Commifreak/runedal.sh

## runedal.sh
#!/bin/bash

## eDAL! Helper
## add to crontab like:

## eDAL
##@reboot         edal    /opt/runedal.sh
##

## IMPORTANT!
##
## Non root users dont have the permission to use low-numbered ports. So I decided to use apache2 as reverse proxy for eDAL


##
## C O N F I G U R A T I O N
##

## Java Main directory (you can use AdoptOpenJDK openJ9, if you want.)
JAVA_DIR=/opt/jdk-14+36-jre

# Main directory, which holds edal and all needed folders
EDAL_HOME=/opt

## EDAL Jar location. If inside folder, set it to folder/name.jar
EDAL_JAR=eDAL_Mrz_2020/eDAL-Server.jar

## Special dirs for edal data (-i -m) and the logging folder
DATA_DIR=$EDAL_HOME/edal-data
MNT_DIR=$EDAL_HOME/edal-mount
LOG_DIR=$EDAL_HOME/edal-logs


## SSL specific settings (-https)
SSL_ENABLED=true
SSL_DATA=$EDAL_HOME/edal-ssl
KEYSTORE=$SSL_DATA/edal.jks
KEYSTORE_PWD=password


## Datacite user/password (-dcu, -dcp)
DATACITE_USER=username
DATACITE_PW=password

## Datacite Test-Prefix (-dcr)
DATACITE_PREFIX=10.5072
## Prod (comment out for PRODUCTION!, leave commented for TEST!)
#DATACITE_PREFIX=12.3456


## If you are behind a proxy, set IP and Port here. If you do not have a proxy, leave both empty (-hph, -hpp, -hsh, -hsp)
PROXY_HOST=
PROXY_PORT=


## The Hostname, eDal will run with (-ss)
SERVER_ADDRESS=edal.domain.tld


## HTTP/HTTPS port (-hp -hps), used by eDAL. If you do not plan to run eDAL as root,
## you cant use low-numbered-ports. Maybe you should use a reverse proxy instead
## If you allow run as root, you can set 80/443, if you want.
ALLOW_RUN_AS_ROOT=false
HTTP_PORT=8080
HTTPS_PORT=4433


## Force port for use inside eDAL. In case of reverse proxy, this should be the real port which is accessible from outside the server (-sp)
STATIC_PORT=443

# Enable logging of RMI communication? (mostly for debug purposes only)
ENABLE_RMI_LOG=0

## email parameters fro eDAL (-r1 -r2 -r3 -ru)
R1_MAIL=r1@domain.tld
R2_MAIL=r2@domain.tld
R3_MAIL=r3@domain.tld
ROOT_MAIL=edal@domain.tld
NO_REPLY_MAIL=edal@domain.tld


## Email settings (-sh)
SMTP_HOST=10.0.0.1

## SMTP user pass - leave empty to use no login
SMTP_USER=
SMTP_PASS=


############################### DO NOT EDIT ANYTHING BELOW THIS LINE!

if [ "$(whoami)" == "root" ] && [ "$ALLOW_RUN_AS_ROOT" != "true" ]; then
	echo "Please do not start this as root..."
	exit
fi

cd $EDAL_HOME

## Leave this please as is ;)
SSL=""
PROXY=""
SMTP_USER_PASS=""
RMILOG=""

if [ ! -w "$DATA_DIR" ] || [ ! -w "$MNT_DIR" ] || [ ! -w "$LOG_DIR" ]; then
	echo "Excusez Moi - but at least one of the important folders are not writeable. Please check permissions for DATA/MNT/LOG-DIR!"
	exit 1
fi


