create new script 16.01.25:20.55

apache2_examples/examples.conf

@@ -0,0 +1,22 @@
+<VirtualHost *:8080>
+ServerName example.com
+ServerAlias www.example.com
+DocumentRoot /home/www/plug
+
+
+<Directory /home/www/plug>
+Options -Indexes +FollowSymLinks +MultiViews
+AllowOverride All
+Require all granted
+#RewriteEngine On
+#RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
+#RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
+</Directory>
+
+<FilesMatch \.php$>
+    SetHandler "proxy:fcgi://127.0.0.1:9000"
+</FilesMatch>
+
+ErrorLog ${APACHE_LOG_DIR}/error.log
+CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>

avto4certbot.dev/avto4certbot.conf

@@ -5,6 +5,11 @@ domains=(
  "mydomen2.ru admin@mydomen.ru 80"
  );
 
+## if update - restart this services
+services=(
+    "apache2"
+ );
+
 ## - nginx sites
 sites_nginx="/etc/nginx/sites-enabled";
 
@@ -20,3 +25,4 @@ tmp_dir="/tmp/certbot";
 
 ## log file
 log_file="/var/log/syslog";
+

avto4certbot.dev/avto4certbot.sh

@@ -11,6 +11,11 @@ sname="avto4certbot";
 path_script=$( cd -- $( dirname -- "${BASH_SOURCE[0]}" ) &> /dev/null && pwd );
 source "$path_script/avto4certbot.conf";
 
+
+event_sw=0;
+mode="";
+reports=();
+
 ##--@S static values
 # depends
 pkgdep=("curl" "certbot" "letsencrypt") # packages
@@ -24,10 +29,50 @@ opt=$2;
 
 #--@F Get info area
 function getInfo() {
+## test - null values
+if [ $tmp_dir == "" ]; then
+  tmp_dir="/tmp";
+fi
+web_dir="$tmp_dir/www"
+conf_dir="$tmp_dir/conf"
+
+if [ $log_file == "" ]; then
+  log_file="/var/log/syslog";
+fi
+
+if [ $sites_nginx == "" ]; then
+  sites_nginx="/etc/nginx/sites-enabled";
+fi
+
+if [ $sites_apache == "" ]; then
+  sites_apache="/etc/apache2/sites-enabled";
+fi
+
+if [ $path_ssl == "" ]; then
+  path_ssl="/etc/ssl";
+fi
+
+if [ $path_cert == "" ]; then
+  path_cert="/etc/letsencrypt/live";
+fi
+
+## create temp directory
 if [ ! -d $tmp_dir ]; then
  mkdir -p $tmp_dir;
 fi
 
+## create web directory
+if [ ! -d "$web_dir/.well-known/acme-challenge" ]; then
+ mkdir -p $web_dir/.well-known/acme-challenge;
+ chown -R www-data:www-data $web_dir;
+fi
+
+## create conf directory
+if [ ! -d $conf_dir ]; then
+ mkdir -p $conf_dir;
+fi
+
+##
 if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
   find $sites_apache/* -maxdepth 0 -type l -printf '%f\n' >$tmp_dir/active_sites.inf;
 fi
@@ -66,57 +111,32 @@ function checkDep() {
 function makeErr() {
 for ((rpt_index=0; rpt_index != ${#reports[@]}; rpt_index++))
     do
-    echo  "$rdate $sname: ${reports[$rpt_index]}">>$log;
+    echo  "$rdate $sname: ${reports[$rpt_index]}">>$log_file;
     echo   "${reports[$rpt_index]}";
     done
  exit 0;
 }
 
-function createCert() {
-#
-for ((dmn=0; dmn != ${#domains[@]}; dmn++))
-    do
-eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
-    if [ "$cmd" == "--create" ];
-        then
-            certbot -m "${dreg[1]}";
-        else
-            certbot --update-registration -m "${dreg[1]}";
-    fi
-##
-## example manual: certbot certonly --webroot --webroot-path /tmp/letsencrypt -d mydomen.ru
-certbot certonly --webroot --webroot-path $www_root -d ${dreg[0]}
-done
-}
+##--@F exec task
+function execTask(){
+for ((xd=0; xd != ${#domains[@]}; xd++)); do
+  local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
+    site_name="${site_data[0]}";
+    site_owner="${site_data[1]}";
+    site_port="${site_data[2]}";
+  if [[ "$mode" !="" ]] || [[ "$mode" == "create"]]; then
+    echo
+  fi
+  if [[ "$mode" !="" ]] || [[ "$mode" == "update"]]; then
 
-function renew() {
-certbot renew;
-valtrue=0;
-rdate=$(date +%Y-%m-%d);
-rtime=$(date +%H:%M);
-for ((dmn=0; dmn != ${#domains[@]}; dmn++))
-    do
-    eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
-     keydate=$(ls -l --time-style=long-iso $path_cert/${dreg[0]}/cert.pem |awk {'print$6'});
-     keytime=$(ls -l --time-style=long-iso $path_cert/${dreg[0]}/cert.pem |awk {'print$7'});
-     if [[ "$keydate" = "$rdate" ]] && [[ "$keytime" = "$rtime" ]]; then
-         ((valtrue++));
-		if [ -d $path_cert/${dreg[0]} ]; then
-		cat $path_cert/${dreg[0]}/privkey.pem > $path_ssl/private/privkey_${dreg[0]}.pem;
-		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/fullchain_${dreg[0]}.pem;
-    		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/${dreg[0]}.pem;
-    		cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
-#
-    		cp -f $path_ssl/private/${dreg[0]}.pem $path_ssl/certs/${dreg[0]}.pem
-    		cd $path_ssl/certs
-    		chmod 600 ${dreg[0]}.pem
-    		ln -sf ${dreg[0]}.pem `openssl x509 -noout -hash < ${dreg[0]}.pem`.0
-    		cd $path_ssl
-    		echo "$(date) - $sname: update cert for  ${domains[$dmn]}">> $log;
-		fi
-      fi
+  fi
+  if [[ "$mode" !="" ]] || [[ "$mode" == "flist"]]; then
+
+  fi
 done
-if [ $valtrue != 0 ];then
+
+## if event - yes
+if [ $event_sw != 0 ];then
      :>/etc/ssl/crt-list.txt
         for ((icrt=0; icrt != ${#domains[@]}; icrt++))
          do
@@ -125,215 +145,114 @@ if [ $valtrue != 0 ];then
 fi
 }
 
-
-function toSSL() {
-if [ -d $path_cert ];
-    then
-        for ((dmn=0; dmn != ${#domains[@]}; dmn++))
-            do
-                eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
-                ((valtrue++));
-		if [ -d $path_cert/${dreg[0]} ]; then
-		cat $path_cert/${dreg[0]}/privkey.pem > $path_ssl/private/privkey_${dreg[0]}.pem;
-		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/fullchain_${dreg[0]}.pem;
-    		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/${dreg[0]}.pem;
-    		cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
-#
-                cp -f $path_ssl/private/${dreg[0]}.pem $path_ssl/certs/${dreg[0]}.pem
-                cd $path_ssl/certs
-                chmod 600 ${dreg[0]}.pem
-                ln -sf ${dreg[0]}.pem `openssl x509 -noout -hash < ${dreg[0]}.pem`.0
-                cd $path_ssl
-                echo "$(date) - $sname: update certlist for  ${domains[$dmn]}">> $log;
-		fi
-        done
-        if [ $valtrue != 0 ]; then
-                echo >/etc/ssl/crt-list.txt
-            for ((icrt=0; icrt != ${#domains[@]}; icrt++))
-                do
-                eval local dcrt="(" $(echo -e ${domains[$icrt]}) ")";
-                echo "$path_ssl/private/${dcrt[0]}.pem">>/etc/ssl/crt-list.txt
-            done
-        fi
-    else
-        echo "Ошибка - отсутствует $path_cert!"
-	echo "$(date) - $sname: Ошибка - отсутствует $path_cert!">> $log;
-fi
-}
-
-function downSite(){
-sudo systemctl stop nginx.service;
-eval list_www="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n' 2>/dev/null) ")";
-
-if [ ${#list_www[@]} != 0 ]; then
-for ((dwx=0; dwx != ${#list_www[@]}; dwx++))
-    do
-      rm $nginx_enable/${list_www[dwx]};
-done
-fi
-}
-
-function upSite(){
-sudo systemctl stop nginx.service;
-eval cert_bot="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n' 2>/dev/null) ")";
-for ((cr=0; cr != ${#cert_bot[@]}; cr++))
-    do
-      rm $nginx_enable/${cert_bot[cr]};
-done
-for ((dnm=0; dnm != ${#domains[@]}; dnm++))
-    do
-eval local dcert="(" $(echo -e ${domains[$dnm]}) ")";
-    sitename="${dcert[0]}";
-    siteport="${dcert[2]}";
-    createConf;
-done
-sudo systemctl start nginx.service;
-}
-
-function restoreSite() {
-sudo systemctl stop nginx.service;
-eval list_www="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n' 2>/dev/null) ")";
-
-if [ ${#list_www[@]} != 0 ]; then
-for ((dwx=0; dwx != ${#list_www[@]}; dwx++))
-    do
-      rm $nginx_enable/${list_www[dwx]};
-done
-fi
-for ((dwx=0; dwx != ${#enable_www[@]}; dwx++))
-    do
-	ln -s $nginx_available/${enable_www[dwx]} $nginx_enable/${enable_www[dwx]};
-done
-sudo systemctl start nginx.service;
-}
-
+##--@F create configs
 function createConf(){
-  if [ ! -d $path_tmp/conf ]; then
-      mkdir -p $path_tmp/conf;
-  fi
-
-  if [ ! -d $www_root ]; then
-      mkdir -p $www_root/.well-known/acme-challenge;
-      chown -R www-data:www-data $www_root;
-  fi
-
 ## apache2 config
 if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
-    echo >$path_tmp/$sitename.conf;
-    echo -e 'server { listen      0.0.0.0:'"$siteport"';' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'server_name '"$sitename"';' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'location /.well-known/acme-challenge {' >>$path_tmp/$sitename.conf;
-    echo -e '    allow all;' >>$path_tmp/$sitename.conf;
-    echo -e '    autoindex off;' >>$path_tmp/$sitename.conf;
-    echo -e '    default_type "text/plain";' >>$path_tmp/$sitename.conf;
-    echo -e '    root '"$www_root"';' >>$path_tmp/$sitename.conf;
-    echo -e '}' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'location = /.well-known {' >>$path_tmp/$sitename.conf;
-    echo -e '    return 404;' >>$path_tmp/$sitename.conf;
-    echo -e '}' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'error_page 404 /404.html;' >>$path_tmp/$sitename.conf;
-    echo -e 'error_page 500 502 503 504 /50x.html;' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'error_log /var/log/nginx/err-certbot.log;' >>$path_tmp/$sitename.conf;
-    echo -e 'access_log /var/log/nginx/access-certbot.log;' >>$path_tmp/$sitename.conf;
-    echo -e '}' >>$path_tmp/$sitename.conf;
-    ln -s $path_tmp/$sitename.conf $nginx_enable/$sitename.conf
+    echo >$conf_dir/$site_name.conf;
+    echo -e '<VirtualHost *:'"$site_port"'>' >>$conf_dir/$site_name.conf;
+    echo -e 'ServerName '"$site_name"'' >>$conf_dir/$site_name.conf;
+    echo -e 'ServerAlias '"$site_name"'' >>$conf_dir/$site_name.conf;
+    echo -e 'DocumentRoot '"$web_dir"'' >>$conf_dir/$site_name.conf;
+    echo -e '\n' >>$conf_dir/$site_name.conf;
+    echo -e '<Directory'"$web_dir"' >' >>$conf_dir/$site_name.conf;
+    echo -e 'Options -Indexes +FollowSymLinks +MultiViews' >>$conf_dir/$site_name.conf;
+    echo -e 'AllowOverride All' >>$conf_dir/$site_name.conf;
+    echo -e 'Require all granted' >>$conf_dir/$site_name.conf;
+    echo -e '</Directory>' >>$conf_dir/$site_name.conf;
+    echo -e '\n' >>$conf_dir/$site_name.conf;
+    echo -e 'ErrorLog ${APACHE_LOG_DIR}/error.log' >>$conf_dir/$site_name.conf;
+    echo -e 'CustomLog ${APACHE_LOG_DIR}/access.log combined' >>$conf_dir/$site_name.conf;
+    echo -e '</VirtualHost>' >>$conf_dir/$site_name.conf;
+    ln -s $conf_dir/$site_name.conf $sites_apache/$site_name.conf
 fi
 
