First commit

tags/smeserver-letsencrypt-client-0.2.4-1
Daniel Berteaud 9 years ago
commit 051e021fdd
  1. 18
      createlinks
  2. 1
      root/etc/e-smith/db/configuration/defaults/letsencrypt/status
  3. 1
      root/etc/e-smith/db/configuration/defaults/letsencrypt/type
  4. 3
      root/etc/e-smith/events/actions/exec-letsencrypt
  5. 13
      root/etc/e-smith/templates/etc/crontab/80letsencrypt
  6. 19
      root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/80LetsencryptChallengeDir
  7. 13
      root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/Ejabberd/80Letsencrypt
  8. 13
      root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPManager/80Letsencrypt
  9. 13
      root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPPortal/80Letsencrypt
  10. 13
      root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/LemonLDAPSoap/80Letsencrypt
  11. 13
      root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/UserManagerVirtualHost/80Letsencrypt
  12. 13
      root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/80Letsencrypt
  13. 13
      root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/80Letsencrypt
  14. 1
      root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/20BaseDir
  15. 1
      root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/30WellKnown
  16. 1
      root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/40KeySize
  17. 1
      root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/50Hook
  18. 2
      root/etc/e-smith/templates/etc/letsencrypt.sh/config.sh/60Renew
  19. 32
      root/etc/e-smith/templates/etc/letsencrypt.sh/domains.txt/10domains
  20. 0
      root/etc/e-smith/templates/etc/letsencrypt.sh/domains.txt/template-begin
  21. 17
      root/sbin/e-smith/le_hook.sh
  22. 53
      smeserver-letsencrypt-client.spec

@ -0,0 +1,18 @@
#!/usr/bin/perl -w
use esmith::Build::CreateLinks qw(:all);
templates2events("/etc/letsencrypt.sh/config.sh", qw(le-update ssl-update bootstrap-console-save));
templates2events("/etc/crontab", qw(le-update));
templates2events("/etc/letsencrypt.sh/domains.txt",
qw(
le-update
bootstrap-console-save
domain-create
domain-delete
host-create
host-delete
host-modify
));
templates2events("/etc/httpd/conf/httpd.conf", qw(le-update));
safe_symlink("sigusr1", "root/etc/e-smith/events/le-update/services2adjust/httpd-e-smith");

@ -0,0 +1,3 @@
#!/bin/sh
exec /usr/bin/letsencrypt.sh -c

@ -0,0 +1,13 @@
{
my $le = $letsencrypt{'status'} || 'disabled';
if ($le eq 'enabled'){
$OUT .= '# Letsencrypt renewal' . "\n";
$OUT .= '2 4 * * * root sleep $[ $RANDOM \% 3600 ]; /usr/bin/letsencrypt.sh -c > /dev/null 2>&1' . "\n";
}
else{
$OUT .= '# Letsencrypt is disabled' . "\n";
}
}

@ -0,0 +1,19 @@
{
if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){
$OUT .=<<"_EOF";
<Directory /var/lib/letsencrypt.sh>
Options None
AllowOverride None
Order deny,allow
Deny from all
Allow from all
Header set Content-Type "application/jose+json"
</Directory>
_EOF
}
else{
$OUT .= "# Letsencrypt is disabled\n";
}
}

@ -0,0 +1,13 @@
{
if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
$OUT .=<<"_EOF";
Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/
<Location /.well-known/acme-challenge/>
Allow from all
</Location>
_EOF
}
else{
$OUT .= "# Support for Letsencrypt is disabled on this domain\n";
}
}

@ -0,0 +1,13 @@
{
if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
$OUT .=<<"_EOF";
Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/
<Location /.well-known/acme-challenge/>
Allow from all
</Location>
_EOF
}
else{
$OUT .= "# Support for Letsencrypt is disabled on this domain\n";
}
}

@ -0,0 +1,13 @@
{
if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
$OUT .=<<"_EOF";
Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/
<Location /.well-known/acme-challenge/>
Allow from all
</Location>
_EOF
}
else{
$OUT .= "# Support for Letsencrypt is disabled on this domain\n";
}
}

@ -0,0 +1,13 @@
{
if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
$OUT .=<<"_EOF";
Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/
<Location /.well-known/acme-challenge/>
Allow from all
</Location>
_EOF
}
else{
$OUT .= "# Support for Letsencrypt is disabled on this domain\n";
}
}