JAVA=$JAVA_DIR/bin/java
EDAL=$EDAL_HOME/$EDAL_JAR


if [ "$PROXY_HOST" != "" ]; then
	PROXY="-hph $PROXY_HOST -hpp $PROXY_PORT -hsh $PROXY_HOST -hsp $PROXY_PORT"
fi

if [ "$ENABLE_RMI_LOG" == "1" ]; then
	RMILOG="--serverLog"
fi

if [ "$SMTP_USER" != "" ]; then
	SMTP_USER_PASS="-su $SMTP_USER -sp $SMTP_PASS"
fi

if [ ! -f "$JAVA" ]; then
	echo "Java not found! I was expecting it at: $JAVA_DIR/bin/java!"
	exit 1
fi

if [ ! -f "$EDAL" ]; then
	echo "eDAL not found! I was expecting it at: $EDAL!"
	exit 1
fi


if [ "$SSL_ENABLED" == "true" ]; then
	SSL="-https -kp $KEYSTORE -kpass $KEYSTORE_PWD"

	if [ ! -w "$SSL_DATA" ]; then
		echo "The speciified SSL-folder ($SSL_DATA) is NOT writeable!"
		exit 1;
	fi

	## SSL-Data is writeable, now check the keystore
	if [ ! -f "$KEYSTORE" ]; then
		echo
		echo "Keytore not found, have to create it first..."
		echo
		if [ ! -x $JAVA_DIR/bin/keytool ]; then
			echo "$JAVA_DIR/bin/keytore is NOT executable! Please 'chmod a+x $JAVA_DIR/bin/keystore' - thanks!"
			exit 1;
		fi

		echo "Please place the certificate, key and CA-bundle inside $SSL_DATA and name them 'edal.crt', 'edal.key' and 'bundle.crt'"
		read -p "Done with that? [ENTER]"
		echo "Nice! :)"
		sleep 2

		if [ ! -f "$SSL_DATA/edal.crt" ] || [ ! -f "$SSL_DATA/edal.key" ] || [ ! -f "$SSL_DATA/bundle.crt" ]; then
			echo "Sorry, the files are not there! Try it again!"
			exit 1
		fi

		echo
		echo "Now we create a new keystore. You will be asked for several passwords (for the key and for the new keystore)"
		echo "Please enter a 'secure' password and configure it after this run inside the runedal.sh script (KEYSTORE_PWD)"
		echo

		sleep 2

		echo "Converting your file to PKCS12..."
		openssl pkcs12 -export -in $SSL_DATA/edal.crt -inkey $SSL_DATA/edal.key -name $SERVER_ADDRESS -out $SSL_DATA/edal-PKCS-12.p12
		echo "Okay, that seemed to worked."

		echo "Now we create your new JKS (JavaKeyStore)"
		$JAVA_DIR/bin/keytool -importkeystore -destkeystore $KEYSTORE -srckeystore $SSL_DATA/edal-PKCS-12.p12 -srcstoretype PKCS12
		echo

		echo "DONE! Now set KEYSTORE_PWD :)"
		exit 0;
	elif [ "$KEYSTORE_PWD" == "" ]; then
		echo "You configured SSL, created keystore but did not provided the KEYSTORE password to me. Please edit KEYSTORE_PWD"
		exit 1;
	fi
fi

## Leere Zeile einfügen
echo >> $LOG_DIR/info.log
echo >> $LOG_DIR/error.log

echo "Starting eDAL ($JAVA AND $EDAL)..."
$JAVA -jar $EDAL \
-i $DATA_DIR \
-m $MNT_DIR \
-dcp $DATACITE_PW \
-dcr $DATACITE_PREFIX \
-dcu $DATACITE_USER \
$PROXY \
-ss $SERVER_ADDRESS \
-rmi $SERVER_ADDRESS \
-ssp $STATIC_PORT \
-hp $HTTP_PORT \
-hps $HTTPS_PORT \
$SSL \
-r1 $R1_MAIL \
-r2 $R2_MAIL \
-r3 $R3_MAIL \
-ru $ROOT_MAIL \
-nre $NO_REPLY_MAIL \
-sh $SMTP_HOST \
$RMILOG \
$SMTP_USER_PASS  >> $LOG_DIR/info.log 2>> $LOG_DIR/error.log


exit;
	#!/bin/bash

	## eDAL! Helper
	## add to crontab like:

	## eDAL
	##@reboot edal /opt/runedal.sh
	##

	## IMPORTANT!
	##
	## Non root users dont have the permission to use low-numbered ports. So I decided to use apache2 as reverse proxy for eDAL


