Browse Source

create prerelease 17.01.25:21.24

root 2 months ago
parent
commit
df42f407f7
2 changed files with 179 additions and 70 deletions
  1. 2 0
      avto4certbot.dev/avto4certbot.conf
  2. 177 70
      avto4certbot.dev/avto4certbot.sh

+ 2 - 0
avto4certbot.dev/avto4certbot.conf

@@ -11,9 +11,11 @@ services=(
11 11
  );
12 12
 
13 13
 ## - nginx sites
14
+avalable_nginx="/etc/nginx/sites-available";
14 15
 sites_nginx="/etc/nginx/sites-enabled";
15 16
 
16 17
 ## - apache2 sites
18
+avalable_apache="/etc/apache2/sites-available";
17 19
 sites_apache="/etc/apache2/sites-enabled";
18 20
 
19 21
 # create new cert or update

+ 177 - 70
avto4certbot.dev/avto4certbot.sh

@@ -11,9 +11,16 @@ sname="avto4certbot";
11 11
 path_script=$( cd -- $( dirname -- "${BASH_SOURCE[0]}" ) &> /dev/null && pwd );
12 12
 source "$path_script/avto4certbot.conf";
13 13
 
14
+# service LAMP
15
+service="";
14 16
 
17
+# new certificate or renewal event
15 18
 event_sw=0;
16
-mode="";
19
+
20
+# event begin or end the work script
21
+event_key="1";
22
+
23
+# message from errors
17 24
 reports=();
18 25
 
19 26
 ##--@S static values
@@ -46,6 +53,9 @@ fi
46 53
 
47 54
 if [ $sites_apache == "" ]; then
48 55
   sites_apache="/etc/apache2/sites-enabled";
56
+  if [ "$(apachectl -M|grep rewrite|wc -m)" == "0" ]; then
57
+    a2enmod rewrite
58
+  fi
49 59
 fi
50 60
 
51 61
 if [ $path_ssl == "" ]; then
@@ -76,10 +86,12 @@ fi
76 86
 if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
77 87
   find $sites_apache/* -maxdepth 0 -type l -printf '%f\n' >$tmp_dir/active_sites.inf 2>/dev/null;
78 88
   get_tools[${#get_tools[@]}]="apache2";
89
+  service="apache2";
79 90
 fi
80 91
 if [[ $opt != "apache" ]] || [[ "$opt" == "nginx" ]]; then
81 92
   find $sites_nginx/* -maxdepth 0 -type l -printf '%f\n' >$tmp_dir/active_sites.inf 2>/dev/null;
82 93
   get_tools[${#get_tools[@]}]="nginx";
94
+  service="nginx";
83 95
 fi
84 96
 }
85 97
 
@@ -109,6 +121,43 @@ function checkDep() {
109 121
     done
110 122
 }
111 123
 
124
+function swSites(){
125
+## clear job link
126
+if [ "$event_key" = "1" ]; then
127
+  for ((xd=0; xd != ${#domains[@]}; xd++)); do
128
+    local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
129
+    site_name="${site_data[0]}";
130
+    if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
131
+      if [ -f $sites_apache/$site_name.conf ]; then
132
+        rm $sites_apache/$site_name.conf
133
+      fi
134
+    fi
135
+    if [[ $opt != "apache" ]] || [[ "$opt" == "nginx" ]]; then
136
+      if [ -f $sites_nginx/$site_name.conf ]; then
137
+        rm $sites_nginx/$site_name.conf
138
+      fi
139
+    fi
140
+  done
141
+fi
142
+## restore job link
143
+if [ "$event_key" = "0" ]; then
144
+  for ((xd=0; xd != ${#domains[@]}; xd++)); do
145
+    local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
146
+    site_name="${site_data[0]}";
147
+    if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
148
+      if [ ! -f $sites_apache/$site_name.conf ]; then
149
+        ln -s $available_apache/$site_name.conf $sites_apache/$site_name.conf
150
+      fi
151
+    fi
152
+    if [[ $opt != "apache" ]] || [[ "$opt" == "nginx" ]]; then
153
+      if [ ! -f $sites_nginx/$site_name.conf ]; then
154
+        ln -s $available_nginx/$site_name.conf $sites_apache/$site_name.conf
155
+      fi
156
+    fi
157
+  done
158
+fi
159
+}
160
+
112 161
 ##--@F make all errors
113 162
 function makeErr() {
114 163
 for ((rpt_index=0; rpt_index != ${#reports[@]}; rpt_index++))
@@ -119,44 +168,53 @@ for ((rpt_index=0; rpt_index != ${#reports[@]}; rpt_index++))
119 168
  exit 0;
120 169
 }
121 170
 
