start.sh 1.23 KB
Newer Older
mehdi's avatar
mehdi committed
1 2 3 4 5 6
#!/bin/bash

set -eu

export NODE_ENV=production

7
# Creating a secret for web sessions
mehdi's avatar
mehdi committed
8 9 10 11
if [ ! -f /app/data/session.secret ]; then
    dd if=/dev/urandom bs=256 count=1 | base64 > /app/data/session.secret
fi

12 13 14
# Generate random management token for admin api
dd if=/dev/urandom bs=256 count=1 | base64 > /run/admin-token

15
source /app/code/easyrsa/easyrsa-vars.sh
mehdi's avatar
mehdi committed
16

mehdi's avatar
mehdi committed
17
# The first time this is run, initialize OpenVPN keys
mehdi's avatar
mehdi committed
18 19 20 21 22 23 24 25
if [ ! -d /app/data/keys ]; then
    /app/code/easyrsa/clean-all
    /app/code/easyrsa/pkitool --initca
    openvpn --genkey --secret /app/data/keys/ta.key
    /app/code/easyrsa/build-dh
    /app/code/easyrsa/pkitool --server cloudron
fi

26 27 28
# initializing / regenerating CRL file
./regen-crl.sh

mehdi's avatar
mehdi committed
29
# Writing OpenVPN config
30 31 32
sed -e "s/##VPN_TCP_PORT/${VPN_TCP_PORT:-}/" \
    -e "s/##CLOUDRON_APP_DOMAIN/${CLOUDRON_APP_DOMAIN}/" \
    /app/code/openvpn.conf.template > /run/openvpn.conf
mehdi's avatar
mehdi committed
33

mehdi's avatar
mehdi committed
34
# Add iptables rules for NATing VPN traffic
35
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
mehdi's avatar
mehdi committed
36

Girish Ramakrishnan's avatar
Girish Ramakrishnan committed
37 38 39
# Clear all hosts on startup
mkdir -p /run/dnsmasq/hosts

mehdi's avatar
mehdi committed
40
# Fix permissions
mehdi's avatar
mehdi committed
41 42 43
chown -R cloudron:cloudron /app/data /tmp /run

echo "Starting server"
44
exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i OpenVPN