#!/bin/bash WORKING_DIR=/usr/share/fastapi-dls CONFIG_DIR=/etc/fastapi-dls echo "> Create config directory ..." mkdir -p $CONFIG_DIR echo "> Install service ..." cat </etc/systemd/system/fastapi-dls.service [Unit] Description=Service for fastapi-dls After=network.target [Service] User=www-data Group=www-data AmbientCapabilities=CAP_NET_BIND_SERVICE WorkingDirectory=$WORKING_DIR EnvironmentFile=$CONFIG_DIR/env ExecStart=uvicorn main:app \\ --env-file /etc/fastapi-dls/env \\ --host \$DLS_URL --port \$DLS_PORT \\ --app-dir $WORKING_DIR/app \\ --ssl-keyfile /etc/fastapi-dls/webserver.key \\ --ssl-certfile /etc/fastapi-dls/webserver.crt \\ --proxy-headers Restart=always KillSignal=SIGQUIT Type=simple StandardError=syslog NotifyAccess=all [Install] WantedBy=multi-user.target EOF echo "> Writing default config parameters ..." touch $CONFIG_DIR/env cat <$CONFIG_DIR/env DLS_URL=127.0.0.1 DLS_PORT=443 LEASE_EXPIRE_DAYS=90 DATABASE=sqlite:///$CONFIG_DIR/db.sqlite INSTANCE_KEY_RSA=$CONFIG_DIR/instance.private.pem INSTANCE_KEY_PUB=$CONFIG_DIR/instance.public.pem EOF echo "> Create dls-instance keypair ..." openssl genrsa -out $CONFIG_DIR/instance.private.pem 2048 openssl rsa -in $CONFIG_DIR/instance.private.pem -outform PEM -pubout -out $CONFIG_DIR/instance.public.pem while true; do read -p "> Do you wish to create self-signed webserver certificate? [Y/n]" yn yn=${yn:-y} # ${parameter:-word} If parameter is unset or null, the expansion of word is substituted. Otherwise, the value of parameter is substituted. case $yn in [Yy]*) openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout $CONFIG_DIR/webserver.key -out $CONFIG_DIR/webserver.crt break ;; [Nn]*) break ;; *) echo "Please answer [y] or [n]." ;; esac done if [[ -f $CONFIG_DIR/webserver.key ]]; then echo "> Starting service ..." systemctl start fastapi-dls.service if [ -x "$(command -v curl)" ]; then echo "> Testing API ..." curl --insecure -X GET https://127.0.0.1/status else echo "> Testing API failed, curl not available. Please test manually!" fi fi chown -R www-data:www-data $CONFIG_DIR/* chown -R www-data:www-data $WORKING_DIR cat <