docker/nginx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e159b98aac
nginx/ssl.sh
Deon George 2eb94a9106
All checks were successful
Create Docker Image / Build Docker Image (x86_64) (push) Successful in 25s
Details
Create Docker Image / Build Docker Image (arm64) (push) Successful in 1m6s
Details
Create Docker Image / Final Docker Image Manifest (push) Successful in 9s
Details
Our SSL certs are now in their own dir, ensure md5 of certs goes in /tmp/nginx
2024-10-14 12:41:13 +11:00

83 lines
2.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
TMPDIR=/tmp/nginx
if [ "$1" == "certbot" ]; then
certbot renew -q --config-dir /etc/nginx/ssl/letsencrypt/ --renew-hook "/usr/sbin/nginx -s reload"
elif [ "$1" == "lego" ]; then
CERTDIR=/etc/nginx/ssl
LEGODIR=${CERTDIR}/lego
CERTFILE=${LEGODIR}/lego-cert.ssl
RELOAD="/tmp/nginx.reload"
TLS_PORT=444
[ -r ${CERTFILE} ] || exit 1
cat ${CERTFILE} | while read line; do
#echo " - line is [${line}]"
LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1)
DOMAINS=$(echo ${line} | cut -d':' -f 2)
LEGO_CERT_DOMAIN=(${DOMAINS//,/ })
if [ -n "$3" ]; then
if [[ ! " ${DOMAINS[@]} " =~ " ${3} " ]]; then
continue;
fi
fi
METHOD=$(echo ${line} | cut -d':' -f 3)
LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set}
LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set}
LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d })
if [ ${METHOD} == 'dns' ]; then
DNS=$(echo ${line} | cut -d':' -f 4)
if [ ${DNS} == 'cloudflare' ]; then
export CLOUDFLARE_EMAIL=$(echo ${line} | cut -d':' -f 5)
export CF_DNS_API_TOKEN=$(echo ${line} | cut -d':' -f 6)
LEGO_METHOD="--dns cloudflare"
else
echo "! ERROR: Unknown DNS [${DNS}]" && continue
fi
elif [ ${METHOD} == 'tls' ]; then
LEGO_METHOD="--tls --tls.port :${TLS_PORT}"
else
echo "! ERROR: Unknown METHOD [${METHOD}]" && continue
fi
if [ "$2" == "renew" ]; then
lego ${LEGO_METHOD} --email="${LEGO_ACCOUNT_EMAIL}" ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego renew --renew-hook="touch ${RELOAD}"
elif [ "$2" == "run" ]; then
lego ${LEGO_METHOD} --email="${LEGO_ACCOUNT_EMAIL}" ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego run --run-hook="touch ${RELOAD}"
else
echo "! ERROR: Not doing anything?" && exit 1
fi
done
# Checkour MD5s and reload if required
for cert in $(lego --path ${LEGODIR} list |grep Certificate\ Path|awk '{print $3}'); do
OUTPUT=$(basename ${cert})
SRC=$(cat ${TMPDIR}/${OUTPUT}.md5)
TGT=$(cat ${cert} | md5sum)
echo "- Comparing MD5 of SRC [${SRC}] with [${TGT}]"
if [ "${SRC}" != "${TGT}" ]; then
touch ${RELOAD}
echo ${TGT} > ${TMPDIR}/${OUTPUT}.md5
fi
done
if [ -r ${RELOAD} ]; then
echo "* Reloading NGINX"
/usr/sbin/nginx -s reload
rm -f ${RELOAD}
fi
else
echo "! ERROR: Unknown certbot method [$1]"
fi
Reference in New Issue View Git Blame Copy Permalink