evoacme: use hooks after certificate creation
This commit is contained in:
parent
1fa4ccc338
commit
4d6853f844
|
@ -1,47 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
|
||||
readonly PROGNAME=$(basename "$0")
|
||||
|
||||
readonly VERBOSE=${VERBOSE:-"0"}
|
||||
|
||||
if [ -z "${EVOACME_VHOST_PATH}"]; then
|
||||
error "Missing EVOACME_VHOST_PATH environment variable"
|
||||
fi
|
||||
if [ -z "${EVOACME_CERT_PATH}"]; then
|
||||
error "Missing EVOACME_CERT_PATH environment variable"
|
||||
fi
|
||||
|
||||
readonly APACHE2CTL_BIN=$(command -v apache2ctl) || error "apache2ctl command not installed"
|
||||
|
||||
[ -r "${EVOACME_VHOST_PATH}"] || error "File ${EVOACME_VHOST_PATH} is not readable"
|
||||
|
||||
local search="^SSLCertificateFile.*$"
|
||||
local replace="SSLCertificateFile ${EVOACME_VHOST_PATH}"
|
||||
|
||||
if ! $(grep -qE "${search}" "${EVOACME_VHOST_PATH}"); then
|
||||
[ -w "${EVOACME_VHOST_PATH}" ] || error "File ${EVOACME_VHOST_PATH} is not writable"
|
||||
|
||||
sed -i "s~${search}~${replace}~" "${EVOACME_VHOST_PATH}"
|
||||
debug "Config in ${EVOACME_VHOST_PATH} has been updated"
|
||||
fi
|
||||
|
||||
if [ -n "$(pidof apache2)" ]; then
|
||||
if $(${APACHE2CTL_BIN} -t 2> /dev/null); then
|
||||
debug "Apache detected... reloading"
|
||||
service apache2 reload
|
||||
else
|
||||
error "Apache config is broken, you must fix it !"
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
|
@ -92,6 +92,20 @@ csr_verify() {
|
|||
"${OPENSSL_BIN}" req -noout -modulus -in "$file" >/dev/null
|
||||
}
|
||||
|
||||
exec_hooks() {
|
||||
local hooks_dir="$1"
|
||||
|
||||
export EVOACME_VHOST_NAME="${VHOST}"
|
||||
export EVOACME_LIVE_FULLCHAIN="${LIVE_FULLCHAIN}"
|
||||
|
||||
for hook in $(find ${HOOKS_DIR} -type f | grep -v ".disabled$"); do
|
||||
if [ -x "${hook}" ]; then
|
||||
debug "Executing ${hook}"
|
||||
${hook}
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
main() {
|
||||
# check arguments
|
||||
[ "$#" -eq 1 ] || error "invalid argument(s)"
|
||||
|
@ -112,6 +126,10 @@ main() {
|
|||
chown root: "${LOG_DIR}"
|
||||
[ -w "${LOG_DIR}" ] || error "Directory ${LOG_DIR} is not writable"
|
||||
|
||||
mkdir -p "${HOOKS_DIR}"
|
||||
chown root: "${HOOKS_DIR}"
|
||||
[ -d "${HOOKS_DIR}" ] || error "Directory ${HOOKS_DIR} is not found"
|
||||
|
||||
readonly VHOST=$(basename "$1" .conf)
|
||||
|
||||
# check for important programs
|
||||
|
@ -239,27 +257,12 @@ main() {
|
|||
# verify final path
|
||||
x509_verify "${LIVE_CERT}" || error "${LIVE_CERT} is invalid"
|
||||
|
||||
# update and reload Apache
|
||||
command -v apache2ctl > /dev/null && sed_cert_path_for_apache "${VHOST}" "${LIVE_FULLCHAIN}"
|
||||
if [ -n "$(pidof apache2)" ]; then
|
||||
if $($(command -v apache2ctl) -t 2>/dev/null); then
|
||||
debug "Apache detected... reloading"
|
||||
service apache2 reload
|
||||
else
|
||||
error "Apache config is broken, you must fix it !"
|
||||
fi
|
||||
fi
|
||||
# update Apache
|
||||
sed_cert_path_for_apache "${VHOST}" "${LIVE_FULLCHAIN}"
|
||||
# update Nginx
|
||||
sed_cert_path_for_nginx "${VHOST}" "${LIVE_FULLCHAIN}"
|
||||
|
||||
# update and reload Nginx
|
||||
command -v nginx > /dev/null && sed_cert_path_for_nginx "${VHOST}" "${LIVE_FULLCHAIN}"
|
||||
if [ -n "$(pidof nginx)" ]; then
|
||||
if $($(command -v nginx) -t 2>/dev/null); then
|
||||
debug "Nginx detected... reloading"
|
||||
service nginx reload
|
||||
else
|
||||
error "Nginx config is broken, you must fix it !"
