Daniel Berteaud
8 years ago
commit
051e021fdd
22 changed files with 254 additions and 0 deletions
@ -0,0 +1,18 @@ |
||||
#!/usr/bin/perl -w |
||||
|
||||
use esmith::Build::CreateLinks qw(:all); |
||||
|
||||
templates2events("/etc/letsencrypt.sh/config.sh", qw(le-update ssl-update bootstrap-console-save)); |
||||
templates2events("/etc/crontab", qw(le-update)); |
||||
templates2events("/etc/letsencrypt.sh/domains.txt", |
||||
qw( |
||||
le-update |
||||
bootstrap-console-save |
||||
domain-create |
||||
domain-delete |
||||
host-create |
||||
host-delete |
||||
host-modify |
||||
)); |
||||
templates2events("/etc/httpd/conf/httpd.conf", qw(le-update)); |
||||
safe_symlink("sigusr1", "root/etc/e-smith/events/le-update/services2adjust/httpd-e-smith"); |
||||
@ -0,0 +1 @@ |
||||
enabled |
||||
@ -0,0 +1 @@ |
||||
service |
||||
@ -0,0 +1,3 @@ |
||||
#!/bin/sh |
||||
|
||||
exec /usr/bin/letsencrypt.sh -c |
||||
@ -0,0 +1,13 @@ |
||||
{ |
||||
|
||||
my $le = $letsencrypt{'status'} || 'disabled'; |
||||
|
||||
if ($le eq 'enabled'){ |
||||
$OUT .= '# Letsencrypt renewal' . "\n"; |
||||
$OUT .= '2 4 * * * root sleep $[ $RANDOM \% 3600 ]; /usr/bin/letsencrypt.sh -c > /dev/null 2>&1' . "\n"; |
||||
} |
||||
else{ |
||||
$OUT .= '# Letsencrypt is disabled' . "\n"; |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,19 @@ |
||||
{ |
||||
if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){ |
||||
$OUT .=<<"_EOF"; |
||||
|
||||
<Directory /var/lib/letsencrypt.sh> |
||||
Options None |
||||
AllowOverride None |
||||
Order deny,allow |
||||
Deny from all |
||||
Allow from all |
||||
Header set Content-Type "application/jose+json" |
||||
</Directory> |
||||
|
||||
_EOF |
||||
} |
||||
else{ |
||||
$OUT .= "# Letsencrypt is disabled\n"; |
||||
} |
||||
} |
||||
@ -0,0 +1,13 @@ |
||||
{ |
||||
if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){ |
||||
$OUT .=<<"_EOF"; |
||||
Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/ |
||||
<Location /.well-known/acme-challenge/> |
||||
Allow from all |
||||
</Location> |
||||
_EOF |
||||
} |
||||
else{ |
||||
$OUT .= "# Support for Letsencrypt is disabled on this domain\n"; |
||||
} |
||||
} |
||||
@ -0,0 +1,13 @@ |
||||
{ |
||||
if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){ |
||||
$OUT .=<<"_EOF"; |
||||
Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/ |
||||
<Location /.well-known/acme-challenge/> |
||||
Allow from all |
||||
</Location> |
||||
_EOF |
||||
} |
||||
else{ |
||||
$OUT .= "# Support for Letsencrypt is disabled on this domain\n"; |
||||
} |
||||
} |
||||
@ -0,0 +1,13 @@ |
||||
{ |
||||
if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){ |
||||
$OUT .=<<"_EOF"; |
||||
Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/ |
||||
<Location /.well-known/acme-challenge/> |
||||
Allow from all |
||||
</Location> |
||||
_EOF |
||||
} |
||||
else{ |
||||
$OUT .= "# Support for Letsencrypt is disabled on this domain\n"; |
||||
} |
||||
} |
||||
@ -0,0 +1,13 @@ |
||||
{ |
||||
if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){ |
||||
$OUT .=<<"_EOF"; |
||||
Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/ |
||||
<Location /.well-known/acme-challenge/> |
||||
Allow from all |
||||
</Location> |
||||
_EOF |
||||
} |
||||
else{ |
||||
$OUT .= "# Support for Letsencrypt is disabled on this domain\n"; |
||||
} |
||||
} |
||||
@ -0,0 +1,13 @@ |
||||
{ |
||||
if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){ |
||||
$OUT .=<<"_EOF"; |
||||
Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/ |
||||
<Location /.well-known/acme-challenge/> |
||||
Allow from all |
||||
</Location> |
||||
_EOF |
||||
} |
||||
else{ |
||||
$OUT .= "# Support for Letsencrypt is disabled on this domain\n"; |
||||
} |
||||
} |
||||
@ -0,0 +1,13 @@ |
||||
{ |
||||
if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){ |
||||
$OUT .=<<"_EOF"; |
||||
Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/ |
||||
<Location /.well-known/acme-challenge/> |
||||
Allow from all |
||||
</Location> |
||||
_EOF |