@ -0,0 +1,13 @@
{
if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
$OUT .=<<"_EOF";
Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/
<Location /.well-known/acme-challenge/>
Allow from all
</Location>
_EOF
}
else{
$OUT .= "# Support for Letsencrypt is disabled on this domain\n";
}
}

@ -0,0 +1,13 @@
{
if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
$OUT .=<<"_EOF";
Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/
<Location /.well-known/acme-challenge/>
Allow from all
</Location>
_EOF
}
else{
$OUT .= "# Support for Letsencrypt is disabled on this domain\n";
}
}

@ -0,0 +1,13 @@
{
if (($domain->prop('Letsencrypt') || 'enabled') ne 'disabled' && ((${'httpd-e-smith'}{'TCPPort'} || '80') eq $port)){
$OUT .=<<"_EOF";
Alias /.well-known/acme-challenge/ /var/lib/letsencrypt.sh/
<Location /.well-known/acme-challenge/>
Allow from all
</Location>
_EOF
}
else{
$OUT .= "# Support for Letsencrypt is disabled on this domain\n";
}
}

@ -0,0 +1 @@
BASEDIR=/home/e-smith/db/letsencrypt.sh/

@ -0,0 +1 @@
KEYSIZE="{ $letsencrypt{KeySize} || '4096' }"

@ -0,0 +1,2 @@
RENEW_DAYS="30"
PRIVATE_KEY_RENEW="yes"

@ -0,0 +1,32 @@
{
use esmith::DomainsDB;
use esmith::HostsDB;
my $d = esmith::DomainsDB->open_ro || die "Couldn't open DomainsDB\n";
my $h = esmith::HostsDB->open_ro || die "Couldn't open HostsDB\n";
my $names = ();
foreach my $domain ($d->domains, $d->get_all_by_prop(type => 'vhost')){
my $le = $domain->prop('Letsencrypt') || 'enabled';
push @names, $domain->key unless $le ne 'enabled';
}
foreach my $host ($h->hosts){
my $name = $host->key;
my $dom = $DomainName;
if ($name =~ m/[a-z0-9]*\.(.*)/i){
$dom = $1;
}
my $type = $host->prop('HostType') || 'Self';
my $le = $host->prop('Letsencrypt') || 'disabled';
if ($le =~ m/^enabled|yes|1|on$/i ||
$type eq 'Self' && $dom eq $DomainName){
push @names, $host->key;
}
}
$OUT .= join(" ", @names);
}

@ -0,0 +1,17 @@
#!/bin/sh
ACTION=shift
if [ "$ACTION" == "deploy_cert" ]; then
# New cert
KEY=shift
CRT=shift
CHAIN=shift
/sbin/e-smith/db configuration setprop modSSL key $KEY crt $CRT CertificateChainFile $CHAIN
/sbin/e-smith/signal-event ssl-update
elif [ "$ACTION" == "clean_challenge" ]; then
ALTNAME=shift
if [ "$ALTNAME" == "" ]; then
echo "Error while creating or renewing letsencrypt certificate" | mail -s "Letsencrypt error" admin
fi
fi

@ -0,0 +1,53 @@
%define version 0.0.1
%define release 0.beta9
%define name smeserver-letsencrypt-client
Summary: Letencrypt client for SME Server
Name: %{name}
Version: %{version}
Release: %{release}%{?dist}
License: GPL
Group: Applications/System
Source: %{name}-%{version}.tar.gz
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
BuildArchitectures: noarch
BuildRequires: e-smith-devtools
Requires: e-smith-base >= 5.4.0-26
Requires: letsencrypt.sh
%description
Automatically get certificates from letsencrypt
Using https://github.com/lukas2511/letsencrypt.sh
%changelog
* Fri Jan 22 2016 Daniel Berteaud <daniel@firewall-services.com> - 0.1.0-1.sme
- Initial release
%prep
%setup -q -n %{name}-%{version}
%build
%{__mkdir_p} root/home/e-smith/db/letsencrypt.sh
perl createlinks
%install
/bin/rm -rf $RPM_BUILD_ROOT
(cd root; /usr/bin/find . -depth -print | /bin/cpio -dump $RPM_BUILD_ROOT)
/bin/rm -f %{name}-%{version}-filelist
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT \
--dir /var/lib/letsencrypt 'attr(0750,root,apache)' \
--dir /home/e-smith/db/letsencrypt.sh 'attr(0750,root,root)' \
> %{name}-%{version}-filelist
%files -f %{name}-%{version}-filelist
%defattr(-,root,root)
%clean
rm -rf $RPM_BUILD_ROOT
%pre
%post
Loading…
Cancel
Save