Browse Source

create new script 16.01.25:20.55

root 2 months ago
parent
commit
aa4caa63ea
3 changed files with 160 additions and 213 deletions
  1. 22 0
      apache2_examples/examples.conf
  2. 6 0
      avto4certbot.dev/avto4certbot.conf
  3. 132 213
      avto4certbot.dev/avto4certbot.sh

+ 22 - 0
apache2_examples/examples.conf

@@ -0,0 +1,22 @@
1
+<VirtualHost *:8080>
2
+ServerName example.com
3
+ServerAlias www.example.com
4
+DocumentRoot /home/www/plug
5
+
6
+
7
+<Directory /home/www/plug>
8
+Options -Indexes +FollowSymLinks +MultiViews
9
+AllowOverride All
10
+Require all granted
11
+#RewriteEngine On
12
+#RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
13
+#RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
14
+</Directory>
15
+
16
+<FilesMatch \.php$>
17
+    SetHandler "proxy:fcgi://127.0.0.1:9000"
18
+</FilesMatch>
19
+
20
+ErrorLog ${APACHE_LOG_DIR}/error.log
21
+CustomLog ${APACHE_LOG_DIR}/access.log combined
22
+</VirtualHost>

+ 6 - 0
avto4certbot.dev/avto4certbot.conf

@@ -5,6 +5,11 @@ domains=(
5 5
  "mydomen2.ru admin@mydomen.ru 80"
6 6
  );
7 7
 
8
+## if update - restart this services
9
+services=(
10
+    "apache2"
11
+ );
12
+
8 13
 ## - nginx sites
9 14
 sites_nginx="/etc/nginx/sites-enabled";
10 15
 
@@ -20,3 +25,4 @@ tmp_dir="/tmp/certbot";
20 25
 
21 26
 ## log file
22 27
 log_file="/var/log/syslog";
28
+

+ 132 - 213
avto4certbot.dev/avto4certbot.sh

@@ -11,6 +11,11 @@ sname="avto4certbot";
11 11
 path_script=$( cd -- $( dirname -- "${BASH_SOURCE[0]}" ) &> /dev/null && pwd );
12 12
 source "$path_script/avto4certbot.conf";
13 13
 
14
+
15
+event_sw=0;
16
+mode="";
17
+reports=();
18
+
14 19
 ##--@S static values
15 20
 # depends
16 21
 pkgdep=("curl" "certbot" "letsencrypt") # packages
@@ -24,10 +29,50 @@ opt=$2;
24 29
 
25 30
 #--@F Get info area
26 31
 function getInfo() {
32
+## test - null values
33
+if [ $tmp_dir == "" ]; then
34
+  tmp_dir="/tmp";
35
+fi
36
+web_dir="$tmp_dir/www"
37
+conf_dir="$tmp_dir/conf"
38
+
39
+if [ $log_file == "" ]; then
40
+  log_file="/var/log/syslog";
41
+fi
42
+
43
+if [ $sites_nginx == "" ]; then
44
+  sites_nginx="/etc/nginx/sites-enabled";
45
+fi
46
+
47
+if [ $sites_apache == "" ]; then
48
+  sites_apache="/etc/apache2/sites-enabled";
49
+fi
50
+
51
+if [ $path_ssl == "" ]; then
52
+  path_ssl="/etc/ssl";
53
+fi
54
+
55
+if [ $path_cert == "" ]; then
56
+  path_cert="/etc/letsencrypt/live";
57
+fi
58
+
59
+## create temp directory
27 60
 if [ ! -d $tmp_dir ]; then
28 61
  mkdir -p $tmp_dir;
29 62
 fi
30 63
 
64
+## create web directory
65
+if [ ! -d "$web_dir/.well-known/acme-challenge" ]; then
66
+ mkdir -p $web_dir/.well-known/acme-challenge;
67
+ chown -R www-data:www-data $web_dir;
68
+fi
69
+
70
+## create conf directory
71
+if [ ! -d $conf_dir ]; then
72
+ mkdir -p $conf_dir;
73
+fi
74
+
75
+##
31 76
 if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
32 77
   find $sites_apache/* -maxdepth 0 -type l -printf '%f\n' >$tmp_dir/active_sites.inf;
33 78
 fi
@@ -66,57 +111,32 @@ function checkDep() {
66 111
 function makeErr() {
67 112
 for ((rpt_index=0; rpt_index != ${#reports[@]}; rpt_index++))
68 113
     do
69
-    echo  "$rdate $sname: ${reports[$rpt_index]}">>$log;
114
+    echo  "$rdate $sname: ${reports[$rpt_index]}">>$log_file;
70 115
     echo   "${reports[$rpt_index]}";
71 116
     done
72 117
  exit 0;
73 118
 }
74 119
 
75
-function createCert() {
76
-#
77
-for ((dmn=0; dmn != ${#domains[@]}; dmn++))
78
-    do
79
-eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
80
-    if [ "$cmd" == "--create" ];
81
-        then
82
-            certbot -m "${dreg[1]}";
83
-        else
84
-            certbot --update-registration -m "${dreg[1]}";
85
-    fi
86
-##
87
-## example manual: certbot certonly --webroot --webroot-path /tmp/letsencrypt -d mydomen.ru
88
-certbot certonly --webroot --webroot-path $www_root -d ${dreg[0]}
89
-done
90
-}
120
+##--@F exec task
121
+function execTask(){
122
+for ((xd=0; xd != ${#domains[@]}; xd++)); do
123
+  local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
124
+    site_name="${site_data[0]}";
125
+    site_owner="${site_data[1]}";
126
+    site_port="${site_data[2]}";
127
+  if [[ "$mode" !="" ]] || [[ "$mode" == "create"]]; then
128
+    echo
129
+  fi
130
+  if [[ "$mode" !="" ]] || [[ "$mode" == "update"]]; then
91 131
 
92
-function renew() {
93
-certbot renew;
94
-valtrue=0;
95
-rdate=$(date +%Y-%m-%d);
96
-rtime=$(date +%H:%M);
97
-for ((dmn=0; dmn != ${#domains[@]}; dmn++))
98
-    do
99
-    eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
100
-     keydate=$(ls -l --time-style=long-iso $path_cert/${dreg[0]}/cert.pem |awk {'print$6'});
101
-     keytime=$(ls -l --time-style=long-iso $path_cert/${dreg[0]}/cert.pem |awk {'print$7'});
102
-     if [[ "$keydate" = "$rdate" ]] && [[ "$keytime" = "$rtime" ]]; then
103
-         ((valtrue++));
104
-		if [ -d $path_cert/${dreg[0]} ]; then
105
-		cat $path_cert/${dreg[0]}/privkey.pem > $path_ssl/private/privkey_${dreg[0]}.pem;
106
-		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/fullchain_${dreg[0]}.pem;
107
-    		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/${dreg[0]}.pem;
108
-    		cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
109
-#
110
-    		cp -f $path_ssl/private/${dreg[0]}.pem $path_ssl/certs/${dreg[0]}.pem
111
-    		cd $path_ssl/certs
112
-    		chmod 600 ${dreg[0]}.pem
113
-    		ln -sf ${dreg[0]}.pem `openssl x509 -noout -hash < ${dreg[0]}.pem`.0
114
-    		cd $path_ssl
115
-    		echo "$(date) - $sname: update cert for  ${domains[$dmn]}">> $log;
116
-		fi
117
-      fi
132
+  fi
133
+  if [[ "$mode" !="" ]] || [[ "$mode" == "flist"]]; then
134
+
135
+  fi
118 136
 done
119
-if [ $valtrue != 0 ];then
137
+
138
+## if event - yes
139
+if [ $event_sw != 0 ];then
120 140
      :>/etc/ssl/crt-list.txt
121 141
         for ((icrt=0; icrt != ${#domains[@]}; icrt++))
122 142
          do
@@ -125,215 +145,114 @@ if [ $valtrue != 0 ];then
125 145
 fi
126 146
 }
127 147
 
128
-
129
-function toSSL() {
130
-if [ -d $path_cert ];
131
-    then
132
-        for ((dmn=0; dmn != ${#domains[@]}; dmn++))
133
-            do
134
-                eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
135
-                ((valtrue++));
136
-		if [ -d $path_cert/${dreg[0]} ]; then
137
-		cat $path_cert/${dreg[0]}/privkey.pem > $path_ssl/private/privkey_${dreg[0]}.pem;
138
-		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/fullchain_${dreg[0]}.pem;
139
-    		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/${dreg[0]}.pem;
140
-    		cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
141
-#
142
-                cp -f $path_ssl/private/${dreg[0]}.pem $path_ssl/certs/${dreg[0]}.pem
143
-                cd $path_ssl/certs
144
-                chmod 600 ${dreg[0]}.pem
145
-                ln -sf ${dreg[0]}.pem `openssl x509 -noout -hash < ${dreg[0]}.pem`.0
146
-                cd $path_ssl
147
-                echo "$(date) - $sname: update certlist for  ${domains[$dmn]}">> $log;
148
-		fi
149
-        done
150
-        if [ $valtrue != 0 ]; then
151
-                echo >/etc/ssl/crt-list.txt
152
-            for ((icrt=0; icrt != ${#domains[@]}; icrt++))
153
-                do
154
-                eval local dcrt="(" $(echo -e ${domains[$icrt]}) ")";
155
-                echo "$path_ssl/private/${dcrt[0]}.pem">>/etc/ssl/crt-list.txt
156
-            done
157
-        fi
158
-    else
159
-        echo "Ошибка - отсутствует $path_cert!"
160
-	echo "$(date) - $sname: Ошибка - отсутствует $path_cert!">> $log;
161
-fi
162
-}
163
-
164
-function downSite(){
165
-sudo systemctl stop nginx.service;
166
-eval list_www="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n' 2>/dev/null) ")";
167
-
168
-if [ ${#list_www[@]} != 0 ]; then
169
-for ((dwx=0; dwx != ${#list_www[@]}; dwx++))
170
-    do
171
-      rm $nginx_enable/${list_www[dwx]};
172
-done
173
-fi
174
-}
175
-
176
-function upSite(){
177
-sudo systemctl stop nginx.service;
178
-eval cert_bot="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n' 2>/dev/null) ")";
179
-for ((cr=0; cr != ${#cert_bot[@]}; cr++))
180
-    do
181
-      rm $nginx_enable/${cert_bot[cr]};
182
-done
183
-for ((dnm=0; dnm != ${#domains[@]}; dnm++))
184
-    do
185
-eval local dcert="(" $(echo -e ${domains[$dnm]}) ")";
186
-    sitename="${dcert[0]}";
187
-    siteport="${dcert[2]}";
188
-    createConf;
189
-done
190
-sudo systemctl start nginx.service;
191
-}
192
-
193
-function restoreSite() {
194
-sudo systemctl stop nginx.service;
195
-eval list_www="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n' 2>/dev/null) ")";
196
-
197
-if [ ${#list_www[@]} != 0 ]; then
198
-for ((dwx=0; dwx != ${#list_www[@]}; dwx++))
199
-    do
200
-      rm $nginx_enable/${list_www[dwx]};
201
-done
202
-fi
203
-for ((dwx=0; dwx != ${#enable_www[@]}; dwx++))
204
-    do
205
-	ln -s $nginx_available/${enable_www[dwx]} $nginx_enable/${enable_www[dwx]};
206
-done
207
-sudo systemctl start nginx.service;
208
-}
209
-
148
+##--@F create configs
210 149
 function createConf(){
211
-  if [ ! -d $path_tmp/conf ]; then
212
-      mkdir -p $path_tmp/conf;
213
-  fi
214
-
215
-  if [ ! -d $www_root ]; then
216
-      mkdir -p $www_root/.well-known/acme-challenge;
217
-      chown -R www-data:www-data $www_root;
218
-  fi
219
-
220 150
 ## apache2 config
221 151
 if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
222
-    echo >$path_tmp/$sitename.conf;
223
-    echo -e 'server { listen      0.0.0.0:'"$siteport"';' >>$path_tmp/$sitename.conf;
224
-    echo -e '\n' >>$path_tmp/$sitename.conf;
225
-    echo -e 'server_name '"$sitename"';' >>$path_tmp/$sitename.conf;
226
-    echo -e '\n' >>$path_tmp/$sitename.conf;
227
-    echo -e 'location /.well-known/acme-challenge {' >>$path_tmp/$sitename.conf;
228
-    echo -e '    allow all;' >>$path_tmp/$sitename.conf;
229
-    echo -e '    autoindex off;' >>$path_tmp/$sitename.conf;
230
-    echo -e '    default_type "text/plain";' >>$path_tmp/$sitename.conf;
231
-    echo -e '    root '"$www_root"';' >>$path_tmp/$sitename.conf;
232
-    echo -e '}' >>$path_tmp/$sitename.conf;
233
-    echo -e '\n' >>$path_tmp/$sitename.conf;
234
-    echo -e 'location = /.well-known {' >>$path_tmp/$sitename.conf;
235
-    echo -e '    return 404;' >>$path_tmp/$sitename.conf;
236
-    echo -e '}' >>$path_tmp/$sitename.conf;
237
-    echo -e '\n' >>$path_tmp/$sitename.conf;
238
-    echo -e 'error_page 404 /404.html;' >>$path_tmp/$sitename.conf;
239
-    echo -e 'error_page 500 502 503 504 /50x.html;' >>$path_tmp/$sitename.conf;
240
-    echo -e '\n' >>$path_tmp/$sitename.conf;
241
-    echo -e 'error_log /var/log/nginx/err-certbot.log;' >>$path_tmp/$sitename.conf;
242
-    echo -e 'access_log /var/log/nginx/access-certbot.log;' >>$path_tmp/$sitename.conf;
243
-    echo -e '}' >>$path_tmp/$sitename.conf;
244
-    ln -s $path_tmp/$sitename.conf $nginx_enable/$sitename.conf
152
+    echo >$conf_dir/$site_name.conf;
153
+    echo -e '<VirtualHost *:'"$site_port"'>' >>$conf_dir/$site_name.conf;
154
+    echo -e 'ServerName '"$site_name"'' >>$conf_dir/$site_name.conf;
155
+    echo -e 'ServerAlias '"$site_name"'' >>$conf_dir/$site_name.conf;
156
+    echo -e 'DocumentRoot '"$web_dir"'' >>$conf_dir/$site_name.conf;
157
+    echo -e '\n' >>$conf_dir/$site_name.conf;
158
+    echo -e '<Directory'"$web_dir"' >' >>$conf_dir/$site_name.conf;
159
+    echo -e 'Options -Indexes +FollowSymLinks +MultiViews' >>$conf_dir/$site_name.conf;
160
+    echo -e 'AllowOverride All' >>$conf_dir/$site_name.conf;
161
+    echo -e 'Require all granted' >>$conf_dir/$site_name.conf;
162
+    echo -e '</Directory>' >>$conf_dir/$site_name.conf;
163
+    echo -e '\n' >>$conf_dir/$site_name.conf;
164
+    echo -e 'ErrorLog ${APACHE_LOG_DIR}/error.log' >>$conf_dir/$site_name.conf;
165
+    echo -e 'CustomLog ${APACHE_LOG_DIR}/access.log combined' >>$conf_dir/$site_name.conf;
166
+    echo -e '</VirtualHost>' >>$conf_dir/$site_name.conf;
167
+    ln -s $conf_dir/$site_name.conf $sites_apache/$site_name.conf
245 168
 fi
246 169
 
