From 629dfe7126c3b0c3eeaa320afd017f66fbaa1217 Mon Sep 17 00:00:00 2001 From: Deon George Date: Fri, 12 Feb 2021 12:16:37 +1100 Subject: [PATCH] Change renew.sh to ssl.sh - enabled specific domain registration --- Dockerfile | 4 ++-- new.sh | 57 ----------------------------------------------- renew.sh | 51 ------------------------------------------ ssl.sh | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 67 insertions(+), 110 deletions(-) delete mode 100755 new.sh delete mode 100755 renew.sh create mode 100755 ssl.sh diff --git a/Dockerfile b/Dockerfile index 9959f72..0076dd5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -24,8 +24,8 @@ RUN curl -sL https://github.com/go-acme/lego/releases/download/v4.2.0/lego_v4.2. EXPOSE 80 443 -COPY new.sh renew.sh /usr/local/sbin/ -LABEL cron.container.weekly root#/usr/local/sbin/renew.sh lego +COPY new.sh ssl.sh /usr/local/sbin/ +LABEL cron.container.weekly root#/usr/local/sbin/ssl.sh lego renew # Expose our web root and log directories log. #VOLUME [ "/etc/nginx/conf.d", "/etc/nginx/default.d" ] diff --git a/new.sh b/new.sh deleted file mode 100755 index 839f26f..0000000 --- a/new.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash -CERTDIR=/etc/nginx/conf.d -RELOAD="/tmp/nginx.reload" - -if [ "$1" == "certbot" ]; then - echo "! WARNING - untested" - - CERTFILE=${CERTDIR}/certbot-cert.ssl - [ -r ${CERTFILE} ] || exit 1 - [ -d ${CERTDIR}/ssl/letsencrypt ] || mkdir ${CERTDIR}/ssl/letsencrypt - - cat ${CERTFILE} | while read line; do - echo " - line is [${line}]" - LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1) - DOMAINS=$(echo ${line} | cut -d':' -f 2) - LEGO_CERT_DOMAIN=(${DOMAINS//,/ }) - - LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set} - LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set} - - LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d }) - - certbot certonly --webroot --config-dir ${CERTDIR}/ssl/letsencrypt/ -w /tmp --agree-tos --email ${LEGO_ACCOUNT_EMAIL} -n${LEGO_CERT_DOMAIN} - touch ${RELOAD} - done - - -elif [ "$1" == "lego" ]; then - CERTFILE=${CERTDIR}/lego-cert.ssl - [ -r ${CERTFILE} ] || exit 1 - [ -d ${CERTDIR}/ssl/lego ] || mkdir ${CERTDIR}/ssl/lego - - TLS_PORT=444 - - cat ${CERTFILE} | while read line; do - echo " - line is [${line}]" - LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1) - DOMAINS=$(echo ${line} | cut -d':' -f 2) - LEGO_CERT_DOMAIN=(${DOMAINS//,/ }) - - LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set} - LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set} - - LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d }) - - lego -m ${LEGO_ACCOUNT_EMAIL} ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego -a --tls --tls.port :${TLS_PORT} run && touch ${RELOAD} - done - -else - echo "! ERROR: Unknown certbot method [$1]" -fi - -if [ -r ${RELOAD} ]; then - echo "Reloading NGINX" - /usr/sbin/nginx -s reload - rm -f ${RELOAD} -fi diff --git a/renew.sh b/renew.sh deleted file mode 100755 index 7850032..0000000 --- a/renew.