122
-##--@F exec task
123
-function execTask(){
171
+function createCert() {
172
+#
124 173
 for ((xd=0; xd != ${#domains[@]}; xd++)); do
125 174
   local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
126
-    site_name="${site_data[0]}";
127
-    site_owner="${site_data[1]}";
128
-    site_port="${site_data[2]}";
129
-  case "$cmd" in
130
-  ## create cert
131
-  "--create" | "--create" )
132
-    echo "ok1"
133
-  ;;
134
-
135
-  ## create cert
136
-  "--update" | "--update" )
137
-    echo "ok2"
138
-  ;;
139
-
140
-  ## create cert
141
-  "--flist" | "--flist" )
142
-    echo "ok3"
143
-  ;;
175
+  site_name="${site_data[0]}";
176
+  site_owner="${site_data[1]}";
177
+  certbot register -m "$site_owner" -d $site_name
178
+  sleep 2;
179
+  certbot -m "$site_owner" certonly --webroot --webroot-path $web_dir -d $site_name
180
+  sleep 3;
181
+done
182
+}
144 183
 
145
-  ## start defaults
146
-  * )
147
-  reports=()
148
-  reports[${#reports[@]}]="error option!"
149
-  makeErr;
150
-    ;;
151
-  esac
152 184
 
185
+##--@F exec task
186
+function scanSSL(){
187
+## if event - yes
188
+event_sw=0;
189
+rdate=$(date +%Y-%m-%d);
190
+rtime=$(date +%H:%M);
191
+for ((xd=0; xd != ${#domains[@]}; xd++)); do
192
+  local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
193
+  site_name="${site_data[0]}";
194
+  keydate=$(ls -l --time-style=long-iso $path_cert/$site_name/cert.pem |awk {'print$6'});
195
+  keytime=$(ls -l --time-style=long-iso $path_cert/$site_name/cert.pem |awk {'print$7'});
196
+  if [[ "$keydate" = "$rdate" ]] && [[ "$keytime" = "$rtime" ]]; then
197
+    ((event_sw++));
198
+      if [ -d $path_cert/$site_name ]; then
199
+        cat $path_cert/$site_name/privkey.pem > $path_ssl/private/privkey_$site_name.pem;
200
+        cat $path_cert/$site_name/fullchain.pem > $path_ssl/private/fullchain_$site_name.pem;
201
+        cat $path_cert/$site_name/fullchain.pem > $path_ssl/private/$site_name.pem;
202
+        cat $path_cert/$site_name/privkey.pem >> $path_ssl/private/$site_name.pem;
203
+      #
204
+        cp -f $path_ssl/private/$site_name.pem $path_ssl/certs/$site_name.pem
205
+        cd $path_ssl/certs
206
+        chmod 600 $site_name.pem
207
+        ln -sf $site_name.pem `openssl x509 -noout -hash < $site_name.pem`.0
208
+        cd $path_ssl
209
+        echo "$(date) - $sname: update cert for  $site_name">> $log;
210
+      fi
211
+  fi
153 212
 done
154 213
 
155
-## if event - yes
156 214
 if [ $event_sw != 0 ];then
157 215
   echo>/etc/ssl/crt-list.txt
158
-  for ((xt=0; xt != ${#domains[@]}; xt++)); do
159
-    local site_data=( $(echo -e ${domains[$xt]}|sed 's/ /\n /g') );
216
+  for ((xd=0; xd != ${#domains[@]}; xd++)); do
217
+    local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
160 218
     echo "$path_ssl/${site_data[0]}.pem">>/etc/ssl/crt-list.txt
161 219
   done
162 220
 fi
@@ -164,49 +222,58 @@ fi
164 222
 
