Browse Source

create prerelease 17.01.25:21.24

root 9 months ago
parent
commit
df42f407f7
2 changed files with 179 additions and 70 deletions
  1. 2 0
      avto4certbot.dev/avto4certbot.conf
  2. 177 70
      avto4certbot.dev/avto4certbot.sh

+ 2 - 0
avto4certbot.dev/avto4certbot.conf

@@ -11,9 +11,11 @@ services=(
11
  );
11
  );
12
 
12
 
13
 ## - nginx sites
13
 ## - nginx sites
14
+avalable_nginx="/etc/nginx/sites-available";
14
 sites_nginx="/etc/nginx/sites-enabled";
15
 sites_nginx="/etc/nginx/sites-enabled";
15
 
16
 
16
 ## - apache2 sites
17
 ## - apache2 sites
18
+avalable_apache="/etc/apache2/sites-available";
17
 sites_apache="/etc/apache2/sites-enabled";
19
 sites_apache="/etc/apache2/sites-enabled";
18
 
20
 
19
 # create new cert or update
21
 # create new cert or update

+ 177 - 70
avto4certbot.dev/avto4certbot.sh

@@ -11,9 +11,16 @@ sname="avto4certbot";
11
 path_script=$( cd -- $( dirname -- "${BASH_SOURCE[0]}" ) &> /dev/null && pwd );
11
 path_script=$( cd -- $( dirname -- "${BASH_SOURCE[0]}" ) &> /dev/null && pwd );
12
 source "$path_script/avto4certbot.conf";
12
 source "$path_script/avto4certbot.conf";
13
 
13
 
14
+# service LAMP
15
+service="";
14
 
16
 
17
+# new certificate or renewal event
15
 event_sw=0;
18
 event_sw=0;
16
-mode="";
19
+
20
+# event begin or end the work script
21
+event_key="1";
22
+
23
+# message from errors
17
 reports=();
24
 reports=();
18
 
25
 
19
 ##--@S static values
26
 ##--@S static values
@@ -46,6 +53,9 @@ fi
46
 
53
 
47
 if [ $sites_apache == "" ]; then
54
 if [ $sites_apache == "" ]; then
48
   sites_apache="/etc/apache2/sites-enabled";
55
   sites_apache="/etc/apache2/sites-enabled";
56
+  if [ "$(apachectl -M|grep rewrite|wc -m)" == "0" ]; then
57
+    a2enmod rewrite
58
+  fi
49
 fi
59
 fi
50
 
60
 
51
 if [ $path_ssl == "" ]; then
61
 if [ $path_ssl == "" ]; then
@@ -76,10 +86,12 @@ fi
76
 if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
86
 if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
77
   find $sites_apache/* -maxdepth 0 -type l -printf '%f\n' >$tmp_dir/active_sites.inf 2>/dev/null;
87
   find $sites_apache/* -maxdepth 0 -type l -printf '%f\n' >$tmp_dir/active_sites.inf 2>/dev/null;
78
   get_tools[${#get_tools[@]}]="apache2";
88
   get_tools[${#get_tools[@]}]="apache2";
89
+  service="apache2";
79
 fi
90
 fi
80
 if [[ $opt != "apache" ]] || [[ "$opt" == "nginx" ]]; then
91
 if [[ $opt != "apache" ]] || [[ "$opt" == "nginx" ]]; then
81
   find $sites_nginx/* -maxdepth 0 -type l -printf '%f\n' >$tmp_dir/active_sites.inf 2>/dev/null;
92
   find $sites_nginx/* -maxdepth 0 -type l -printf '%f\n' >$tmp_dir/active_sites.inf 2>/dev/null;
82
   get_tools[${#get_tools[@]}]="nginx";
93
   get_tools[${#get_tools[@]}]="nginx";
94
+  service="nginx";
83
 fi
95
 fi
84
 }
96
 }
85
 
97
 
@@ -109,6 +121,43 @@ function checkDep() {
109
     done
121
     done
110
 }
122
 }
111
 
