GithubFollow/One-KVM
1
0
Fork 0
mirror of https://github.com/mofeng-git/One-KVM.git synced 2025-12-12 01:00:29 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

improved kvmd-certbot

Browse Source
This commit is contained in:
Maxim Devaev 2022-06-24 21:32:06 +03:00
parent f634be16f0
commit 8727b0e8bd
1 changed files with 92 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

134
scripts/kvmd-certbot
View File

@ -46,42 +46,7 @@ function create_tmp() {
trap cleanup EXIT trap cleanup EXIT
} }
function restart_if_running() { function ensure_runroot() {
if systemctl is-active --quiet "$2"; then
echo "=> systemctl $1 $2"
systemctl "$1" "$2" || true
fi
}
if [ "$1" == "renew" ]; then
create_tmp
cp -a "$cur"/{config,work,logs} "$tmp"
sed -s -i -e "s| = $cur/| = $tmp/|g" "$tmp/config/renewal/"*
shift
sudo -u "$user" certbot renew "$@" \
--config-dir="$tmp/config" \
--work-dir="$tmp/work" \
--logs-dir="$tmp/logs" \
--deploy-hook="/usr/bin/touch '$tmp/updated'"
if [ -f "$tmp/updated" ]; then
sudo -u "$user" kvmd-pstrun -- bash -c "
set -ex
rm -rf '$new'
cp -a '$tmp' '$new'
rm '$new/updated'
chmod 755 '$new/config/'{archive,live}
chmod 640 '$new'/config/archive/*/privkey*.pem
sed -s -i -e 's| = $tmp/| = $cur/|g' '$new/config/renewal/'*
sync
kvmd-helper-swapfiles '$new' '$cur'
rm -rf '$new'
"
restart_if_running reload kvmd-nginx
restart_if_running restart kvmd-vnc
fi
else
create_tmp
if [ ! -d "$cur" ]; then if [ ! -d "$cur" ]; then
kvmd-pstrun -- bash -c " kvmd-pstrun -- bash -c "
set -ex set -ex
@ -89,9 +54,35 @@ else
chown '$user:' '$cur' chown '$user:' '$cur'
" "
fi fi
if [ "$1" == "certonly-webroot" ]; then }
shift
sudo -u "$user" kvmd-pstrun -- certbot certonly "$@" \ function restart_if_running() {
if systemctl is-active --quiet "$2"; then
echo "=> systemctl $1 $2"
systemctl "$1" "$2" || true
fi
}
function restart_if_running_nginx() {
restart_if_running reload kvmd-nginx
}
function restart_if_running_vnc() {
restart_if_running restart kvmd-vnc
}
case "$1" in
-h|--help|help)
sudo -u "$user" certbot "$@" \
--config-dir="$cur/config" \
--work-dir="$cur/work" \
--logs-dir="$cur/logs"
;;
certonly)
create_tmp
ensure_runroot
sudo -u "$user" kvmd-pstrun -- certbot "$@" \
--config-dir="$cur/config" \ --config-dir="$cur/config" \
--work-dir="$cur/work" \ --work-dir="$cur/work" \
--logs-dir="$cur/logs" \ --logs-dir="$cur/logs" \
@ -105,10 +96,69 @@ else
ln -s fullchain.pem server.crt ln -s fullchain.pem server.crt
ln -s privkey.pem server.key ln -s privkey.pem server.key
'" '"
else ;;
renew)
shift
create_tmp
cp -a "$cur"/{config,work,logs} "$tmp"
sed -s -i -e "s| = $cur/| = $tmp/|g" "$tmp/config/renewal/"*
sudo -u "$user" certbot renew "$@" \
--config-dir="$tmp/config" \
--work-dir="$tmp/work" \
--logs-dir="$tmp/logs" \
--deploy-hook="/usr/bin/touch '$tmp/updated'"
if [ -f "$tmp/updated" ]; then
sudo -u "$user" kvmd-pstrun -- bash -c "
set -ex
rm -rf '$new'
cp -a '$tmp' '$new'
rm '$new/updated'
chmod 755 '$new/config/'{archive,live}
chmod 640 '$new'/config/archive/*/privkey*.pem
sed -s -i -e 's| = $tmp/| = $cur/|g' '$new/config/renewal/'*
sync
kvmd-helper-swapfiles '$new' '$cur'
rm -rf '$new'
"
restart_if_running_nginx
restart_if_running_vnc
fi
;;
install)
case "$2" in
nginx|vnc)
if [ -z "$2" ]; then
echo "Usage: kvmd-certbot install <nginx|vnc> <domain>"
exit 1
fi
set -x
rm -f "/etc/kvmd/$2/ssl/server."{crt,key}
ln -s "$cur/config/live/$3/server."{crt,key} "/etc/kvmd/$2/ssl/"
"restart_if_running_$2"
;;
*)
echo "Usage: kvmd-certbot install <nginx|vnc> <domain>"
exit 1
;;
esac
;;
--)
shift
create_tmp
ensure_runroot
sudo -u "$user" kvmd-pstrun -- certbot "$@" \ sudo -u "$user" kvmd-pstrun -- certbot "$@" \
--config-dir="$cur/config" \ --config-dir="$cur/config" \
--work-dir="$cur/work" \ --work-dir="$cur/work" \
--logs-dir="$cur/logs" --logs-dir="$cur/logs"
fi ;;
fi
*)
echo "This command is not implemented by kvmd-certbot."
echo "To pass it into certbot under PST context use '--'."
echo "For example: kvmd-certbot -- $*"
exit 1
;;
esac