	##
	## C O N F I G U R A T I O N
	##

	## Java Main directory (you can use AdoptOpenJDK openJ9, if you want.)
	JAVA_DIR=/opt/jdk-14+36-jre

	# Main directory, which holds edal and all needed folders
	EDAL_HOME=/opt

	## EDAL Jar location. If inside folder, set it to folder/name.jar
	EDAL_JAR=eDAL_Mrz_2020/eDAL-Server.jar

	## Special dirs for edal data (-i -m) and the logging folder
	DATA_DIR=$EDAL_HOME/edal-data
	MNT_DIR=$EDAL_HOME/edal-mount
	LOG_DIR=$EDAL_HOME/edal-logs


	## SSL specific settings (-https)
	SSL_ENABLED=true
	SSL_DATA=$EDAL_HOME/edal-ssl
	KEYSTORE=$SSL_DATA/edal.jks
	KEYSTORE_PWD=password


	## Datacite user/password (-dcu, -dcp)
	DATACITE_USER=username
	DATACITE_PW=password

	## Datacite Test-Prefix (-dcr)
	DATACITE_PREFIX=10.5072
	## Prod (comment out for PRODUCTION!, leave commented for TEST!)
	#DATACITE_PREFIX=12.3456


	## If you are behind a proxy, set IP and Port here. If you do not have a proxy, leave both empty (-hph, -hpp, -hsh, -hsp)
	PROXY_HOST=
	PROXY_PORT=


	## The Hostname, eDal will run with (-ss)
	SERVER_ADDRESS=edal.domain.tld


	## HTTP/HTTPS port (-hp -hps), used by eDAL. If you do not plan to run eDAL as root,
	## you cant use low-numbered-ports. Maybe you should use a reverse proxy instead
	## If you allow run as root, you can set 80/443, if you want.
	ALLOW_RUN_AS_ROOT=false
	HTTP_PORT=8080
	HTTPS_PORT=4433


	## Force port for use inside eDAL. In case of reverse proxy, this should be the real port which is accessible from outside the server (-sp)
	STATIC_PORT=443

	# Enable logging of RMI communication? (mostly for debug purposes only)
	ENABLE_RMI_LOG=0

	## email parameters fro eDAL (-r1 -r2 -r3 -ru)
	R1_MAIL=r1@domain.tld
	R2_MAIL=r2@domain.tld
	R3_MAIL=r3@domain.tld
	ROOT_MAIL=edal@domain.tld
	NO_REPLY_MAIL=edal@domain.tld


	## Email settings (-sh)
	SMTP_HOST=10.0.0.1

	## SMTP user pass - leave empty to use no login
	SMTP_USER=
	SMTP_PASS=



	############################### DO NOT EDIT ANYTHING BELOW THIS LINE!

	if [ "$(whoami)" == "root" ] && [ "$ALLOW_RUN_AS_ROOT" != "true" ]; then
	echo "Please do not start this as root..."
	exit
	fi

	cd $EDAL_HOME

	## Leave this please as is ;)
	SSL=""
	PROXY=""
	SMTP_USER_PASS=""
	RMILOG=""

	if [ ! -w "$DATA_DIR" ] \|\| [ ! -w "$MNT_DIR" ] \|\| [ ! -w "$LOG_DIR" ]; then
	echo "Excusez Moi - but at least one of the important folders are not writeable. Please check permissions for DATA/MNT/LOG-DIR!"
	exit 1
	fi


