v1.3.4
systemd.path uses inotify to watch changes so md-renewed-install.path is only activated on non-shared storage or on same host in shared storage enviroment.
This commit is contained in:
183
md-renewed-install
Executable file
183
md-renewed-install
Executable file
@@ -0,0 +1,183 @@
|
||||
#!/bin/bash
|
||||
|
||||
MOD_MD_DIR=/var/lib/httpd/md
|
||||
MD_RENEWED_DIR=/var/lib/httpd/md-renewed
|
||||
|
||||
if [[ -f /etc/md-renewed/md-renewed.conf ]]; then
|
||||
. /etc/md-renewed/md-renewed.conf
|
||||
fi
|
||||
|
||||
MYDOMAINS=$(curl -s http://127.0.0.1/md-renewed-status | tail -n +1 | jq -r '."managed-domains"[].name' 2>/dev/null)
|
||||
|
||||
function set_permissions
|
||||
{
|
||||
local FILE="$1"
|
||||
local OWNER="$2"
|
||||
local GROUP="$3"
|
||||
local MODE="$4"
|
||||
|
||||
if [[ -z $OWNER ]]; then
|
||||
chown root $FILE
|
||||
else
|
||||
chown $OWNER $FILE
|
||||
fi
|
||||
|
||||
if [[ -z $GROUP ]]; then
|
||||
chgrp root $FILE
|
||||
else
|
||||
chgrp $GROUP $FILE
|
||||
fi
|
||||
|
||||
if [[ -z $MODE ]]; then
|
||||
chmod 0600 $FILE
|
||||
else
|
||||
chmod $MODE $FILE
|
||||
fi
|
||||
}
|
||||
|
||||
function run_copy
|
||||
{
|
||||
local DOMAIN="$1"
|
||||
local CONFIG="$2"
|
||||
|
||||
CERT_OWNER=""
|
||||
CERT_GROUP=""
|
||||
CERT_MODE=""
|
||||
CERT_FILE=""
|
||||
KEY_OWNER=""
|
||||
KEY_GROUP=""
|
||||
KEY_MODE=""
|
||||
KEY_FILE=""
|
||||
|
||||
. $CONFIG
|
||||
|
||||
[[ -z $CERT_FILE ]] && exit 0;
|
||||
|
||||
if [[ -z $KEY_FILE ]]; then
|
||||
KEY_FILE="$CERT_FILE"
|
||||
fi
|
||||
|
||||
cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $CERT_FILE
|
||||
|
||||
set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
|
||||
|
||||
if [[ $CERT_FILE != $KEY_FILE ]]; then
|
||||
cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem > $KEY_FILE
|
||||
else
|
||||
cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem >> $KEY_FILE
|
||||
fi
|
||||
|
||||
set_permissions "$KEY_FILE" "$KEY_OWNER" "$KEY_GROUP" "$KEY_MODE"
|
||||
}
|
||||
|
||||
function run_service
|
||||
{
|
||||
local DOMAIN="$1"
|
||||
local CONFIG="$2"
|
||||
SERVICE=""
|
||||
ACTION=""
|
||||
|
||||
. $CONFIG
|
||||
|
||||
[[ -z $SERVICE ]] && exit 0;
|
||||
|
||||
if [[ -z $ACTION ]]; then
|
||||
ACTION="restart"
|
||||
fi
|
||||
|
||||
/usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1
|
||||
}
|
||||
|
||||
function domain_renew
|
||||
{
|
||||
local DOMAIN="$1"
|
||||
for scr in /etc/md-renewed/$DOMAIN/*.cert; do
|
||||
run_copy "$1" "$scr"
|
||||
done
|
||||
for scr in /etc/md-renewed/$DOMAIN/*.service; do
|
||||
run_service "$1" "$scr"
|
||||
done
|
||||
for scr in /etc/md-renewed/$DOMAIN/*.sh; do
|
||||
$scr "$1"
|
||||
done
|
||||
}
|
||||
|
||||
HTTP_RELOAD=n
|
||||
|
||||
if [ -z $MD_RENEWED_HOST_DIR ]; then
|
||||
MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing
|
||||
MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed
|
||||
else
|
||||
MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing/${MD_RENEWED_HOST_DIR}
|
||||
MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed/${MD_RENEWED_HOST_DIR}
|
||||
fi
|
||||
|
||||
if [[ ! -d $MD_RENEWED_INSTALLING_TARGET ]]; then
|
||||
mkdir -p $MD_RENEWED_INSTALLING_TARGET
|
||||
chown apache.apache $MD_RENEWED_INSTALLING_TARGET
|
||||
fi
|
||||
|
||||
if [[ ! -d $MD_RENEWED_INSTALLED_TARGET ]]; then
|
||||
mkdir -p $MD_RENEWED_INSTALLED_TARGET
|
||||
chown apache.apache $MD_RENEWED_INSTALLED_TARGET
|
||||
fi
|
||||
|
||||
echo "md-renewed-install.service Looking for our domains: ${MYDOMAINS[*]}"
|
||||
for f in ${MD_RENEWED_INSTALLING_TARGET}/*; do
|
||||
if [[ ! -f $f ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
DOMAIN=$(basename $f)
|
||||
rm -f $f
|
||||
echo "md-renewed-install.service Checking domain $DOMAIN"
|
||||
|
||||
if [[ ! -f $MD_RENEWED_INSTALLED_TARGET/$DOMAIN ]]; then
|
||||
echo "md-renewed-install.service Installing domain $DOMAIN"
|
||||
touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
|
||||
|
||||
if [[ -d /etc/md-renewed/$DOMAIN ]]; then
|
||||
domain_renew "$DOMAIN"
|
||||
fi
|
||||
|
||||
for i in ${MYDOMAINS[@]}; do
|
||||
if [[ $DOMAIN == $i ]]; then
|
||||
echo "md-renewed-install.service $DOMAIN is our."
|
||||
HTTPD_RELOAD=y
|
||||
fi
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
||||
echo "md-renewed-install.service Looking for our already installed domains: ${MYDOMAINS[*]}"
|
||||
for f in ${MOD_MD_DIR}/domains/*; do
|
||||
if [[ ! -d $f ]]; then
|
||||
continue
|
||||
fi
|
||||
|
||||
DOMAIN=$(basename $f)
|
||||
echo "md-renewed-install.service Checking already installed domain $DOMAIN"
|
||||
|
||||
if [[ ! -f $MD_RENEWED_INSTALLED_TARGET/$DOMAIN ]]; then
|
||||
touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
|
||||
|
||||
if [[ -d /etc/md-renewed/$DOMAIN ]]; then
|
||||
domain_renew "$DOMAIN"
|
||||
fi
|
||||
|
||||
for i in ${MYDOMAINS[@]}; do
|
||||
if [[ $DOMAIN == $i ]]; then
|
||||
echo "md-renewed-install.service Already installed $DOMAIN is our."
|
||||
HTTPD_RELOAD=y
|
||||
fi
|
||||
done
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ $HTTPD_RELOAD == y ]]; then
|
||||
echo "md-renewed-install.service Restarting apache."
|
||||
sleep $[ ( $RANDOM % 60 ) + 1 ]s
|
||||
/usr/bin/systemctl reload httpd
|
||||
fi
|
||||
|
||||
exit 0
|
||||
Reference in New Issue
Block a user