Last active
August 14, 2020 07:52
-
-
Save Commifreak/e9d2c166d1da8cd1a7b54858b0e932f7 to your computer and use it in GitHub Desktop.
eDAL! Start-script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
## eDAL! Helper | |
## add to crontab like: | |
## eDAL | |
##@reboot edal /opt/runedal.sh | |
## | |
## IMPORTANT! | |
## | |
## Non root users dont have the permission to use low-numbered ports. So I decided to use apache2 as reverse proxy for eDAL | |
## | |
## C O N F I G U R A T I O N | |
## | |
## Java Main directory (you can use AdoptOpenJDK openJ9, if you want.) | |
JAVA_DIR=/opt/jdk-14+36-jre | |
# Main directory, which holds edal and all needed folders | |
EDAL_HOME=/opt | |
## EDAL Jar location. If inside folder, set it to folder/name.jar | |
EDAL_JAR=eDAL_Mrz_2020/eDAL-Server.jar | |
## Special dirs for edal data (-i -m) and the logging folder | |
DATA_DIR=$EDAL_HOME/edal-data | |
MNT_DIR=$EDAL_HOME/edal-mount | |
LOG_DIR=$EDAL_HOME/edal-logs | |
## SSL specific settings (-https) | |
SSL_ENABLED=true | |
SSL_DATA=$EDAL_HOME/edal-ssl | |
KEYSTORE=$SSL_DATA/edal.jks | |
KEYSTORE_PWD=password | |
## Datacite user/password (-dcu, -dcp) | |
DATACITE_USER=username | |
DATACITE_PW=password | |
## Datacite Test-Prefix (-dcr) | |
DATACITE_PREFIX=10.5072 | |
## Prod (comment out for PRODUCTION!, leave commented for TEST!) | |
#DATACITE_PREFIX=12.3456 | |
## If you are behind a proxy, set IP and Port here. If you do not have a proxy, leave both empty (-hph, -hpp, -hsh, -hsp) | |
PROXY_HOST= | |
PROXY_PORT= | |
## The Hostname, eDal will run with (-ss) | |
SERVER_ADDRESS=edal.domain.tld | |
## HTTP/HTTPS port (-hp -hps), used by eDAL. If you do not plan to run eDAL as root, | |
## you cant use low-numbered-ports. Maybe you should use a reverse proxy instead | |
## If you allow run as root, you can set 80/443, if you want. | |
ALLOW_RUN_AS_ROOT=false | |
HTTP_PORT=8080 | |
HTTPS_PORT=4433 | |
## Force port for use inside eDAL. In case of reverse proxy, this should be the real port which is accessible from outside the server (-sp) | |
STATIC_PORT=443 | |
# Enable logging of RMI communication? (mostly for debug purposes only) | |
ENABLE_RMI_LOG=0 | |
## email parameters fro eDAL (-r1 -r2 -r3 -ru) | |
R1_MAIL=r1@domain.tld | |
R2_MAIL=r2@domain.tld | |
R3_MAIL=r3@domain.tld | |
ROOT_MAIL=edal@domain.tld | |
NO_REPLY_MAIL=edal@domain.tld | |
## Email settings (-sh) | |
SMTP_HOST=10.0.0.1 | |
## SMTP user pass - leave empty to use no login | |
SMTP_USER= | |
SMTP_PASS= | |
############################### DO NOT EDIT ANYTHING BELOW THIS LINE! | |
if [ "$(whoami)" == "root" ] && [ "$ALLOW_RUN_AS_ROOT" != "true" ]; then | |
echo "Please do not start this as root..." | |
exit | |
fi | |
cd $EDAL_HOME | |
## Leave this please as is ;) | |
SSL="" | |
PROXY="" | |
SMTP_USER_PASS="" | |
RMILOG="" | |
if [ ! -w "$DATA_DIR" ] || [ ! -w "$MNT_DIR" ] || [ ! -w "$LOG_DIR" ]; then | |
echo "Excusez Moi - but at least one of the important folders are not writeable. Please check permissions for DATA/MNT/LOG-DIR!" | |
exit 1 | |
fi | |
JAVA=$JAVA_DIR/bin/java | |