247 170
 ## nginx config
248 171
 if [[ $opt != "apache" ]] || [[ "$opt" == "nginx" ]]; then
249
-    echo >$path_tmp/$sitename.conf;
250
-    echo -e 'server { listen      0.0.0.0:'"$siteport"';' >>$path_tmp/$sitename.conf;
251
-    echo -e '\n' >>$path_tmp/$sitename.conf;
252
-    echo -e 'server_name '"$sitename"';' >>$path_tmp/$sitename.conf;
253
-    echo -e '\n' >>$path_tmp/$sitename.conf;
254
-    echo -e 'location /.well-known/acme-challenge {' >>$path_tmp/$sitename.conf;
255
-    echo -e '    allow all;' >>$path_tmp/$sitename.conf;
256
-    echo -e '    autoindex off;' >>$path_tmp/$sitename.conf;
257
-    echo -e '    default_type "text/plain";' >>$path_tmp/$sitename.conf;
258
-    echo -e '    root '"$www_root"';' >>$path_tmp/$sitename.conf;
259
-    echo -e '}' >>$path_tmp/$sitename.conf;
260
-    echo -e '\n' >>$path_tmp/$sitename.conf;
261
-    echo -e 'location = /.well-known {' >>$path_tmp/$sitename.conf;
262
-    echo -e '    return 404;' >>$path_tmp/$sitename.conf;
263
-    echo -e '}' >>$path_tmp/$sitename.conf;
264
-    echo -e '\n' >>$path_tmp/$sitename.conf;
265
-    echo -e 'error_page 404 /404.html;' >>$path_tmp/$sitename.conf;
266
-    echo -e 'error_page 500 502 503 504 /50x.html;' >>$path_tmp/$sitename.conf;
267
-    echo -e '\n' >>$path_tmp/$sitename.conf;
268
-    echo -e 'error_log /var/log/nginx/err-certbot.log;' >>$path_tmp/$sitename.conf;
269
-    echo -e 'access_log /var/log/nginx/access-certbot.log;' >>$path_tmp/$sitename.conf;
270
-    echo -e '}' >>$path_tmp/$sitename.conf;
271
-    ln -s $path_tmp/$sitename.conf $nginx_enable/$sitename.conf
172
+    echo >$conf_dir/$site_name.conf;
173
+    echo -e 'server { listen      0.0.0.0:'"$site_port"';' >>$conf_dir/$site_name.conf;
174
+    echo -e 'server_name '"$site_name"';' >>$conf_dir/$site_name.conf;
175
+    echo -e '\n' >>$conf_dir/$site_name.conf;
176
+    echo -e 'location /.well-known/acme-challenge {' >>$conf_dir/$site_name.conf;
177
+    echo -e '    allow all;' >>$conf_dir/$site_name.conf;
178
+    echo -e '    autoindex off;' >>$conf_dir/$site_name.conf;
179
+    echo -e '    default_type "text/plain";' >>$conf_dir/$site_name.conf;
180
+    echo -e '    root '"$web_dir"';' >>$conf_dir/$site_name.conf;
181
+    echo -e '}' >>$conf_dir/$site_name.conf;
182
+    echo -e 'location = /.well-known {' >>$conf_dir/$site_name.conf;
183
+    echo -e '    return 404;' >>$conf_dir/$site_name.conf;
184
+    echo -e '}' >>$conf_dir/$site_name.conf;
185
+    echo -e 'error_page 404 /404.html;' >>$conf_dir/$site_name.conf;
186
+    echo -e 'error_page 500 502 503 504 /50x.html;' >>$conf_dir/$site_name.conf;
187
+    echo -e '\n' >>$conf_dir/$site_name.conf;
188
+    echo -e 'error_log /var/log/nginx/err-certbot.log;' >>$conf_dir/$site_name.conf;
189
+    echo -e 'access_log /var/log/nginx/access-certbot.log;' >>$conf_dir/$site_name.conf;
190
+    echo -e '}' >>$conf_dir/$site_name.conf;
191
+    ln -s $conf_dir/$site_name.conf $sites_nginx/$site_name.conf
272 192
 fi
273 193
 }
274 194
 
195
+##--@F create configs
196
+function pHelp(){
197
+echo "$sname:$version"
198
+echo "please input pameters: avto4certbot.sh --create [apache & nginx]| --update [apache & nginx] | --flist [apache & nginx]";
199
+echo "avto4certbot.sh --create; create new certificate or --create [apache & nginx]; create new certificate " 
200
+echo "avto4certbot.sh --update; update certificates or --update [apache & nginx]; update [apache & nginx];"
201
+echo "avto4certbot.sh --flist; update certificates from ssl or --flist [apache & nginx]; rescan list certificates;"
202
+echo "avto4certbot.sh --help; this help"
203
+echo "* examples:"
204
+echo "avtocertbot.sh --test apache"
205
+echo "or"
206
+echo "avtocertbot.sh --test nginx"
207
+}
208
+
275 209
 case "$cmd" in
276 210
 
277 211
 ## create cert
278 212
 "--create" | "--create" )
279
-
280
-downSite;
281
-upSite;
282
-createCert;
283
-toSSL;
284
-downSite;
285
-if [ "$opt" == "srv" ]; then
286
-restartService;
213
+if [ "$opt" != "" ]]; then
214
+  mode="create";
215
+  execTask;
287 216
 else
288
-restoreSite;
217
+  echo "no parameter specified - nginx or apache?"
289 218
 fi
290
-
291 219
 ;;
292 220
 
293 221
 ## update cert
294 222
 "--update" | "--update" )
295
-
296
-downSite;
297
-upSite;
298
-renew;
299
-downSite;
300
-if [[ "$opt" == "srv" ]] && [[ $valtrue != 0 ]]; then
301
- restartService;
223
+if [ "$opt" != "" ]]; then
224
+  mode="update";
225
+  execTask;
302 226
 else
303
- restoreSite;
227
+  echo "no parameter specified - nginx or apache?"
304 228
 fi
305
-
306 229
 ;;
307 230
 
308 231
 ## update cert
309 232
 "--test" | "--test" )
310
-if [ "$opt" != "" ]; then
311
-  getInfo;
233
+if [ "$opt" != "" ]]; then
234
+  mode="test";
235
+  execTask;
312 236
 else
313 237
   echo "no parameter specified - nginx or apache?"
314
-  echo "avtocertbot.sh --test apache"
315 238
 fi
316
-
317 239
 ;;
318 240
 
319 241
 ## update cert force
320 242
 "--flist" | "--flist" )
321
-toSSL;
322
-if [ "$opt" == "srv" ]; then
323
-restartService;
243
+if [ "$opt" != "" ]]; then
244
+  mode="flist";
245
+  execTask;
246
+else
247
+  echo "no parameter specified - nginx or apache?"
324 248
 fi
325
-
326 249
 ;;
327 250
 
328 251
 ## start defaults
329 252
 
330 253
 * )
331 254
 checkDep;
332
-echo "$sname:$version"
333
-echo "please input pameters: avto4certbot.sh --create [apache & nginx]| --update [apache & nginx] | --flist [apache & nginx]";
334
-echo "avto4certbot.sh --create; create new certificate or --create [apache & nginx]; create new certificate " 
335
-echo "avto4certbot.sh --update; update certificates or --update [apache & nginx]; update [apache & nginx];"
336
-echo "avto4certbot.sh --flist; update certificates from ssl or --flist [apache & nginx]; rescan list certificates;"
255
+pHelp;
337 256
 ;;
338 257
 esac
339 258