165 223
 ##--@F create configs
166 224
 function createConf(){
167
-## apache2 config
168
-if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
225
+for ((xd=0; xd != ${#domains[@]}; xd++)); do
226
+  local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
227
+  site_name="${site_data[0]}";
228
+  site_owner="${site_data[1]}";
229
+  site_port="${site_data[2]}";
230
+  ## apache2 config
231
+  if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
169 232
     echo >$conf_dir/$site_name.conf;
170 233
     echo -e '<VirtualHost *:'"$site_port"'>' >>$conf_dir/$site_name.conf;
171
-    echo -e 'ServerName '"$site_name"'' >>$conf_dir/$site_name.conf;
172
-    echo -e 'ServerAlias '"$site_name"'' >>$conf_dir/$site_name.conf;
173
-    echo -e 'DocumentRoot '"$web_dir"'' >>$conf_dir/$site_name.conf;
174
-    echo -e '\n' >>$conf_dir/$site_name.conf;
175
-    echo -e '<Directory'"$web_dir"' >' >>$conf_dir/$site_name.conf;
176
-    echo -e 'Options -Indexes +FollowSymLinks +MultiViews' >>$conf_dir/$site_name.conf;
177
-    echo -e 'AllowOverride All' >>$conf_dir/$site_name.conf;
178
-    echo -e 'Require all granted' >>$conf_dir/$site_name.conf;
179
-    echo -e '</Directory>' >>$conf_dir/$site_name.conf;
180
-    echo -e '\n' >>$conf_dir/$site_name.conf;
181
-    echo -e 'ErrorLog ${APACHE_LOG_DIR}/error.log' >>$conf_dir/$site_name.conf;
182
-    echo -e 'CustomLog ${APACHE_LOG_DIR}/access.log combined' >>$conf_dir/$site_name.conf;
234
+    echo -e '  ServerName '"$site_name"'' >>$conf_dir/$site_name.conf;
235
+    echo -e '  ServerAlias '"$site_name"'' >>$conf_dir/$site_name.conf;
236
+    echo -e '  DocumentRoot '"$web_dir"'' >>$conf_dir/$site_name.conf;
237
+    echo -e ''>>$conf_dir/$site_name.conf;
238
+    echo -e '  <Directory '"$web_dir"'>' >>$conf_dir/$site_name.conf;
239
+    echo -e '    RewriteEngine On'>>$conf_dir/$site_name.conf;
240
+    echo -e '    RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/'>>$conf_dir/$site_name.conf;
241
+    echo -e '    Options -Indexes +FollowSymLinks +MultiViews' >>$conf_dir/$site_name.conf;
242
+    echo -e '    AllowOverride All' >>$conf_dir/$site_name.conf;
243
+    echo -e '    Require all granted' >>$conf_dir/$site_name.conf;
244
+    echo -e '  </Directory>\n' >>$conf_dir/$site_name.conf;
245
+    echo -e '  ErrorLog ${APACHE_LOG_DIR}/error.log' >>$conf_dir/$site_name.conf;
246
+    echo -e '  CustomLog ${APACHE_LOG_DIR}/access.log combined' >>$conf_dir/$site_name.conf;
183 247
     echo -e '</VirtualHost>' >>$conf_dir/$site_name.conf;
184
-    ln -s $conf_dir/$site_name.conf $sites_apache/$site_name.conf
185
-fi
248
+    if [ ! -f $sites_apache/$site_name.conf ]; then
249
+      ln -s $conf_dir/$site_name.conf $sites_apache/$site_name.conf
250
+    fi
251
+  fi
186 252
 
