Add a wrapper script for letsencrypt.sh

This wrapper support a new ProxyPassACMEChallengesDisableOnRenew prop which allows disabling ACME challenge proxypass only during the renewal
tags/smeserver-letsencrypt-client-0.2.4-1
Daniel Berteaud 9 years ago
parent dc0f2ff539
commit 8a58ddb102
  1. 3
      root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/10All
  2. 42
      root/sbin/e-smith/letsencrypt.sh

@ -1,7 +1,8 @@
{ {
if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){ if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){
$OUT .= "/usr/bin/letsencrypt.sh -c 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/letsencrypt.sh.log\n"; $OUT .= 'sleep $[ $RANDOM \% 3600 ];' . "\n";
$OUT .= "/sbin/e-smith/letsencrypt.sh -c 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/letsencrypt.sh.log\n";
if (($letsencrypt{'RevokeOldCertificates'} || 'disabled') =~ m/^enabled|on|yes|1$/){ if (($letsencrypt{'RevokeOldCertificates'} || 'disabled') =~ m/^enabled|on|yes|1$/){
$OUT .= "/usr/bin/le_revoke.sh 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/letsencrypt.sh.log\n"; $OUT .= "/usr/bin/le_revoke.sh 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/letsencrypt.sh.log\n";
} }

@ -0,0 +1,42 @@
#!/usr/bin/perl -w
# vim: ft=perl:
use strict;
use esmith::DomainsDB;
use esmith::event;
my $d = esmith::DomainsDB->open or die "Couldn't open the domain database\n";
my @domains = ();
# Build a list of domains for which we disable ACME challenge proxypass
# but only during execution of letsencrypt
# This is usefull for situations where you have a https website directly reachable
# from your internal network, but going through a proxypass from the outside. In this case
# both the backend and the frontend needs to have a valid certificate for this name
foreach my $dom ($d->domains, $d->get_all_by_prop(type => 'vhost')){
if (($dom->prop('ProxyPassACMEChallengesDisableOnRenew') || 'no') =~ m/^yes|enabled|1|on$/){
push @domains, $dom;
}
}
# Now, temporarily disable ACME chellenge proxypass
if (@domains > 0){
foreach my $dom (@domains){
$dom->set_prop('ProxyPassACMEChallenges', 'disabled');
}
event_signal("letsencrypt-update");
}
# Execute the real letsencrypt script, passing any arg
system("/usr/bin/letsencrypt.sh", @ARGV);
# Enable proxypass again
if (@domains > 0){
foreach my $dom (@domains){
$dom->set_prop('ProxyPassACMEChallenges', 'enabled');
}
event_signal("letsencrypt-update");
}
Loading…
Cancel
Save