123
 
124
+function swSites(){
125
+## clear job link
126
+if [ "$event_key" = "1" ]; then
127
+  for ((xd=0; xd != ${#domains[@]}; xd++)); do
128
+    local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
129
+    site_name="${site_data[0]}";
130
+    if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
131
+      if [ -f $sites_apache/$site_name.conf ]; then
132
+        rm $sites_apache/$site_name.conf
133
+      fi
134
+    fi
135
+    if [[ $opt != "apache" ]] || [[ "$opt" == "nginx" ]]; then
136
+      if [ -f $sites_nginx/$site_name.conf ]; then
137
+        rm $sites_nginx/$site_name.conf
138
+      fi
139
+    fi
140
+  done
141
+fi
142
+## restore job link
143
+if [ "$event_key" = "0" ]; then
144
+  for ((xd=0; xd != ${#domains[@]}; xd++)); do
145
+    local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
146
+    site_name="${site_data[0]}";
147
+    if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
148
+      if [ ! -f $sites_apache/$site_name.conf ]; then
149
+        ln -s $available_apache/$site_name.conf $sites_apache/$site_name.conf
150
+      fi
151
+    fi
152
+    if [[ $opt != "apache" ]] || [[ "$opt" == "nginx" ]]; then
153
+      if [ ! -f $sites_nginx/$site_name.conf ]; then
154
+        ln -s $available_nginx/$site_name.conf $sites_apache/$site_name.conf
155
+      fi
156
+    fi
157
+  done
158
+fi
159
+}
160
+
112
 ##--@F make all errors
161
 ##--@F make all errors
113
 function makeErr() {
162
 function makeErr() {
114
 for ((rpt_index=0; rpt_index != ${#reports[@]}; rpt_index++))
163
 for ((rpt_index=0; rpt_index != ${#reports[@]}; rpt_index++))
@@ -119,44 +168,53 @@ for ((rpt_index=0; rpt_index != ${#reports[@]}; rpt_index++))
119
  exit 0;
168
  exit 0;
120
 }
169
 }
121
 
170
 
122
-##--@F exec task
123
-function execTask(){
171
+function createCert() {
172
+#
124
 for ((xd=0; xd != ${#domains[@]}; xd++)); do
173
 for ((xd=0; xd != ${#domains[@]}; xd++)); do
125
   local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
174
   local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
126
-    site_name="${site_data[0]}";
127
-    site_owner="${site_data[1]}";
128
-    site_port="${site_data[2]}";
129
-  case "$cmd" in
130
-  ## create cert
131
-  "--create" | "--create" )
132
-    echo "ok1"
133
-  ;;
134
-
135
-  ## create cert
136
-  "--update" | "--update" )
137
-    echo "ok2"
138
-  ;;
139
-
140
-  ## create cert
141
-  "--flist" | "--flist" )
142
-    echo "ok3"
143
-  ;;
175
+  site_name="${site_data[0]}";
176
+  site_owner="${site_data[1]}";
177
+  certbot register -m "$site_owner" -d $site_name
178
+  sleep 2;
179
+  certbot -m "$site_owner" certonly --webroot --webroot-path $web_dir -d $site_name
180
+  sleep 3;
181
+done
182
+}
144
 
183
 
145
-  ## start defaults
146
-  * )
147
-  reports=()
148
-  reports[${#reports[@]}]="error option!"
149
-  makeErr;
150
-    ;;
151
-  esac
152
 