 ## nginx config
 if [[ $opt != "apache" ]] || [[ "$opt" == "nginx" ]]; then
-    echo >$path_tmp/$sitename.conf;
-    echo -e 'server { listen      0.0.0.0:'"$siteport"';' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'server_name '"$sitename"';' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'location /.well-known/acme-challenge {' >>$path_tmp/$sitename.conf;
-    echo -e '    allow all;' >>$path_tmp/$sitename.conf;
-    echo -e '    autoindex off;' >>$path_tmp/$sitename.conf;
-    echo -e '    default_type "text/plain";' >>$path_tmp/$sitename.conf;
-    echo -e '    root '"$www_root"';' >>$path_tmp/$sitename.conf;
-    echo -e '}' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'location = /.well-known {' >>$path_tmp/$sitename.conf;
-    echo -e '    return 404;' >>$path_tmp/$sitename.conf;
-    echo -e '}' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'error_page 404 /404.html;' >>$path_tmp/$sitename.conf;
-    echo -e 'error_page 500 502 503 504 /50x.html;' >>$path_tmp/$sitename.conf;
-    echo -e '\n' >>$path_tmp/$sitename.conf;
-    echo -e 'error_log /var/log/nginx/err-certbot.log;' >>$path_tmp/$sitename.conf;
-    echo -e 'access_log /var/log/nginx/access-certbot.log;' >>$path_tmp/$sitename.conf;
-    echo -e '}' >>$path_tmp/$sitename.conf;
-    ln -s $path_tmp/$sitename.conf $nginx_enable/$sitename.conf
+    echo >$conf_dir/$site_name.conf;
+    echo -e 'server { listen      0.0.0.0:'"$site_port"';' >>$conf_dir/$site_name.conf;
+    echo -e 'server_name '"$site_name"';' >>$conf_dir/$site_name.conf;
+    echo -e '\n' >>$conf_dir/$site_name.conf;
+    echo -e 'location /.well-known/acme-challenge {' >>$conf_dir/$site_name.conf;
+    echo -e '    allow all;' >>$conf_dir/$site_name.conf;
+    echo -e '    autoindex off;' >>$conf_dir/$site_name.conf;
+    echo -e '    default_type "text/plain";' >>$conf_dir/$site_name.conf;
+    echo -e '    root '"$web_dir"';' >>$conf_dir/$site_name.conf;
+    echo -e '}' >>$conf_dir/$site_name.conf;
+    echo -e 'location = /.well-known {' >>$conf_dir/$site_name.conf;
+    echo -e '    return 404;' >>$conf_dir/$site_name.conf;
+    echo -e '}' >>$conf_dir/$site_name.conf;
+    echo -e 'error_page 404 /404.html;' >>$conf_dir/$site_name.conf;
+    echo -e 'error_page 500 502 503 504 /50x.html;' >>$conf_dir/$site_name.conf;
+    echo -e '\n' >>$conf_dir/$site_name.conf;
+    echo -e 'error_log /var/log/nginx/err-certbot.log;' >>$conf_dir/$site_name.conf;
+    echo -e 'access_log /var/log/nginx/access-certbot.log;' >>$conf_dir/$site_name.conf;
+    echo -e '}' >>$conf_dir/$site_name.conf;
+    ln -s $conf_dir/$site_name.conf $sites_nginx/$site_name.conf
 fi
 }
 
+##--@F create configs
+function pHelp(){
+echo "$sname:$version"
+echo "please input pameters: avto4certbot.sh --create [apache & nginx]| --update [apache & nginx] | --flist [apache & nginx]";
+echo "avto4certbot.sh --create; create new certificate or --create [apache & nginx]; create new certificate " 
+echo "avto4certbot.sh --update; update certificates or --update [apache & nginx]; update [apache & nginx];"
+echo "avto4certbot.sh --flist; update certificates from ssl or --flist [apache & nginx]; rescan list certificates;"
+echo "avto4certbot.sh --help; this help"
+echo "* examples:"
+echo "avtocertbot.sh --test apache"
+echo "or"
+echo "avtocertbot.sh --test nginx"
+}
+
 case "$cmd" in
 
 ## create cert
 "--create" | "--create" )
-
-downSite;
-upSite;
-createCert;
-toSSL;
-downSite;
-if [ "$opt" == "srv" ]; then
-restartService;
+if [ "$opt" != "" ]]; then
+  mode="create";
+  execTask;
 else
-restoreSite;
+  echo "no parameter specified - nginx or apache?"
 fi
-
 ;;
 
 ## update cert
 "--update" | "--update" )
-
-downSite;
-upSite;
-renew;
-downSite;
-if [[ "$opt" == "srv" ]] && [[ $valtrue != 0 ]]; then
- restartService;
+if [ "$opt" != "" ]]; then
+  mode="update";
+  execTask;
 else
- restoreSite;
+  echo "no parameter specified - nginx or apache?"
 fi
-
 ;;
 
 ## update cert
 "--test" | "--test" )
-if [ "$opt" != "" ]; then
-  getInfo;
+if [ "$opt" != "" ]]; then
+  mode="test";
+  execTask;
 else
   echo "no parameter specified - nginx or apache?"
-  echo "avtocertbot.sh --test apache"
 fi
-
 ;;
 
 ## update cert force
 "--flist" | "--flist" )
-toSSL;
-if [ "$opt" == "srv" ]; then
-restartService;
+if [ "$opt" != "" ]]; then
+  mode="flist";
+  execTask;
+else
+  echo "no parameter specified - nginx or apache?"
 fi
-
 ;;
 
 ## start defaults
 
 * )
 checkDep;
-echo "$sname:$version"
-echo "please input pameters: avto4certbot.sh --create [apache & nginx]| --update [apache & nginx] | --flist [apache & nginx]";
-echo "avto4certbot.sh --create; create new certificate or --create [apache & nginx]; create new certificate " 
-echo "avto4certbot.sh --update; update certificates or --update [apache & nginx]; update [apache & nginx];"
-echo "avto4certbot.sh --flist; update certificates from ssl or --flist [apache & nginx]; rescan list certificates;"
+pHelp;
 ;;
 esac