Check domain validity
This commit is contained in:
parent
02b3821677
commit
8ac8f6fdc2
|
@ -350,14 +350,16 @@ make_csr() {
|
||||||
nb=0
|
nb=0
|
||||||
domains=`grep -oE "^( )*[^#]+" /etc/apache2/sites-enabled/${vhost}.conf|grep -oE "(ServerName|ServerAlias).*"|sed 's/ServerName//'|sed 's/ServerAlias//'|sed 's/\s\{1,\}//'|sort|uniq`
|
domains=`grep -oE "^( )*[^#]+" /etc/apache2/sites-enabled/${vhost}.conf|grep -oE "(ServerName|ServerAlias).*"|sed 's/ServerName//'|sed 's/ServerAlias//'|sed 's/\s\{1,\}//'|sort|uniq`
|
||||||
valid_domains=''
|
valid_domains=''
|
||||||
|
ip a|grep brd|cut -d'/' -f1|grep -oE "([0-9]+\.){3}[0-9]+" > /tmp/ip.list
|
||||||
for domain in $domains
|
for domain in $domains
|
||||||
do
|
do
|
||||||
# TODO : vérifier si domaine pointe sur localhost
|
real_ip=`dig +short $domain`
|
||||||
echo "$domain"
|
while read ip; do
|
||||||
if [ $? == 0 ]; then
|
if [ "$ip" == "$real_ip" ]; then
|
||||||
valid_domains="$valid_domains $domain"
|
valid_domains="$valid_domains $domain"
|
||||||
nb=$(( nb + 1 ))
|
nb=$(( nb + 1 ))
|
||||||
fi
|
fi
|
||||||
|
done < /tmp/ip.list
|
||||||
done
|
done
|
||||||
# Generate SSL KEY
|
# Generate SSL KEY
|
||||||
if [ ! -f $KEY_DIR/${vhost}.key ]; then
|
if [ ! -f $KEY_DIR/${vhost}.key ]; then
|
||||||
|
@ -367,11 +369,17 @@ make_csr() {
|
||||||
chown root: $KEY_DIR/${vhost}.key
|
chown root: $KEY_DIR/${vhost}.key
|
||||||
chmod 640 $KEY_DIR/${vhost}.key
|
chmod 640 $KEY_DIR/${vhost}.key
|
||||||
fi
|
fi
|
||||||
|
if [ $nb -eq 0 ]; then
|
||||||
|
nb=`echo $domains|wc -l`
|
||||||
|
no_valid=1
|
||||||
|
else
|
||||||
|
domains=$valid_domains
|
||||||
|
fi
|
||||||
# Generate SSL CSR
|
# Generate SSL CSR
|
||||||
mkdir -p $CSR_DIR -m 755
|
mkdir -p $CSR_DIR -m 755
|
||||||
chown root: $CSR_DIR
|
chown root: $CSR_DIR
|
||||||
if [ $nb -eq 1 ]; then
|
if [ $nb -eq 1 ]; then
|
||||||
openssl req -new -sha256 -key $KEY_DIR/${vhost}.key -config <(cat /etc/letsencrypt/openssl.cnf <(printf "CN=$domain")) -out $CSR_DIR/${vhost}.csr
|
openssl req -new -sha256 -key $KEY_DIR/${vhost}.key -config <(cat /etc/letsencrypt/openssl.cnf <(printf "CN=$domains")) -out $CSR_DIR/${vhost}.csr
|
||||||
elif [ $nb -gt 1 ]; then
|
elif [ $nb -gt 1 ]; then
|
||||||
san=''
|
san=''
|
||||||
for domain in $domains
|
for domain in $domains
|
||||||
|
@ -389,11 +397,13 @@ make_csr() {
|
||||||
chown root: $AUTO_CRT_DIR/${vhost}.pem
|
chown root: $AUTO_CRT_DIR/${vhost}.pem
|
||||||
chmod 644 $AUTO_CRT_DIR/${vhost}.pem
|
chmod 644 $AUTO_CRT_DIR/${vhost}.pem
|
||||||
# Enable autosigned CRT
|
# Enable autosigned CRT
|
||||||
if [ ! -e $CRT_DIR/${vhost}-fullchain.pem ]; then
|
|
||||||
ln -s $AUTO_CRT_DIR/${vhost}.pem $CRT_DIR/${vhost}-fullchain.pem
|
|
||||||
fi
|
|
||||||
rm -f $CRT_DIR/${vhost}*
|
rm -f $CRT_DIR/${vhost}*
|
||||||
evoacme ${vhost}
|
if [ -z $no_valid ]; then
|
||||||
|
evoacme ${vhost}
|
||||||
|
else
|
||||||
|
ln -s $AUTO_CRT_DIR/${vhost}.pem $CRT_DIR/${vhost}-fullchain.pem
|
||||||
|
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
op_ssl() {
|
op_ssl() {
|
||||||
|
@ -441,7 +451,7 @@ op_del() {
|
||||||
sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
|
sed -i.bak "/-config=$login /d" /etc/cron.d/awstats
|
||||||
apache2ctl configtest
|
apache2ctl configtest
|
||||||
set +x
|
set +x
|
||||||
rm -f $CRT_DIR/${login}*
|
rm -f $CRT_DIR/${login}* $KEY_DIR/${login}.key $CSR_DIR/${login}.csr $AUTO_CRT_DIR/${login}.pem
|
||||||
|
|
||||||
if [ -n "$dbname" ]; then
|
if [ -n "$dbname" ]; then
|
||||||
echo "Deleting mysql DATABASE $dbname and mysql user $login. Continue ?"
|
echo "Deleting mysql DATABASE $dbname and mysql user $login. Continue ?"
|
||||||
|
|
Loading…
Reference in a new issue