187
-## nginx config
188
-if [[ $opt != "apache" ]] || [[ "$opt" == "nginx" ]]; then
253
+  ## nginx config
254
+  if [[ $opt != "apache" ]] || [[ "$opt" == "nginx" ]]; then
189 255
     echo >$conf_dir/$site_name.conf;
190
-    echo -e 'server { listen      0.0.0.0:'"$site_port"';' >>$conf_dir/$site_name.conf;
191
-    echo -e 'server_name '"$site_name"';' >>$conf_dir/$site_name.conf;
192
-    echo -e '\n' >>$conf_dir/$site_name.conf;
193
-    echo -e 'location /.well-known/acme-challenge {' >>$conf_dir/$site_name.conf;
256
+    echo -e 'server { listen 0.0.0.0:'"$site_port"';' >>$conf_dir/$site_name.conf;
257
+    echo -e '  server_name '"$site_name"';' >>$conf_dir/$site_name.conf;
258
+    echo -e '  location /.well-known/acme-challenge {' >>$conf_dir/$site_name.conf;
194 259
     echo -e '    allow all;' >>$conf_dir/$site_name.conf;
195 260
     echo -e '    autoindex off;' >>$conf_dir/$site_name.conf;
196 261
     echo -e '    default_type "text/plain";' >>$conf_dir/$site_name.conf;
197 262
     echo -e '    root '"$web_dir"';' >>$conf_dir/$site_name.conf;
198
-    echo -e '}' >>$conf_dir/$site_name.conf;
199
-    echo -e 'location = /.well-known {' >>$conf_dir/$site_name.conf;
263
+    echo -e '  }' >>$conf_dir/$site_name.conf;
264
+    echo -e '  location = /.well-known {' >>$conf_dir/$site_name.conf;
200 265
     echo -e '    return 404;' >>$conf_dir/$site_name.conf;
266
+    echo -e '  }' >>$conf_dir/$site_name.conf;
267
+    echo -e '  error_page 404 /404.html;' >>$conf_dir/$site_name.conf;
268
+    echo -e '  error_page 500 502 503 504 /50x.html;\n' >>$conf_dir/$site_name.conf;
269
+    echo -e '  error_log /var/log/nginx/err-certbot.log;' >>$conf_dir/$site_name.conf;
270
+    echo -e '  access_log /var/log/nginx/access-certbot.log;' >>$conf_dir/$site_name.conf;
201 271
     echo -e '}' >>$conf_dir/$site_name.conf;
202
-    echo -e 'error_page 404 /404.html;' >>$conf_dir/$site_name.conf;
203
-    echo -e 'error_page 500 502 503 504 /50x.html;' >>$conf_dir/$site_name.conf;
204
-    echo -e '\n' >>$conf_dir/$site_name.conf;
205
-    echo -e 'error_log /var/log/nginx/err-certbot.log;' >>$conf_dir/$site_name.conf;
206
-    echo -e 'access_log /var/log/nginx/access-certbot.log;' >>$conf_dir/$site_name.conf;
207
-    echo -e '}' >>$conf_dir/$site_name.conf;
208
-    ln -s $conf_dir/$site_name.conf $sites_nginx/$site_name.conf
209
-fi
272
+    if [ ! -f $sites_nginx/$site_name.conf ]; then
273
+      ln -s $conf_dir/$site_name.conf $sites_nginx/$site_name.conf
274
+    fi
275
+  fi
276
+done
210 277
 }
211 278
 
212 279
 ##--@F create configs
@@ -223,12 +290,52 @@ echo "  or"
223 290
 echo "  avtocertbot.sh --update nginx"
224 291
 }
225 292
 
226
-if [ "$opt" != "" ]; then
227
-  getInfo;
228
-  checkDep;
229
-  execTask;
230
-else
231
-  pHelp;
232
-fi
293
+case "$cmd" in
294
+  ## create cert
295
+  "--create" | "--create" )
296
+    getInfo;
297
+    checkDep;
298
+    event_key="1";
299
+    systemctl stop $service;
300
+    swSites;
301
+    createConf;
302
+    systemctl start $service;
303
+    createCert;
304
+    scanSSL;
305
+    event_key="0";
306
+    systemctl stop $service;
307
+    swSites;
308
+    systemctl start $service;
309
+  ;;
310
+
311
+  ## create cert
312
+  "--update" | "--update" )
313
+   getInfo;
314
+   checkDep;
315
+   event_key="1";
316
+   systemctl stop $service;
317
+   swSites;
318
+   createConf;
319
+   systemctl start $service;
320
+   certbot -n renew;
321
+   scanSSL;
322
+   event_key="0";
323
+   systemctl stop $service;
324
+   swSites;
325
+   systemctl start $service;
326
+  ;;
327
+
328
+  ## create cert
329
+  "--flist" | "--flist" )
330
+    getInfo;
331
+    checkDep;
332
+    scanSSL;
333
+  ;;
334
+
335
+  ## start defaults
336
+  * )
337
+    pHelp;
338
+    ;;
339
+  esac
233 340
 
234 341
 exit