|
||||
fi
|
||||
fi
|
||||
exec_hooks "${HOOKS_DIR}"
|
||||
}
|
||||
|
||||
readonly PROGNAME=$(basename "$0")
|
||||
|
@ -280,6 +283,7 @@ readonly ACME_DIR=${ACME_DIR:-"/var/lib/letsencrypt"}
|
|||
readonly CSR_DIR=${CSR_DIR:-"/etc/ssl/requests"}
|
||||
readonly CRT_DIR=${CRT_DIR:-"/etc/letsencrypt"}
|
||||
readonly LOG_DIR=${LOG_DIR:-"/var/log/evoacme"}
|
||||
readonly HOOKS_DIR=${HOOKS_DIR:-"${CRT_DIR}/hooks"}
|
||||
readonly SSL_MINDAY=${SSL_MINDAY:-"30"}
|
||||
readonly SSL_EMAIL=${SSL_EMAIL:-""}
|
||||
|
||||
|
|
28
evoacme/files/hooks/reload_apache
Executable file
28
evoacme/files/hooks/reload_apache
Executable file
|
@ -0,0 +1,28 @@
|
|||
#!/bin/sh
|
||||
|
||||
readonly PROGNAME=$(basename "$0")
|
||||
readonly ARGS=$@
|
||||
|
||||
readonly VERBOSE=${VERBOSE:-"0"}
|
||||
readonly QUIET=${QUIET:-"0"}
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
|
||||
if [ -n "$(pidof apache2)" ]; then
|
||||
if $($(command -v apache2ctl) -t 2> /dev/null); then
|
||||
debug "Apache detected... reloading"
|
||||
service apache2 reload
|
||||
else
|
||||
error " Apache config is broken, you must fix it !"
|
||||
fi
|
||||
else
|
||||
debug "Apache is not running. Skip."
|
||||
fi
|
28
evoacme/files/hooks/reload_nginx
Executable file
28
evoacme/files/hooks/reload_nginx
Executable file
|
@ -0,0 +1,28 @@
|
|||
#!/bin/sh
|
||||
|
||||
readonly PROGNAME=$(basename "$0")
|
||||
readonly ARGS=$@
|
||||
|
||||
readonly VERBOSE=${VERBOSE:-"0"}
|
||||
readonly QUIET=${QUIET:-"0"}
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
|
||||
if [ -n "$(pidof nginx)" ]; then
|
||||
if $($(command -v nginx) -t 2> /dev/null); then
|
||||
debug "Nginx detected... reloading"
|
||||
service nginx reload
|
||||
else
|
||||
error "Nginx config is broken, you must fix it !"
|
||||
fi
|
||||
else
|
||||
debug "Nginx is not running. Skip."
|
||||
fi
|
|
@ -1,47 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
error() {
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
exit 1
|
||||
}
|
||||
debug() {
|
||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||
>&2 echo "${PROGNAME}: $1"
|
||||
fi
|
||||
}
|
||||
|
||||
readonly PROGNAME=$(basename "$0")
|
||||
|
||||
readonly VERBOSE=${VERBOSE:-"0"}
|
||||
|
||||
if [ -z "${EVOACME_VHOST_PATH}"]; then
|
||||
error "Missing EVOACME_VHOST_PATH environment variable"
|
||||
fi
|
||||
if [ -z "${EVOACME_CERT_PATH}"]; then
|
||||
error "Missing EVOACME_CERT_PATH environment variable"
|
||||
fi
|
||||
|
||||
readonly NGINX_BIN=$(command -v nginx) || error "nginx command not installed"
|
||||
|
||||
[ -r "${EVOACME_VHOST_PATH}"] || error "File ${EVOACME_VHOST_PATH} is not readable"
|
||||
|
||||
readonly search="^ssl_certificate[^_].*$"
|
||||
readonly replace="ssl_certificate ${EVOACME_CERT_PATH};"
|
||||
|
||||
if ! $(grep -qE "${search}" "${EVOACME_VHOST_PATH}"); then
|
||||
[ -w "${EVOACME_VHOST_PATH}" ] || error "File ${EVOACME_VHOST_PATH} is not writable"
|
||||
|
||||
sed -i "s~${search}~${replace}~" "${EVOACME_VHOST_PATH}"
|
||||
debug "Config in ${EVOACME_VHOST_PATH} has been updated"
|
||||
fi
|
||||
|
||||
if [ -n "$(pidof nginx)" ]; then
|
||||
if $(${NGINX_BIN} -t 2> /dev/null); then
|
||||
debug "Nginx detected... reloading"
|
||||
service nginx reload
|
||||
else
|
||||
error "Nginx config is broken, you must fix it !"
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
Loading…
Reference in a new issue