191 lines
4.3 KiB
Bash
Executable File
191 lines
4.3 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
MOD_MD_DIR=/var/lib/httpd/md
|
|
MD_RENEWED_DIR=/var/lib/httpd/md-renewed
|
|
|
|
if [[ -f /etc/md-renewed/md-renewed.conf ]]; then
|
|
. /etc/md-renewed/md-renewed.conf
|
|
fi
|
|
|
|
MYDOMAINS=$(curl -s http://127.0.0.1/md-renewed-status | tail -n +1 | jq -r '."managed-domains"[].name' 2>/dev/null)
|
|
|
|
function set_permissions
|
|
{
|
|
local FILE="$1"
|
|
local OWNER="$2"
|
|
local GROUP="$3"
|
|
local MODE="$4"
|
|
|
|
if [[ -z $OWNER ]]; then
|
|
chown root $FILE
|
|
else
|
|
chown $OWNER $FILE
|
|
fi
|
|
|
|
if [[ -z $GROUP ]]; then
|
|
chgrp root $FILE
|
|
else
|
|
chgrp $GROUP $FILE
|
|
fi
|
|
|
|
if [[ -z $MODE ]]; then
|
|
chmod 0600 $FILE
|
|
else
|
|
chmod $MODE $FILE
|
|
fi
|
|
}
|
|
|
|
function run_copy
|
|
{
|
|
local DOMAIN="$1"
|
|
local CONFIG="$2"
|
|
|
|
CERT_OWNER="root"
|
|
CERT_GROUP="root"
|
|
CERT_MODE="0700"
|
|
CERT_FILE=""
|
|
KEY_OWNER="root"
|
|
KEY_GROUP="root"
|
|
KEY_MODE="0700"
|
|
KEY_FILE=""
|
|
SERVICE=""
|
|
ACRION="restart"
|
|
|
|
. $CONFIG
|
|
|
|
[[ -z $CERT_FILE ]] && exit 0;
|
|
|
|
TEMP_CERT_FILE=$(mktemp)
|
|
|
|
if [[ ! -z $KEY_FILE ]]; then
|
|
TEMP_KEY_FILE=$(mktemp)
|
|
fi
|
|
|
|
OLD_UMASK=$(umask)
|
|
umask 0077
|
|
DO_ACTION=n
|
|
|
|
if [[ ! -z $KEY_FILE && $KEY_FILE != $CERT_FILE ]]; then
|
|
cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $TEMP_CERT_FILE
|
|
cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem > $TEMP_KEY_FILE
|
|
|
|
if [[ $(md5sum $TEMP_CERT_FILE) != $(md5sum $CERT_FILE) ]]; then
|
|
cp -f $TEMP_CERT_FILE $CERT_FILE
|
|
set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
|
|
DO_ACTION=y
|
|
fi
|
|
rm -f $TEMP_CERT_FILE
|
|
|
|
if [[ $(md5sum $TEMP_KEY_FILE) != $(md5sum $KEY_FILE) ]]; then
|
|
cp -f $TEMP_KEY_FILE $KEY_FILE
|
|
set_permissions "$KEY_FILE" "$KEY_OWNER" "$KEY_GROUP" "$KEY_MODE"
|
|
DO_ACTION=y
|
|
fi
|
|
rm -f $TEMP_KEY_FILE
|
|
else
|
|
cat ${MOD_MD_DIR}/domains/$DOMAIN/pubcert.pem > $TEMP_CERT_FILE
|
|
cat ${MOD_MD_DIR}/domains/$DOMAIN/privkey.pem >> $TEMP_CERT_FILE
|
|
|
|
if [[ $(md5sum $TEMP_CERT_FILE) != $(md5sum $CERT_FILE) ]]; then
|
|
cp -f $TEMP_CERT_FILE $CERT_FILE
|
|
set_permissions "$CERT_FILE" "$CERT_OWNER" "$CERT_GROUP" "$CERT_MODE"
|
|
DO_ACTION=y
|
|
fi
|
|
rm -f $TEMP_CERT_FILE
|
|
fi
|
|
umask $OLD_UMASK
|
|
|
|
if [[ $DO_ACTION == y && ! -z $SERVICE ]]; then
|
|
