENABLE forcefully set to false.${NC}" +fi + +echo -e "\n${GREEN}[SUCCESS] Custom SSL setup complete!${NC}\n"