EDAL=$EDAL_HOME/$EDAL_JAR | |
if [ "$PROXY_HOST" != "" ]; then | |
PROXY="-hph $PROXY_HOST -hpp $PROXY_PORT -hsh $PROXY_HOST -hsp $PROXY_PORT" | |
fi | |
if [ "$ENABLE_RMI_LOG" == "1" ]; then | |
RMILOG="--serverLog" | |
fi | |
if [ "$SMTP_USER" != "" ]; then | |
SMTP_USER_PASS="-su $SMTP_USER -sp $SMTP_PASS" | |
fi | |
if [ ! -f "$JAVA" ]; then | |
echo "Java not found! I was expecting it at: $JAVA_DIR/bin/java!" | |
exit 1 | |
fi | |
if [ ! -f "$EDAL" ]; then | |
echo "eDAL not found! I was expecting it at: $EDAL!" | |
exit 1 | |
fi | |
if [ "$SSL_ENABLED" == "true" ]; then | |
SSL="-https -kp $KEYSTORE -kpass $KEYSTORE_PWD" | |
if [ ! -w "$SSL_DATA" ]; then | |
echo "The speciified SSL-folder ($SSL_DATA) is NOT writeable!" | |
exit 1; | |
fi | |
## SSL-Data is writeable, now check the keystore | |
if [ ! -f "$KEYSTORE" ]; then | |
echo | |
echo "Keytore not found, have to create it first..." | |
echo | |
if [ ! -x $JAVA_DIR/bin/keytool ]; then | |
echo "$JAVA_DIR/bin/keytore is NOT executable! Please 'chmod a+x $JAVA_DIR/bin/keystore' - thanks!" | |
exit 1; | |
fi | |
echo "Please place the certificate, key and CA-bundle inside $SSL_DATA and name them 'edal.crt', 'edal.key' and 'bundle.crt'" | |
read -p "Done with that? [ENTER]" | |
echo "Nice! :)" | |
sleep 2 | |
if [ ! -f "$SSL_DATA/edal.crt" ] || [ ! -f "$SSL_DATA/edal.key" ] || [ ! -f "$SSL_DATA/bundle.crt" ]; then | |
echo "Sorry, the files are not there! Try it again!" | |
exit 1 | |
fi | |
echo | |
echo "Now we create a new keystore. You will be asked for several passwords (for the key and for the new keystore)" | |
echo "Please enter a 'secure' password and configure it after this run inside the runedal.sh script (KEYSTORE_PWD)" | |
echo | |
sleep 2 | |
echo "Converting your file to PKCS12..." | |
openssl pkcs12 -export -in $SSL_DATA/edal.crt -inkey $SSL_DATA/edal.key -name $SERVER_ADDRESS -out $SSL_DATA/edal-PKCS-12.p12 | |
echo "Okay, that seemed to worked." | |
echo "Now we create your new JKS (JavaKeyStore)" | |
$JAVA_DIR/bin/keytool -importkeystore -destkeystore $KEYSTORE -srckeystore $SSL_DATA/edal-PKCS-12.p12 -srcstoretype PKCS12 | |
echo | |
echo "DONE! Now set KEYSTORE_PWD :)" | |
exit 0; | |
elif [ "$KEYSTORE_PWD" == "" ]; then | |
echo "You configured SSL, created keystore but did not provided the KEYSTORE password to me. Please edit KEYSTORE_PWD" | |
exit 1; | |
fi | |
fi | |
## Leere Zeile einfügen | |
echo >> $LOG_DIR/info.log | |
echo >> $LOG_DIR/error.log | |
echo "Starting eDAL ($JAVA AND $EDAL)..." | |
$JAVA -jar $EDAL \ | |
-i $DATA_DIR \ | |
-m $MNT_DIR \ | |
-dcp $DATACITE_PW \ | |
-dcr $DATACITE_PREFIX \ | |
-dcu $DATACITE_USER \ | |
$PROXY \ | |
-ss $SERVER_ADDRESS \ | |
-rmi $SERVER_ADDRESS \ | |
-ssp $STATIC_PORT \ | |
-hp $HTTP_PORT \ | |
-hps $HTTPS_PORT \ | |
$SSL \ | |
-r1 $R1_MAIL \ | |
-r2 $R2_MAIL \ | |
-r3 $R3_MAIL \ | |
-ru $ROOT_MAIL \ | |
-nre $NO_REPLY_MAIL \ | |
-sh $SMTP_HOST \ | |
$RMILOG \ | |
$SMTP_USER_PASS >> $LOG_DIR/info.log 2>> $LOG_DIR/error.log | |
exit; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment