evoacme: use hooks after certificate creation
This commit is contained in:
parent
1fa4ccc338
commit
4d6853f844
|
@ -1,47 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
error() {
|
|
||||||
>&2 echo "${PROGNAME}: $1"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
debug() {
|
|
||||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
|
||||||
>&2 echo "${PROGNAME}: $1"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
readonly PROGNAME=$(basename "$0")
|
|
||||||
|
|
||||||
readonly VERBOSE=${VERBOSE:-"0"}
|
|
||||||
|
|
||||||
if [ -z "${EVOACME_VHOST_PATH}"]; then
|
|
||||||
error "Missing EVOACME_VHOST_PATH environment variable"
|
|
||||||
fi
|
|
||||||
if [ -z "${EVOACME_CERT_PATH}"]; then
|
|
||||||
error "Missing EVOACME_CERT_PATH environment variable"
|
|
||||||
fi
|
|
||||||
|
|
||||||
readonly APACHE2CTL_BIN=$(command -v apache2ctl) || error "apache2ctl command not installed"
|
|
||||||
|
|
||||||
[ -r "${EVOACME_VHOST_PATH}"] || error "File ${EVOACME_VHOST_PATH} is not readable"
|
|
||||||
|
|
||||||
local search="^SSLCertificateFile.*$"
|
|
||||||
local replace="SSLCertificateFile ${EVOACME_VHOST_PATH}"
|
|
||||||
|
|
||||||
if ! $(grep -qE "${search}" "${EVOACME_VHOST_PATH}"); then
|
|
||||||
[ -w "${EVOACME_VHOST_PATH}" ] || error "File ${EVOACME_VHOST_PATH} is not writable"
|
|
||||||
|
|
||||||
sed -i "s~${search}~${replace}~" "${EVOACME_VHOST_PATH}"
|
|
||||||
debug "Config in ${EVOACME_VHOST_PATH} has been updated"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "$(pidof apache2)" ]; then
|
|
||||||
if $(${APACHE2CTL_BIN} -t 2> /dev/null); then
|
|
||||||
debug "Apache detected... reloading"
|
|
||||||
service apache2 reload
|
|
||||||
else
|
|
||||||
error "Apache config is broken, you must fix it !"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
exit 0
|
|
|
@ -92,6 +92,20 @@ csr_verify() {
|
||||||
"${OPENSSL_BIN}" req -noout -modulus -in "$file" >/dev/null
|
"${OPENSSL_BIN}" req -noout -modulus -in "$file" >/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
|
exec_hooks() {
|
||||||
|
local hooks_dir="$1"
|
||||||
|
|
||||||
|
export EVOACME_VHOST_NAME="${VHOST}"
|
||||||
|
export EVOACME_LIVE_FULLCHAIN="${LIVE_FULLCHAIN}"
|
||||||
|
|
||||||
|
for hook in $(find ${HOOKS_DIR} -type f | grep -v ".disabled$"); do
|
||||||
|
if [ -x "${hook}" ]; then
|
||||||
|
debug "Executing ${hook}"
|
||||||
|
${hook}
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
# check arguments
|
# check arguments
|
||||||
[ "$#" -eq 1 ] || error "invalid argument(s)"
|
[ "$#" -eq 1 ] || error "invalid argument(s)"
|
||||||
|
@ -112,6 +126,10 @@ main() {
|
||||||
chown root: "${LOG_DIR}"
|
chown root: "${LOG_DIR}"
|
||||||
[ -w "${LOG_DIR}" ] || error "Directory ${LOG_DIR} is not writable"
|
[ -w "${LOG_DIR}" ] || error "Directory ${LOG_DIR} is not writable"
|
||||||
|
|
||||||
|
mkdir -p "${HOOKS_DIR}"
|
||||||
|
chown root: "${HOOKS_DIR}"
|
||||||
|
[ -d "${HOOKS_DIR}" ] || error "Directory ${HOOKS_DIR} is not found"
|
||||||
|
|
||||||
readonly VHOST=$(basename "$1" .conf)
|
readonly VHOST=$(basename "$1" .conf)
|
||||||
|
|
||||||
# check for important programs
|
# check for important programs
|
||||||
|
@ -239,27 +257,12 @@ main() {
|
||||||
# verify final path
|
# verify final path
|
||||||
x509_verify "${LIVE_CERT}" || error "${LIVE_CERT} is invalid"
|
x509_verify "${LIVE_CERT}" || error "${LIVE_CERT} is invalid"
|
||||||
|
|
||||||
# update and reload Apache
|
# update Apache
|
||||||
command -v apache2ctl > /dev/null && sed_cert_path_for_apache "${VHOST}" "${LIVE_FULLCHAIN}"
|
sed_cert_path_for_apache "${VHOST}" "${LIVE_FULLCHAIN}"
|
||||||
if [ -n "$(pidof apache2)" ]; then
|
# update Nginx
|
||||||
if $($(command -v apache2ctl) -t 2>/dev/null); then
|
sed_cert_path_for_nginx "${VHOST}" "${LIVE_FULLCHAIN}"
|
||||||
debug "Apache detected... reloading"
|
|
||||||
service apache2 reload
|
|
||||||
else
|
|
||||||
error "Apache config is broken, you must fix it !"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# update and reload Nginx
|
exec_hooks "${HOOKS_DIR}"
|
||||||
command -v nginx > /dev/null && sed_cert_path_for_nginx "${VHOST}" "${LIVE_FULLCHAIN}"
|
|
||||||
if [ -n "$(pidof nginx)" ]; then
|
|
||||||
if $($(command -v nginx) -t 2>/dev/null); then
|
|
||||||
debug "Nginx detected... reloading"
|
|
||||||
service nginx reload
|
|
||||||
else
|
|
||||||
error "Nginx config is broken, you must fix it !"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
readonly PROGNAME=$(basename "$0")
|
readonly PROGNAME=$(basename "$0")
|
||||||
|
@ -280,6 +283,7 @@ readonly ACME_DIR=${ACME_DIR:-"/var/lib/letsencrypt"}
|
||||||
readonly CSR_DIR=${CSR_DIR:-"/etc/ssl/requests"}
|
readonly CSR_DIR=${CSR_DIR:-"/etc/ssl/requests"}
|
||||||
readonly CRT_DIR=${CRT_DIR:-"/etc/letsencrypt"}
|
readonly CRT_DIR=${CRT_DIR:-"/etc/letsencrypt"}
|
||||||
readonly LOG_DIR=${LOG_DIR:-"/var/log/evoacme"}
|
readonly LOG_DIR=${LOG_DIR:-"/var/log/evoacme"}
|
||||||
|
readonly HOOKS_DIR=${HOOKS_DIR:-"${CRT_DIR}/hooks"}
|
||||||
readonly SSL_MINDAY=${SSL_MINDAY:-"30"}
|
readonly SSL_MINDAY=${SSL_MINDAY:-"30"}
|
||||||
readonly SSL_EMAIL=${SSL_EMAIL:-""}
|
readonly SSL_EMAIL=${SSL_EMAIL:-""}
|
||||||
|
|
||||||
|
|
28
evoacme/files/hooks/reload_apache
Executable file
28
evoacme/files/hooks/reload_apache
Executable file
|
@ -0,0 +1,28 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
readonly PROGNAME=$(basename "$0")
|
||||||
|
readonly ARGS=$@
|
||||||
|
|
||||||
|
readonly VERBOSE=${VERBOSE:-"0"}
|
||||||
|
readonly QUIET=${QUIET:-"0"}
|
||||||
|
|
||||||
|
error() {
|
||||||
|
>&2 echo "${PROGNAME}: $1"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
debug() {
|
||||||
|
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||||
|
>&2 echo "${PROGNAME}: $1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ -n "$(pidof apache2)" ]; then
|
||||||
|
if $($(command -v apache2ctl) -t 2> /dev/null); then
|
||||||
|
debug "Apache detected... reloading"
|
||||||
|
service apache2 reload
|
||||||
|
else
|
||||||
|
error " Apache config is broken, you must fix it !"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "Apache is not running. Skip."
|
||||||
|
fi
|
28
evoacme/files/hooks/reload_nginx
Executable file
28
evoacme/files/hooks/reload_nginx
Executable file
|
@ -0,0 +1,28 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
readonly PROGNAME=$(basename "$0")
|
||||||
|
readonly ARGS=$@
|
||||||
|
|
||||||
|
readonly VERBOSE=${VERBOSE:-"0"}
|
||||||
|
readonly QUIET=${QUIET:-"0"}
|
||||||
|
|
||||||
|
error() {
|
||||||
|
>&2 echo "${PROGNAME}: $1"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
debug() {
|
||||||
|
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
||||||
|
>&2 echo "${PROGNAME}: $1"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ -n "$(pidof nginx)" ]; then
|
||||||
|
if $($(command -v nginx) -t 2> /dev/null); then
|
||||||
|
debug "Nginx detected... reloading"
|
||||||
|
service nginx reload
|
||||||
|
else
|
||||||
|
error "Nginx config is broken, you must fix it !"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
debug "Nginx is not running. Skip."
|
||||||
|
fi
|
|
@ -1,47 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
|
|
||||||
error() {
|
|
||||||
>&2 echo "${PROGNAME}: $1"
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
debug() {
|
|
||||||
if [ "${VERBOSE}" = "1" ] && [ "${QUIET}" != "1" ]; then
|
|
||||||
>&2 echo "${PROGNAME}: $1"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
readonly PROGNAME=$(basename "$0")
|
|
||||||
|
|
||||||
readonly VERBOSE=${VERBOSE:-"0"}
|
|
||||||
|
|
||||||
if [ -z "${EVOACME_VHOST_PATH}"]; then
|
|
||||||
error "Missing EVOACME_VHOST_PATH environment variable"
|
|
||||||
fi
|
|
||||||
if [ -z "${EVOACME_CERT_PATH}"]; then
|
|
||||||
error "Missing EVOACME_CERT_PATH environment variable"
|
|
||||||
fi
|
|
||||||
|
|
||||||
readonly NGINX_BIN=$(command -v nginx) || error "nginx command not installed"
|
|
||||||
|
|
||||||
[ -r "${EVOACME_VHOST_PATH}"] || error "File ${EVOACME_VHOST_PATH} is not readable"
|
|
||||||
|
|
||||||
readonly search="^ssl_certificate[^_].*$"
|
|
||||||
readonly replace="ssl_certificate ${EVOACME_CERT_PATH};"
|
|
||||||
|
|
||||||
if ! $(grep -qE "${search}" "${EVOACME_VHOST_PATH}"); then
|
|
||||||
[ -w "${EVOACME_VHOST_PATH}" ] || error "File ${EVOACME_VHOST_PATH} is not writable"
|
|
||||||
|
|
||||||
sed -i "s~${search}~${replace}~" "${EVOACME_VHOST_PATH}"
|
|
||||||
debug "Config in ${EVOACME_VHOST_PATH} has been updated"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "$(pidof nginx)" ]; then
|
|
||||||
if $(${NGINX_BIN} -t 2> /dev/null); then
|
|
||||||
debug "Nginx detected... reloading"
|
|
||||||
service nginx reload
|
|
||||||
else
|
|
||||||
error "Nginx config is broken, you must fix it !"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
exit 0
|
|
Loading…
Reference in a new issue