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/bash - -if [ "$1" == "certbot" ]; then - certbot renew -q --config-dir /etc/nginx/conf.d/ssl/letsencrypt/ --renew-hook "/usr/sbin/nginx -s reload" - -elif [ "$1" == "lego" ]; then - CERTDIR=/etc/nginx/conf.d - CERTFILE=${CERTDIR}/lego-cert.ssl - RELOAD="/tmp/nginx.reload" - TLS_PORT=444 - - [ -r ${CERTFILE} ] || exit 1 - - cat ${CERTFILE} | while read line; do - echo " - line is [${line}]" - LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1) - DOMAINS=$(echo ${line} | cut -d':' -f 2) - DNS=$(echo ${line} | cut -d':' -f 3) - LEGO_CERT_DOMAIN=(${DOMAINS//,/ }) - - LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set} - LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set} - - LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d }) - - if [ ${DNS} == 'cloudflare' ]; then - DNS=$(echo ${line} | cut -d':' -f 3) - - export CLOUDFLARE_EMAIL=$(echo ${line} | cut -d':' -f 4) - export CF_DNS_API_TOKEN=$(echo ${line} | cut -d':' -f 5) - LEGO_DNS="--dns cloudflare" - else - : - fi - - if [ "$2" == "run" ]; then - lego ${LEGO_DNS} --email="${LEGO_ACCOUNT_EMAIL}" ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego --tls --tls.port :${TLS_PORT} run --run-hook="touch $RELOAD" - else - lego ${LEGO_DNS} --email="${LEGO_ACCOUNT_EMAIL}" ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego --tls --tls.port :${TLS_PORT} renew --renew-hook="touch $RELOAD" - fi - done - - if [ -r ${RELOAD} ]; then - echo "Reloading NGINX" - /usr/sbin/nginx -s reload - rm -f ${RELOAD} - fi - -else - echo "! ERROR: Unknown certbot method [$1]" -fi diff --git a/ssl.sh b/ssl.sh new file mode 100755 index 0000000..62713fc --- /dev/null +++ b/ssl.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +if [ "$1" == "certbot" ]; then + certbot renew -q --config-dir /etc/nginx/conf.d/ssl/letsencrypt/ --renew-hook "/usr/sbin/nginx -s reload" + +elif [ "$1" == "lego" ]; then + CERTDIR=/etc/nginx/conf.d + CERTFILE=${CERTDIR}/lego-cert.ssl + RELOAD="/tmp/nginx.reload" + TLS_PORT=444 + + [ -r ${CERTFILE} ] || exit 1 + + cat ${CERTFILE} | while read line; do + echo " - line is [${line}]" + LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1) + DOMAINS=$(echo ${line} | cut -d':' -f 2) + LEGO_CERT_DOMAIN=(${DOMAINS//,/ }) + + if [ -n "$2" ]; then + if [[ ! " ${DOMAINS[@]} " =~ " ${2} " ]]; then + continue; + fi + fi + + METHOD=$(echo ${line} | cut -d':' -f 3) + + LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set} + LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set} + + LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d }) + + if [ ${METHOD} == 'dns' ]; then + DNS=$(echo ${line} | cut -d':' -f 4) + if [ ${DNS} == 'cloudflare' ]; then + export CLOUDFLARE_EMAIL=$(echo ${line} | cut -d':' -f 5) + export CF_DNS_API_TOKEN=$(echo ${line} | cut -d':' -f 6) + LEGO_METHOD="--dns cloudflare" + else + echo "! ERROR: Unknown DNS [${DNS}]" && continue + fi + + elif [ ${METHOD} == 'tls' ]; then + LEGO_METHOD="--tls --tls.port :${TLS_PORT}" + : + else + echo "! ERROR: Unknown METHOD [${METHOD}]" && continue + fi + + if [ "$2" == "renew" ]; then + lego ${LEGO_METHOD} --email="${LEGO_ACCOUNT_EMAIL}" ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego renew --renew-hook="touch $RELOAD" + else + lego ${LEGO_METHOD} --email="${LEGO_ACCOUNT_EMAIL}" ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego run --run-hook="touch $RELOAD" + fi + done + + if [ -r ${RELOAD} ]; then + echo "Reloading NGINX" + /usr/sbin/nginx -s reload + rm -f ${RELOAD} + fi + +else + echo "! ERROR: Unknown certbot method [$1]" +fi