This wrapper support a new ProxyPassACMEChallengesDisableOnRenew prop which allows disabling ACME challenge proxypass only during the renewaltags/smeserver-letsencrypt-client-0.2.4-1
Daniel Berteaud
9 years ago
parent
dc0f2ff539
commit
8a58ddb102
2 changed files with 44 additions and 1 deletions
@ -0,0 +1,42 @@ |
||||
#!/usr/bin/perl -w |
||||
|
||||
# vim: ft=perl: |
||||
|
||||
use strict; |
||||
use esmith::DomainsDB; |
||||
use esmith::event; |
||||
|
||||
my $d = esmith::DomainsDB->open or die "Couldn't open the domain database\n"; |
||||
|
||||
my @domains = (); |
||||
|
||||
# Build a list of domains for which we disable ACME challenge proxypass |
||||
# but only during execution of letsencrypt |
||||
# This is usefull for situations where you have a https website directly reachable |
||||
# from your internal network, but going through a proxypass from the outside. In this case |
||||
# both the backend and the frontend needs to have a valid certificate for this name |
||||
|
||||
foreach my $dom ($d->domains, $d->get_all_by_prop(type => 'vhost')){ |
||||
if (($dom->prop('ProxyPassACMEChallengesDisableOnRenew') || 'no') =~ m/^yes|enabled|1|on$/){ |
||||
push @domains, $dom; |
||||
} |
||||
} |
||||
|
||||
# Now, temporarily disable ACME chellenge proxypass |
||||
if (@domains > 0){ |
||||
foreach my $dom (@domains){ |
||||
$dom->set_prop('ProxyPassACMEChallenges', 'disabled'); |
||||
} |
||||
event_signal("letsencrypt-update"); |
||||
} |
||||
|
||||
# Execute the real letsencrypt script, passing any arg |
||||
system("/usr/bin/letsencrypt.sh", @ARGV); |
||||
|
||||
# Enable proxypass again |
||||
if (@domains > 0){ |
||||
foreach my $dom (@domains){ |
||||
$dom->set_prop('ProxyPassACMEChallenges', 'enabled'); |
||||
} |
||||
event_signal("letsencrypt-update"); |
||||
} |
||||
Loading…
Reference in new issue