#!/usr/bin/env bash

echo -e "\n*****\n* Generating Diffie-Hellman parameters for better security.\n*****\n"

# Add Diffie-Hellman parameters.
# Create secure Diffie-Hellman parameters.
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

NGINX_CONF="/etc/nginx/sites-available/default"

# Get last occurrence of parentheses that closes the code block.
LAST_OCCURANCE=$(grep --line-number } "$NGINX_CONF" | cut --delimiter=: --fields=1 | tail --lines=2 | head --lines=1)

# Add new parameters to server block
SECURE_DH_PEM="ssl_dhparam /etc/ssl/certs/dhparam.pem;"
sudo sed --in-place "$LAST_OCCURANCE s%\(}\)%\1\n\n    $SECURE_DH_PEM%" "$NGINX_CONF"

# Restart Nginx
sudo systemctl reload nginx


# Ask for valid email.
# -e - Input coming from terminal.
# -p - Prompt for input.
read -ep "Enter valid email for account retrieval: " EMAIL

HOST_NAME=$(hostname)

# Install Certbot Let's Encrypt client for certificates on Nginx.
sudo add-apt-repository -y ppa:certbot/certbot
sudo apt-get update
sudo apt-get -y install python-certbot-nginx

# Auto configure: Authenticate and install certificate.
sudo certbot --nginx \
--domain ${HOST_NAME}.eastus.cloudapp.azure.com \
--email ${EMAIL} \
--agree-tos \
--no-eff-email \
--non-interactive \
--redirect \
--test-cert