184
 
185
+##--@F exec task
186
+function scanSSL(){
187
+## if event - yes
188
+event_sw=0;
189
+rdate=$(date +%Y-%m-%d);
190
+rtime=$(date +%H:%M);
191
+for ((xd=0; xd != ${#domains[@]}; xd++)); do
192
+  local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
193
+  site_name="${site_data[0]}";
194
+  keydate=$(ls -l --time-style=long-iso $path_cert/$site_name/cert.pem |awk {'print$6'});
195
+  keytime=$(ls -l --time-style=long-iso $path_cert/$site_name/cert.pem |awk {'print$7'});
196
+  if [[ "$keydate" = "$rdate" ]] && [[ "$keytime" = "$rtime" ]]; then
197
+    ((event_sw++));
198
+      if [ -d $path_cert/$site_name ]; then
199
+        cat $path_cert/$site_name/privkey.pem > $path_ssl/private/privkey_$site_name.pem;
200
+        cat $path_cert/$site_name/fullchain.pem > $path_ssl/private/fullchain_$site_name.pem;
201
+        cat $path_cert/$site_name/fullchain.pem > $path_ssl/private/$site_name.pem;
202
+        cat $path_cert/$site_name/privkey.pem >> $path_ssl/private/$site_name.pem;
203
+      #
204
+        cp -f $path_ssl/private/$site_name.pem $path_ssl/certs/$site_name.pem
205
+        cd $path_ssl/certs
206
+        chmod 600 $site_name.pem
207
+        ln -sf $site_name.pem `openssl x509 -noout -hash < $site_name.pem`.0
208
+        cd $path_ssl
209
+        echo "$(date) - $sname: update cert for  $site_name">> $log;
210
+      fi
211
+  fi
153
 done
212
 done
154
 
213
 
155
-## if event - yes
156
 if [ $event_sw != 0 ];then
214
 if [ $event_sw != 0 ];then
157
   echo>/etc/ssl/crt-list.txt
215
   echo>/etc/ssl/crt-list.txt
158
-  for ((xt=0; xt != ${#domains[@]}; xt++)); do
159
-    local site_data=( $(echo -e ${domains[$xt]}|sed 's/ /\n /g') );
216
+  for ((xd=0; xd != ${#domains[@]}; xd++)); do
217
+    local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
160
     echo "$path_ssl/${site_data[0]}.pem">>/etc/ssl/crt-list.txt
218
     echo "$path_ssl/${site_data[0]}.pem">>/etc/ssl/crt-list.txt
161
   done
219
   done
162
 fi
220
 fi
@@ -164,49 +222,58 @@ fi
164
 