ACTION=${ACTION:-restart}
|
|
/usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1
|
|
fi
|
|
}
|
|
|
|
function run_service
|
|
{
|
|
local DOMAIN="$1"
|
|
local CONFIG="$2"
|
|
SERVICE=""
|
|
ACTION=""
|
|
|
|
. $CONFIG
|
|
|
|
[[ -z $SERVICE ]] && exit 0;
|
|
|
|
ACTION=${ACTION:-restart}
|
|
|
|
/usr/bin/systemctl $ACTION $SERVICE > /dev/null 2>&1
|
|
}
|
|
|
|
function domain_renew
|
|
{
|
|
local DOMAIN="$1"
|
|
for scr in /etc/md-renewed/$DOMAIN/*.cert; do
|
|
run_copy "$1" "$scr"
|
|
done
|
|
for scr in /etc/md-renewed/$DOMAIN/*.service; do
|
|
run_service "$1" "$scr"
|
|
done
|
|
for scr in /etc/md-renewed/$DOMAIN/*.sh; do
|
|
$scr "$1"
|
|
done
|
|
}
|
|
|
|
if [ -z $MD_RENEWED_HOST_DIR ]; then
|
|
MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing
|
|
MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed
|
|
else
|
|
MD_RENEWED_INSTALLING_TARGET=${MD_RENEWED_DIR}/installing/${MD_RENEWED_HOST_DIR}
|
|
MD_RENEWED_INSTALLED_TARGET=${MD_RENEWED_DIR}/installed/${MD_RENEWED_HOST_DIR}
|
|
fi
|
|
|
|
if [[ ! -d $MD_RENEWED_INSTALLING_TARGET ]]; then
|
|
mkdir -p $MD_RENEWED_INSTALLING_TARGET
|
|
chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLING_TARGET
|
|
fi
|
|
|
|
if [[ ! -d $MD_RENEWED_INSTALLED_TARGET ]]; then
|
|
mkdir -p $MD_RENEWED_INSTALLED_TARGET
|
|
chown ${MD_USER}.${MD_GROUP} $MD_RENEWED_INSTALLED_TARGET
|
|
fi
|
|
|
|
echo "md-renewed-install.service Looking for our domains: ${MYDOMAINS[*]}"
|
|
for f in ${MD_RENEWED_INSTALLING_TARGET}/*; do
|
|
if [[ ! -f $f ]]; then
|
|
continue
|
|
fi
|
|
|
|
DOMAIN=$(basename $f)
|
|
rm -f $f
|
|
echo "md-renewed-install.service Checking domain $DOMAIN"
|
|
|
|
echo "md-renewed-install.service Installing domain $DOMAIN"
|
|
touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
|
|
|
|
if [[ -d /etc/md-renewed/$DOMAIN ]]; then
|
|
domain_renew "$DOMAIN"
|
|
fi
|
|
done
|
|
|
|
if [[ $1 == "force" ]]; then
|
|
echo "md-renewed-install.service Looking for our already installed domains: ${MYDOMAINS[*]}"
|
|
for f in ${MOD_MD_DIR}/domains/*; do
|
|
if [[ ! -d $f ]]; then
|
|
continue
|
|
fi
|
|
|
|
DOMAIN=$(basename $f)
|
|
|
|
echo "md-renewed-install.service Checking already installed domain $DOMAIN"
|
|
|
|
if [[ ! -f $MD_RENEWED_INSTALLED_TARGET/$DOMAIN ]]; then
|
|
touch $MD_RENEWED_INSTALLED_TARGET/$DOMAIN
|
|
fi
|
|
|
|
if [[ -d /etc/md-renewed/$DOMAIN ]]; then
|
|
domain_renew "$DOMAIN"
|
|
fi
|
|
done
|
|
fi
|
|
|
|
exit 0 |