||||
} |
||||
else{ |
||||
$OUT .= "# Support for Letsencrypt is disabled on this domain\n"; |
||||
} |
||||
} |
||||
@ -0,0 +1,13 @@ |
||||
{ |
||||
if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){ |
||||
$OUT .=<<"_EOF"; |
||||
Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/ |
||||
<Location /.well-known/acme-challenge/> |
||||
Allow from all |
||||
</Location> |
||||
_EOF |
||||
} |
||||
else{ |
||||
$OUT .= "# Support for Letsencrypt is disabled on this domain\n"; |
||||
} |
||||
} |
||||
@ -0,0 +1 @@ |
||||
BASEDIR=/home/e-smith/db/letsencrypt.sh/ |
||||
@ -0,0 +1 @@ |
||||
WELLKNOWN=/var/lib/letsencrypt.sh/ |
||||
@ -0,0 +1 @@ |
||||
KEYSIZE="{ $letsencrypt{KeySize} || '4096' }" |
||||
@ -0,0 +1 @@ |
||||
HOOK=/sbin/e-smith/le_hook.sh |
||||
@ -0,0 +1,2 @@ |
||||
RENEW_DAYS="30" |
||||
PRIVATE_KEY_RENEW="yes" |
||||
@ -0,0 +1,32 @@ |
||||
{ |
||||
|
||||
use esmith::DomainsDB; |
||||
use esmith::HostsDB; |
||||
|
||||
my $d = esmith::DomainsDB->open_ro || die "Couldn't open DomainsDB\n"; |
||||
my $h = esmith::HostsDB->open_ro || die "Couldn't open HostsDB\n"; |
||||
|
||||
my $names = (); |
||||
|
||||
foreach my $domain ($d->domains, $d->get_all_by_prop(type => 'vhost')){ |
||||
my $le = $domain->prop('Letsencrypt') || 'enabled'; |
||||
push @names, $domain->key unless $le ne 'enabled'; |
||||
} |
||||
|
||||
foreach my $host ($h->hosts){ |
||||
my $name = $host->key; |
||||
my $dom = $DomainName; |
||||
if ($name =~ m/[a-z0-9]*\.(.*)/i){ |
||||
$dom = $1; |
||||
} |
||||
my $type = $host->prop('HostType') || 'Self'; |
||||
my $le = $host->prop('Letsencrypt') || 'disabled'; |
||||
if ($le =~ m/^enabled|yes|1|on$/i || |
||||
$type eq 'Self' && $dom eq $DomainName){ |
||||
push @names, $host->key; |
||||
} |
||||
} |
||||
|
||||
$OUT .= join(" ", @names); |
||||
|
||||
} |
||||
@ -0,0 +1,17 @@ |
||||
#!/bin/sh |
||||
|
||||
ACTION=shift |
||||
|
||||
if [ "$ACTION" == "deploy_cert" ]; then |
||||
# New cert |
||||
KEY=shift |
||||
CRT=shift |
||||
CHAIN=shift |
||||
/sbin/e-smith/db configuration setprop modSSL key $KEY crt $CRT CertificateChainFile $CHAIN |
||||
/sbin/e-smith/signal-event ssl-update |
||||
elif [ "$ACTION" == "clean_challenge" ]; then |
||||
ALTNAME=shift |
||||
if [ "$ALTNAME" == "" ]; then |
||||
echo "Error while creating or renewing letsencrypt certificate" | mail -s "Letsencrypt error" admin |
||||
fi |
||||
fi |
||||
@ -0,0 +1,53 @@ |
||||
%define version 0.0.1 |
||||
%define release 0.beta9 |
||||
%define name smeserver-letsencrypt-client |
||||
|
||||
Summary: Letencrypt client for SME Server |
||||
Name: %{name} |
||||
Version: %{version} |
||||
Release: %{release}%{?dist} |
||||
License: GPL |
||||
Group: Applications/System |
||||
Source: %{name}-%{version}.tar.gz |
||||
|
||||
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot |
||||
BuildArchitectures: noarch |
||||
BuildRequires: e-smith-devtools |
||||
|
||||
Requires: e-smith-base >= 5.4.0-26 |
||||
Requires: letsencrypt.sh |
||||
|
||||
%description |
||||
Automatically get certificates from letsencrypt |
||||
Using https://github.com/lukas2511/letsencrypt.sh |
||||
|
||||
%changelog |
||||
* Fri Jan 22 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.0-1.sme |
||||
- Initial release |
||||
|
||||
%prep |
||||
%setup -q -n %{name}-%{version} |
||||
|
||||
%build |
||||
%{__mkdir_p} root/home/e-smith/db/letsencrypt.sh |
||||
perl createlinks |
||||
|
||||
%install |
||||
/bin/rm -rf $RPM_BUILD_ROOT |
||||
(cd root; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT) |
||||
/bin/rm -f %{name}-%{version}-filelist |
||||
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \ |
||||
--dir /var/lib/letsencrypt 'attr(0750,root,apache)' \ |
||||
--dir /home/e-smith/db/letsencrypt.sh 'attr(0750,root,root)' \ |
||||
> %{name}-%{version}-filelist |
||||
|
||||
%files -f %{name}-%{version}-filelist |
||||
%defattr(-,root,root) |
||||
|
||||
%clean |
||||
rm -rf $RPM_BUILD_ROOT |
||||
|
||||
%pre |
||||
|
||||
%post |
||||
|
||||
Loading…
Reference in new issue