222
 
165
 ##--@F create configs
223
 ##--@F create configs
166
 function createConf(){
224
 function createConf(){
167
-## apache2 config
168
-if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
225
+for ((xd=0; xd != ${#domains[@]}; xd++)); do
226
+  local site_data=( $(echo -e ${domains[$xd]}|sed 's/ /\n /g') );
227
+  site_name="${site_data[0]}";
228
+  site_owner="${site_data[1]}";
229
+  site_port="${site_data[2]}";
230
+  ## apache2 config
231
+  if [[ $opt != "nginx" ]] || [[ "$opt" == "apache" ]]; then
169
     echo >$conf_dir/$site_name.conf;
232
     echo >$conf_dir/$site_name.conf;
170
     echo -e '<VirtualHost *:'"$site_port"'>' >>$conf_dir/$site_name.conf;
233
     echo -e '<VirtualHost *:'"$site_port"'>' >>$conf_dir/$site_name.conf;
171
-    echo -e 'ServerName '"$site_name"'' >>$conf_dir/$site_name.conf;
172
-    echo -e 'ServerAlias '"$site_name"'' >>$conf_dir/$site_name.conf;
173
-    echo -e 'DocumentRoot '"$web_dir"'' >>$conf_dir/$site_name.conf;
174
-    echo -e '\n' >>$conf_dir/$site_name.conf;
175
-    echo -e '<Directory'"$web_dir"' >' >>$conf_dir/$site_name.conf;
176
-    echo -e 'Options -Indexes +FollowSymLinks +MultiViews' >>$conf_dir/$site_name.conf;
177
-    echo -e 'AllowOverride All' >>$conf_dir/$site_name.conf;
178
-    echo -e 'Require all granted' >>$conf_dir/$site_name.conf;
179
-    echo -e '</Directory>' >>$conf_dir/$site_name.conf;
180
-    echo -e '\n' >>$conf_dir/$site_name.conf;
181
-    echo -e 'ErrorLog ${APACHE_LOG_DIR}/error.log' >>$conf_dir/$site_name.conf;
182
-    echo -e 'CustomLog ${APACHE_LOG_DIR}/access.log combined' >>$conf_dir/$site_name.conf;
234
+    echo -e '  ServerName '"$site_name"'' >>$conf_dir/$site_name.conf;
235
+    echo -e '  ServerAlias '"$site_name"'' >>$conf_dir/$site_name.conf;
236
+    echo -e '  DocumentRoot '"$web_dir"'' >>$conf_dir/$site_name.conf;
237
+    echo -e ''>>$conf_dir/$site_name.conf;
238
+    echo -e '  <Directory '"$web_dir"'>' >>$conf_dir/$site_name.conf;
239
+    echo -e '    RewriteEngine On'>>$conf_dir/$site_name.conf;
240
+    echo -e '    RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/'>>$conf_dir/$site_name.conf;
241
+    echo -e '    Options -Indexes +FollowSymLinks +MultiViews' >>$conf_dir/$site_name.conf;
242
+    echo -e '    AllowOverride All' >>$conf_dir/$site_name.conf;
243
+    echo -e '    Require all granted' >>$conf_dir/$site_name.conf;
244
+    echo -e '  </Directory>\n' >>$conf_dir/$site_name.conf;
245
+    echo -e '  ErrorLog ${APACHE_LOG_DIR}/error.log' >>$conf_dir/$site_name.conf;
246
+    echo -e '  CustomLog ${APACHE_LOG_DIR}/access.log combined' >>$conf_dir/$site_name.conf;
183
     echo -e '</VirtualHost>' >>$conf_dir/$site_name.conf;
247
     echo -e '</VirtualHost>' >>$conf_dir/$site_name.conf;
184
-    ln -s $conf_dir/$site_name.conf $sites_apache/$site_name.conf
185
-fi
248
+    if [ ! -f $sites_apache/$site_name.conf ]; then
249
+      ln -s $conf_dir/$site_name.conf $sites_apache/$site_name.conf
250
+    fi
251
+  fi
186
 
