Use LetsEncrypt certificate

fixes https://github.com/lesspass/lesspass/issues/14

docker-compose.prod.yml

@@ -38,7 +38,7 @@ services:
     volumes_from:
       - backend
     volumes:
-      - ./ssl:/certificates
+      - ./letsencrypt:/etc/letsencrypt
     links:
       - backend
       - frontend

frontend

@@ -1 +1 @@
-Subproject commit 09317512f270bbbb94a59d1feb44e7dca481382c
+Subproject commit d4184dc5726e80ca5a3aaddee27d7a0105c7ccee

letsencrypt.sh

@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+
+#########
+# Check #
+#########
+OUTPUT_DIR=LessPass
+if [ -d "$OUTPUT_DIR" ]
+then
+    echo "LessPass directory exists, move ./LessPass folder and re-run lesspass.sh script"
+    exit 1
+fi
+
+####################
+# Context creation #
+####################
+mkdir $OUTPUT_DIR
+cd $OUTPUT_DIR
+
+if [ "$#" -eq  "2" ]
+then
+    DOMAIN=$1
+    EMAIL=$2
+else
+    echo "Please enter your domain name (e.g. example.org): "
+    read DOMAIN
+    echo
+    echo "Please enter your email (Used to generate an HTTPS certificate with LetsEncrypt):"
+    read EMAIL
+fi
+
+DATABASE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9_ </dev/urandom | head -c 32)
+SECRET_KEY=$(LC_ALL=C tr -dc A-Za-z0-9_ </dev/urandom | head -c 32)
+
+cat >> .env << EOF
+ALLOWED_HOSTS=.$DOMAIN
+DATABASE_PASSWORD=$DATABASE_PASSWORD
+SECRET_KEY=$SECRET_KEY
+DOMAIN=$DOMAIN
+EMAIL=$EMAIL
+EOF
+
+#######################
+# Docker compose file #
+#######################
+curl -s -o docker-compose.yml https://raw.githubusercontent.com/lesspass/lesspass/master/docker-compose.prod.yml > /dev/null
+docker-compose pull
+docker-compose down
+
+###############
+# LetsEncrypt #
+###############
+echo "Create LetsEncrypt certificate..."
+mkdir letsencrypt
+docker run -it --rm -p 443:443 -p 80:80 -v $PWD/letsencrypt:/etc/letsencrypt/ certbot/certbot certonly --standalone --noninteractive --quiet --email $EMAIL --agree-tos -d $DOMAIN  > /dev/null
+docker run -it --rm -v $PWD/letsencrypt/live/:/certificates/ lesspass/openssl openssl dhparam -out /certificates/$DOMAIN/dhparam.pem 4096
+
+############
+# LessPass #
+############
+curl -s https://raw.githubusercontent.com/lesspass/lesspass/master/scripts/update.sh > /dev/null
+docker-compose up -d
+echo "--------------------------------------------"
+echo "Congratulation LessPass Database is running!"
+echo "--------------------------------------------"
+echo "visit https://$DOMAIN"
+echo
+echo "## Create super user"
+echo "see: https://github.com/lesspass/lesspass#create-super-user"
+echo
+echo "## Update LessPass"
+echo "Just run ./update.sh"
+echo "It renews the LestEncrypt certificate and updates LessPass"
+

nginx

@@ -1 +1 @@
-Subproject commit ed80a2f89204c8c2c99eb1194586fcc5b3929135
+Subproject commit 14b33a260f6be16cdf9aeb13ef8b363162953733

pure

@@ -1 +1 @@
-Subproject commit e279b48a0529fb2a654b27888ffc15ffdf5bd80f
+Subproject commit 924ac380bb27b7606bc0dc47b847b7b5b1697bb6

readme.md

@@ -35,9 +35,22 @@ LessPass open source password manager (https://lesspass.com)
 
 simply run 
 
-    bash <(curl -s https://raw.githubusercontent.com/lesspass/lesspass/master/lesspass.sh) [DOMAIN]
+    bash <(curl -s https://raw.githubusercontent.com/lesspass/lesspass/master/letsencrypt.sh) [DOMAIN] [EMAIL]
+
+`[DOMAIN]` and `[EMAIL]` are used to generate a LetsEncrypt certificate and configure LessPass.
+If not provided, you'll be asked to enter it.
+
+### create super user
+
+Go into the backend container and create a super user
+
+```
+docker exec -it lesspass_backend_1 sh
+python manage.py createsuperuser
+```
+
+Now you can access and manage users and password profiles on `https://[DOMAIN]/admin`
 
-You can specify your domain (e.g. example.org). If not provided, you'll be asked to enter it.
 
 ### configure email
 

scripts/update.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+docker-compose pull
+docker-compose down
+echo "Try to renew LestEncrypt certificate"
+docker run -it --rm -p 443:443 -p 80:80 -v $PWD/letsencrypt:/etc/letsencrypt/ certbot/certbot renew
+docker-compose up -d