GithubFollow/One-KVM
1
0
Fork 0
mirror of https://github.com/mofeng-git/One-KVM.git synced 2025-12-12 01:00:29 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

improved kvmd-certbot

Browse Source
This commit is contained in:
Maxim Devaev 2022-06-24 21:32:06 +03:00
parent f634be16f0
commit 8727b0e8bd
1 changed files with 92 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
scripts/kvmd-certbot
View File

@ -46,6 +46,16 @@ function create_tmp() {
trap cleanup EXIT trap cleanup EXIT
} }
function ensure_runroot() {
if [ ! -d "$cur" ]; then
kvmd-pstrun -- bash -c "
set -ex
mkdir -p '$cur'
chown '$user:' '$cur'
"
fi
}
function restart_if_running() { function restart_if_running() {
if systemctl is-active --quiet "$2"; then if systemctl is-active --quiet "$2"; then
echo "=> systemctl $1 $2" echo "=> systemctl $1 $2"
@ -53,11 +63,46 @@ function restart_if_running() {
fi fi
} }
if [ "$1" == "renew" ]; then function restart_if_running_nginx() {
restart_if_running reload kvmd-nginx
}
function restart_if_running_vnc() {
restart_if_running restart kvmd-vnc
}
case "$1" in
-h|--help|help)
sudo -u "$user" certbot "$@" \
--config-dir="$cur/config" \
--work-dir="$cur/work" \
--logs-dir="$cur/logs"
;;
certonly)
create_tmp
ensure_runroot
sudo -u "$user" kvmd-pstrun -- certbot "$@" \
--config-dir="$cur/config" \
--work-dir="$cur/work" \
--logs-dir="$cur/logs" \
--webroot \
--webroot-path="$web" \
--deploy-hook="/usr/bin/bash -c '
set -ex
chmod 750 '$cur/config/'{archive,live}
cd \"\$RENEWED_LINEAGE\"
chmod 640 privkey.pem
ln -s fullchain.pem server.crt
ln -s privkey.pem server.key
'"
;;
renew)
shift
create_tmp create_tmp
cp -a "$cur"/{config,work,logs} "$tmp" cp -a "$cur"/{config,work,logs} "$tmp"
sed -s -i -e "s| = $cur/| = $tmp/|g" "$tmp/config/renewal/"* sed -s -i -e "s| = $cur/| = $tmp/|g" "$tmp/config/renewal/"*
shift
sudo -u "$user" certbot renew "$@" \ sudo -u "$user" certbot renew "$@" \
--config-dir="$tmp/config" \ --config-dir="$tmp/config" \
--work-dir="$tmp/work" \ --work-dir="$tmp/work" \
@ -76,39 +121,44 @@ if [ "$1" == "renew" ]; then
kvmd-helper-swapfiles '$new' '$cur' kvmd-helper-swapfiles '$new' '$cur'
rm -rf '$new' rm -rf '$new'
" "
restart_if_running reload kvmd-nginx restart_if_running_nginx
restart_if_running restart kvmd-vnc restart_if_running_vnc
fi fi
;;
else install)
create_tmp case "$2" in
if [ ! -d "$cur" ]; then nginx|vnc)
kvmd-pstrun -- bash -c " if [ -z "$2" ]; then
set -ex echo "Usage: kvmd-certbot install <nginx|vnc> <domain>"
mkdir -p '$cur' exit 1
chown '$user:' '$cur'
"
fi fi
if [ "$1" == "certonly-webroot" ]; then set -x
rm -f "/etc/kvmd/$2/ssl/server."{crt,key}
ln -s "$cur/config/live/$3/server."{crt,key} "/etc/kvmd/$2/ssl/"
"restart_if_running_$2"
;;
*)
echo "Usage: kvmd-certbot install <nginx|vnc> <domain>"
exit 1
;;
esac
;;
--)
shift shift
sudo -u "$user" kvmd-pstrun -- certbot certonly "$@" \ create_tmp
--config-dir="$cur/config" \ ensure_runroot
--work-dir="$cur/work" \
--logs-dir="$cur/logs" \
--webroot \
--webroot-path="$web" \
--deploy-hook="/usr/bin/bash -c '
set -ex
chmod 750 '$cur/config/'{archive,live}
cd \"\$RENEWED_LINEAGE\"
chmod 640 privkey.pem
ln -s fullchain.pem server.crt
ln -s privkey.pem server.key
'"
else
sudo -u "$user" kvmd-pstrun -- certbot "$@" \ sudo -u "$user" kvmd-pstrun -- certbot "$@" \
--config-dir="$cur/config" \ --config-dir="$cur/config" \
--work-dir="$cur/work" \ --work-dir="$cur/work" \
--logs-dir="$cur/logs" --logs-dir="$cur/logs"
fi ;;
fi
*)
echo "This command is not implemented by kvmd-certbot."
echo "To pass it into certbot under PST context use '--'."
echo "For example: kvmd-certbot -- $*"
exit 1
;;
esac