252
 
187
-## nginx config
188
-if [[ $opt != "apache" ]] || [[ "$opt" == "nginx" ]]; then
253
+  ## nginx config
254
+  if [[ $opt != "apache" ]] || [[ "$opt" == "nginx" ]]; then
189
     echo >$conf_dir/$site_name.conf;
255
     echo >$conf_dir/$site_name.conf;
190
-    echo -e 'server { listen      0.0.0.0:'"$site_port"';' >>$conf_dir/$site_name.conf;
191
-    echo -e 'server_name '"$site_name"';' >>$conf_dir/$site_name.conf;
192
-    echo -e '\n' >>$conf_dir/$site_name.conf;
193
-    echo -e 'location /.well-known/acme-challenge {' >>$conf_dir/$site_name.conf;
256
+    echo -e 'server { listen 0.0.0.0:'"$site_port"';' >>$conf_dir/$site_name.conf;
257
+    echo -e '  server_name '"$site_name"';' >>$conf_dir/$site_name.conf;
258
+    echo -e '  location /.well-known/acme-challenge {' >>$conf_dir/$site_name.conf;
194
     echo -e '    allow all;' >>$conf_dir/$site_name.conf;
259
     echo -e '    allow all;' >>$conf_dir/$site_name.conf;
195
     echo -e '    autoindex off;' >>$conf_dir/$site_name.conf;
260
     echo -e '    autoindex off;' >>$conf_dir/$site_name.conf;
196
     echo -e '    default_type "text/plain";' >>$conf_dir/$site_name.conf;
261
     echo -e '    default_type "text/plain";' >>$conf_dir/$site_name.conf;
197
     echo -e '    root '"$web_dir"';' >>$conf_dir/$site_name.conf;
262
     echo -e '    root '"$web_dir"';' >>$conf_dir/$site_name.conf;
198
-    echo -e '}' >>$conf_dir/$site_name.conf;
199
-    echo -e 'location = /.well-known {' >>$conf_dir/$site_name.conf;
263
+    echo -e '  }' >>$conf_dir/$site_name.conf;
264
+    echo -e '  location = /.well-known {' >>$conf_dir/$site_name.conf;
200
     echo -e '    return 404;' >>$conf_dir/$site_name.conf;
265
     echo -e '    return 404;' >>$conf_dir/$site_name.conf;
266
+    echo -e '  }' >>$conf_dir/$site_name.conf;
267
+    echo -e '  error_page 404 /404.html;' >>$conf_dir/$site_name.conf;
268
+    echo -e '  error_page 500 502 503 504 /50x.html;\n' >>$conf_dir/$site_name.conf;
269
+    echo -e '  error_log /var/log/nginx/err-certbot.log;' >>$conf_dir/$site_name.conf;
270
+    echo -e '  access_log /var/log/nginx/access-certbot.log;' >>$conf_dir/$site_name.conf;
201
     echo -e '}' >>$conf_dir/$site_name.conf;
271
     echo -e '}' >>$conf_dir/$site_name.conf;
202
-    echo -e 'error_page 404 /404.html;' >>$conf_dir/$site_name.conf;
203
-    echo -e 'error_page 500 502 503 504 /50x.html;' >>$conf_dir/$site_name.conf;
204
-    echo -e '\n' >>$conf_dir/$site_name.conf;
205
-    echo -e 'error_log /var/log/nginx/err-certbot.log;' >>$conf_dir/$site_name.conf;
206
-    echo -e 'access_log /var/log/nginx/access-certbot.log;' >>$conf_dir/$site_name.conf;
207
-    echo -e '}' >>$conf_dir/$site_name.conf;
208
-    ln -s $conf_dir/$site_name.conf $sites_nginx/$site_name.conf
209
-fi
272
+    if [ ! -f $sites_nginx/$site_name.conf ]; then
273
+      ln -s $conf_dir/$site_name.conf $sites_nginx/$site_name.conf
274
+    fi
275
+  fi
276
+done
210
 }
277
 }
211
 
278
 
212
 ##--@F create configs
279
 ##--@F create configs
@@ -223,12 +290,52 @@ echo "  or"
223
 echo "  avtocertbot.sh --update nginx"
290
 echo "  avtocertbot.sh --update nginx"
224
 }
291
 }
225
 
292
 
226
-if [ "$opt" != "" ]; then
227
-  getInfo;
228
-  checkDep;
229
-  execTask;
230
-else
231
-  pHelp;
232
-fi
293
+case "$cmd" in
294
+  ## create cert
295
+  "--create" | "--create" )
296
+    getInfo;
297
+    checkDep;
298
+    event_key="1";
299
+    systemctl stop $service;
300
+    swSites;
301
+    createConf;
302
+    systemctl start $service;
303
+    createCert;
304
+    scanSSL;
305
+    event_key="0";
306
+    systemctl stop $service;
307
+    swSites;
308
+    systemctl start $service;
309
+  ;;
310
+
311
+  ## create cert
312
+  "--update" | "--update" )
313
+   getInfo;
314
+   checkDep;
315
+   event_key="1";
316
+   systemctl stop $service;
317
+   swSites;
318
+   createConf;
319
+   systemctl start $service;
320
+   certbot -n renew;
321
+   scanSSL;
322
+   event_key="0";
323
+   systemctl stop $service;
324
+   swSites;
325
+   systemctl start $service;
326
+  ;;
327
+
328
+  ## create cert
329
+  "--flist" | "--flist" )
330
+    getInfo;
331
+    checkDep;
332
+    scanSSL;
333
+  ;;
334
+
335
+  ## start defaults
336
+  * )
337
+    pHelp;
338
+    ;;
339
+  esac
233
 
340
 
234
 exit
341
 exit