fws
/
smeserver-letsencrypt-client
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add a wrapper script for letsencrypt.sh

Browse Source 
This wrapper support a new ProxyPassACMEChallengesDisableOnRenew prop which allows disabling ACME challenge proxypass only during the renewal
tags/smeserver-letsencrypt-client-0.2.4-1
Daniel Berteaud 9 years ago
parent dc0f2ff539
commit 8a58ddb102
2 changed files with 44 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/10All
  2. 42
      root/sbin/e-smith/letsencrypt.sh

3
root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/10All
Unescape View File

@ -1,7 +1,8 @@
{ {
if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){ if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){
$OUT .= "/usr/bin/letsencrypt.sh -c 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/letsencrypt.sh.log\n"; $OUT .= 'sleep $[ $RANDOM \% 3600 ];' . "\n";
$OUT .= "/sbin/e-smith/letsencrypt.sh -c 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/letsencrypt.sh.log\n";
if (($letsencrypt{'RevokeOldCertificates'} || 'disabled') =~ m/^enabled|on|yes|1$/){ if (($letsencrypt{'RevokeOldCertificates'} || 'disabled') =~ m/^enabled|on|yes|1$/){
$OUT .= "/usr/bin/le_revoke.sh 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/letsencrypt.sh.log\n"; $OUT .= "/usr/bin/le_revoke.sh 2>&1 | awk '{ print strftime(), \$0; fflush(); }' >> /var/log/letsencrypt.sh.log\n";
} }

42
root/sbin/e-smith/letsencrypt.sh
Unescape View File

@ -0,0 +1,42 @@
#!/usr/bin/perl -w
# vim: ft=perl:
use strict;
use esmith::DomainsDB;
use esmith::event;
my $d = esmith::DomainsDB->open or die "Couldn't open the domain database\n";
my @domains = ();
# Build a list of domains for which we disable ACME challenge proxypass
# but only during execution of letsencrypt
# This is usefull for situations where you have a https website directly reachable
# from your internal network, but going through a proxypass from the outside. In this case
# both the backend and the frontend needs to have a valid certificate for this name
foreach my $dom ($d->domains, $d->get_all_by_prop(type => 'vhost')){
if (($dom->prop('ProxyPassACMEChallengesDisableOnRenew') || 'no') =~ m/^yes|enabled|1|on$/){
push @domains, $dom;
}
}
# Now, temporarily disable ACME chellenge proxypass
if (@domains > 0){
foreach my $dom (@domains){
$dom->set_prop('ProxyPassACMEChallenges', 'disabled');
}
event_signal("letsencrypt-update");
}
# Execute the real letsencrypt script, passing any arg
system("/usr/bin/letsencrypt.sh", @ARGV);
# Enable proxypass again
if (@domains > 0){
foreach my $dom (@domains){
$dom->set_prop('ProxyPassACMEChallenges', 'enabled');
}
event_signal("letsencrypt-update");
}
Write Preview
Loading…
Cancel
Save