	JAVA=$JAVA_DIR/bin/java
	EDAL=$EDAL_HOME/$EDAL_JAR


	if [ "$PROXY_HOST" != "" ]; then
	PROXY="-hph $PROXY_HOST -hpp $PROXY_PORT -hsh $PROXY_HOST -hsp $PROXY_PORT"
	fi

	if [ "$ENABLE_RMI_LOG" == "1" ]; then
	RMILOG="--serverLog"
	fi

	if [ "$SMTP_USER" != "" ]; then
	SMTP_USER_PASS="-su $SMTP_USER -sp $SMTP_PASS"
	fi

	if [ ! -f "$JAVA" ]; then
	echo "Java not found! I was expecting it at: $JAVA_DIR/bin/java!"
	exit 1
	fi

	if [ ! -f "$EDAL" ]; then
	echo "eDAL not found! I was expecting it at: $EDAL!"
	exit 1
	fi


	if [ "$SSL_ENABLED" == "true" ]; then
	SSL="-https -kp $KEYSTORE -kpass $KEYSTORE_PWD"

	if [ ! -w "$SSL_DATA" ]; then
	echo "The speciified SSL-folder ($SSL_DATA) is NOT writeable!"
	exit 1;
	fi

	## SSL-Data is writeable, now check the keystore
	if [ ! -f "$KEYSTORE" ]; then
	echo
	echo "Keytore not found, have to create it first..."
	echo
	if [ ! -x $JAVA_DIR/bin/keytool ]; then
	echo "$JAVA_DIR/bin/keytore is NOT executable! Please 'chmod a+x $JAVA_DIR/bin/keystore' - thanks!"
	exit 1;
	fi

	echo "Please place the certificate, key and CA-bundle inside $SSL_DATA and name them 'edal.crt', 'edal.key' and 'bundle.crt'"
	read -p "Done with that? [ENTER]"
	echo "Nice! :)"
	sleep 2

	if [ ! -f "$SSL_DATA/edal.crt" ] \|\| [ ! -f "$SSL_DATA/edal.key" ] \|\| [ ! -f "$SSL_DATA/bundle.crt" ]; then
	echo "Sorry, the files are not there! Try it again!"
	exit 1
	fi

	echo
	echo "Now we create a new keystore. You will be asked for several passwords (for the key and for the new keystore)"
	echo "Please enter a 'secure' password and configure it after this run inside the runedal.sh script (KEYSTORE_PWD)"
	echo

	sleep 2

	echo "Converting your file to PKCS12..."
	openssl pkcs12 -export -in $SSL_DATA/edal.crt -inkey $SSL_DATA/edal.key -name $SERVER_ADDRESS -out $SSL_DATA/edal-PKCS-12.p12
	echo "Okay, that seemed to worked."

	echo "Now we create your new JKS (JavaKeyStore)"
	$JAVA_DIR/bin/keytool -importkeystore -destkeystore $KEYSTORE -srckeystore $SSL_DATA/edal-PKCS-12.p12 -srcstoretype PKCS12
	echo

	echo "DONE! Now set KEYSTORE_PWD :)"
	exit 0;
	elif [ "$KEYSTORE_PWD" == "" ]; then
	echo "You configured SSL, created keystore but did not provided the KEYSTORE password to me. Please edit KEYSTORE_PWD"
	exit 1;
	fi
	fi

	## Leere Zeile einfügen
	echo >> $LOG_DIR/info.log
	echo >> $LOG_DIR/error.log

	echo "Starting eDAL ($JAVA AND $EDAL)..."
	$JAVA -jar $EDAL \
	-i $DATA_DIR \
	-m $MNT_DIR \
	-dcp $DATACITE_PW \
	-dcr $DATACITE_PREFIX \
	-dcu $DATACITE_USER \
	$PROXY \
	-ss $SERVER_ADDRESS \
	-rmi $SERVER_ADDRESS \
	-ssp $STATIC_PORT \
	-hp $HTTP_PORT \
	-hps $HTTPS_PORT \
	$SSL \
	-r1 $R1_MAIL \
	-r2 $R2_MAIL \
	-r3 $R3_MAIL \
	-ru $ROOT_MAIL \
	-nre $NO_REPLY_MAIL \
	-sh $SMTP_HOST \
	$RMILOG \
	$SMTP_USER_PASS >> $LOG_DIR/info.log 2>> $LOG_DIR/error.log


	exit;