kentasaito · November 27, 2022 14:11
diff --git a/deno_getssl_bot.sh b/deno_getssl_bot.sh
 # 1. Create deno user and install Deno
 useradd deno -m -s /bin/bash
 rm /home/deno/.*
 apt install unzip
 sudo -u deno bash -c 'curl -fsSL https://deno.land/x/install/install.sh | sh'

 # 2. Create a process that runs on systemd
 mkdir /home/deno/deno_getssl_bot
 cat <<'EOL' > /home/deno/deno_getssl_bot/deno_getssl_bot.service
 [Service]
 User=deno
 WorkingDirectory=/home/deno/deno_getssl_bot
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 ExecStart=/home/deno/deno_getssl_bot/run.sh
 [Install]
 WantedBy=multi-user.target
 EOL
 cat <<'EOL' > /home/deno/deno_getssl_bot/run.sh
 #!/bin/bash
 /home/deno/.deno/bin/deno run --watch --allow-read --allow-net main.ts
 EOL
 chmod 755 /home/deno/deno_getssl_bot/run.sh
 cat <<'EOL' > /home/deno/deno_getssl_bot/main.ts
 import { serve } from 'https://deno.land/[email protected]/http/server.ts';
 function handler(request) {
 	const url = new URL(request.url);
 	if (url.pathname.startsWith('/.well-known/acme-challenge/')) {
 		try {
 			return new Response(Deno.readFileSync('.' + url.pathname));
 		} catch (error) {
 			return new Response('Not Found', {
 				status: 404,
 			});
 		}
 	} else {
 		return Response.redirect(request.url.replace(/^http:/, 'https:'));
 	}
 }
 serve(handler, {
 	port: 80,
 });
 EOL
 chown -R deno:deno /home/deno/deno_getssl_bot
 ln -s /home/deno/deno_getssl_bot/deno_getssl_bot.service /etc/systemd/system/deno_getssl_bot.service
 systemctl enable deno_getssl_bot
 systemctl start deno_getssl_bot

 # 3. Download getssl and execute
 sudo -u deno -i bash -c 'curl --silent https://raw.githubusercontent.com/srvrco/getssl/v2.47/getssl > getssl ; chmod 700 getssl'
 sudo -u deno -i ./getssl -c $FQDN
 cat <<'EOL' > /home/deno/.getssl/getssl.cfg
 CA="https://acme-staging-v02.api.letsencrypt.org"
 ACCOUNT_KEY_LENGTH=4096
 ACCOUNT_KEY="/home/deno/.getssl/account.key"
 PRIVATE_KEY_ALG="rsa"
 RENEW_ALLOW="30"
 SERVER_TYPE="https"
 CHECK_REMOTE="true"
 EOL
 cat <<'EOL' > /home/deno/.getssl/$FQDN/getssl.cfg
 ACL=('/home/deno/deno_getssl_bot/.well-known/acme-challenge')
 EOL
 sudo -u deno -i ./getssl $FQDN

 # 4. Create a crontab
 sudo -u deno bash -c '(crontab -l; echo "23 5 * * * /home/deno/getssl -u -a -q") | crontab -'
	# 1. Create deno user and install Deno
	useradd deno -m -s /bin/bash
	rm /home/deno/.*
	apt install unzip
	sudo -u deno bash -c 'curl -fsSL https://deno.land/x/install/install.sh \| sh'

	# 2. Create a process that runs on systemd
	mkdir /home/deno/deno_getssl_bot
	cat <<'EOL' > /home/deno/deno_getssl_bot/deno_getssl_bot.service
	[Service]
	User=deno
	WorkingDirectory=/home/deno/deno_getssl_bot
	AmbientCapabilities=CAP_NET_BIND_SERVICE
	ExecStart=/home/deno/deno_getssl_bot/run.sh
	[Install]
	WantedBy=multi-user.target
	EOL
	cat <<'EOL' > /home/deno/deno_getssl_bot/run.sh
	#!/bin/bash
	/home/deno/.deno/bin/deno run --watch --allow-read --allow-net main.ts
	EOL
	chmod 755 /home/deno/deno_getssl_bot/run.sh
	cat <<'EOL' > /home/deno/deno_getssl_bot/main.ts
	import { serve } from 'https://deno.land/[email protected]/http/server.ts';
	function handler(request) {
	const url = new URL(request.url);
	if (url.pathname.startsWith('/.well-known/acme-challenge/')) {
	try {
	return new Response(Deno.readFileSync('.' + url.pathname));
	} catch (error) {
	return new Response('Not Found', {
	status: 404,
	});
	}
	} else {
	return Response.redirect(request.url.replace(/^http:/, 'https:'));
	}
	}
	serve(handler, {
	port: 80,
	});
	EOL
	chown -R deno:deno /home/deno/deno_getssl_bot
	ln -s /home/deno/deno_getssl_bot/deno_getssl_bot.service /etc/systemd/system/deno_getssl_bot.service
	systemctl enable deno_getssl_bot
	systemctl start deno_getssl_bot

	# 3. Download getssl and execute
	sudo -u deno -i bash -c 'curl --silent https://raw.githubusercontent.com/srvrco/getssl/v2.47/getssl > getssl ; chmod 700 getssl'
	sudo -u deno -i ./getssl -c $FQDN
	cat <<'EOL' > /home/deno/.getssl/getssl.cfg
	CA="https://acme-staging-v02.api.letsencrypt.org"
	ACCOUNT_KEY_LENGTH=4096
	ACCOUNT_KEY="/home/deno/.getssl/account.key"
	PRIVATE_KEY_ALG="rsa"
	RENEW_ALLOW="30"
	SERVER_TYPE="https"
	CHECK_REMOTE="true"
	EOL
	cat <<'EOL' > /home/deno/.getssl/$FQDN/getssl.cfg
	ACL=('/home/deno/deno_getssl_bot/.well-known/acme-challenge')
	EOL
	sudo -u deno -i ./getssl $FQDN

	# 4. Create a crontab
	sudo -u deno bash -c '(crontab -l; echo "23 5 * * * /home/deno/getssl -u -a -q") \| crontab -'