227 lines
6.9 KiB
Bash
227 lines
6.9 KiB
Bash
#!/bin/bash
|
|
# My Cert Processes for LetsEncrypt
|
|
|
|
Color_Off='\033[0m'
|
|
Blue='\033[0;34m'
|
|
BBlue='\033[1;34m'
|
|
Green='\033[0;32m'
|
|
LGreen='\033[1;32m'
|
|
BOrange='\033[0;33m'
|
|
DGray='\033[1;30m'
|
|
Red='\033[10;31m'
|
|
LRed='\033[1;31m'
|
|
|
|
DAEMON='/usr/bin/certbot'
|
|
|
|
redirect_artica-ssl_files () {
|
|
MYDIR="/etc/nginx/certificates"
|
|
DIRS=`ls -l $MYDIR | egrep '^d' | awk '{print $9}'`
|
|
for DIR in $DIRS; do
|
|
if [ $DIR != 'new' ] && [ $DIR != 'default' ]
|
|
then
|
|
echo -e "${LGreen}Checking cetificate redirections for \"${LRed}${DIR}${Green}\"...${Color_Off}"
|
|
|
|
#rm -f /etc/nginx/certificates/${DIR}/CAkey.pem
|
|
#rm -f /etc/nginx/certificates/${DIR}/certificate.pem
|
|
#rm -f /etc/nginx/certificates/${DIR}/private_key.key
|
|
#mv /etc/nginx/certificates/${DIR}/CAkey.pem.bak /etc/nginx/certificates/${DIR}/CAkey.pem
|
|
#mv /etc/nginx/certificates/${DIR}/certificate.pem.bak /etc/nginx/certificates/${DIR}/certificate.pem
|
|
#mv /etc/nginx/certificates/${DIR}/private_key.key.bak /etc/nginx/certificates/${DIR}/private_key.key
|
|
|
|
if [ ! -f /etc/nginx/certificates/${DIR}/CAkey.pem.bak ]
|
|
then
|
|
certs_array=('certs1=(CAkey.pem private_key.key certificate.pem)' 'certs2=(chain.pem privkey.pem fullchain.pem)')
|
|
for elt in "${certs_array[@]}";do eval $elt;done
|
|
for ((i=0;i<=2;i++));
|
|
do
|
|
mv /etc/nginx/certificates/${DIR}/${certs1[${i}]} /etc/nginx/certificates/${DIR}/${certs1[${i}]}.bak
|
|
ln -s /etc/letsencrypt/live/${DIR}/${certs2[${i}]} /etc/nginx/certificates/${DIR}/${certs1[${i}]}
|
|
echo -e "${Green}Certificate redirected for \"${DGray}.../${DIR}/${BOrange}${certs1[${i}]}${Green}\"${Color_Off}"
|
|
done
|
|
else
|
|
echo -e "${Green}No changes needed to be made at this time.${Color_Off}"
|
|
fi
|
|
echo
|
|
fi
|
|
done
|
|
}
|
|
|
|
case "$1" in
|
|
|
|
start)
|
|
sleep 15
|
|
echo -e "${BBlue}HAProxy Starting...${Color_Off}"
|
|
service haproxy start
|
|
ssh root@10.5.10.52 service haproxy start
|
|
ssh root@10.5.10.53 service haproxy start
|
|
echo -e "${BBlue}NGINX Reload...${Color_Off}"
|
|
service nginx reload
|
|
ssh root@10.5.10.52 service nginx reload
|
|
ssh root@10.5.10.53 service nginx reload
|
|
|
|
exit 0
|
|
;;
|
|
|
|
stop)
|
|
echo -e "${BBlue}HAProxy Stopping...${Color_Off}"
|
|
service haproxy stop
|
|
ssh root@10.5.10.52 service haproxy stop
|
|
ssh root@10.5.10.53 service haproxy stop
|
|
exit 0;;
|
|
|
|
gogs-start)
|
|
echo -e "${BBlue}Gogs Starting...${Color_Off}"
|
|
service gogs start
|
|
ssh root@10.5.10.52 service gogs start
|
|
ssh root@10.5.10.53 service gogs start
|
|
exit 0;;
|
|
|
|
gogs-stop)
|
|
echo -e "${BBlue}Gogs Stopping...${Color_Off}"
|
|
service gogs stop
|
|
ssh root@10.5.10.52 service gogs stop
|
|
ssh root@10.5.10.53 service gogs stop
|
|
exit 0;;
|
|
|
|
gogs-restart)
|
|
echo -e "${BBlue}Gogs Restarting...${Color_Off}"
|
|
service gogs restart
|
|
ssh root@10.5.10.52 service gogs restart
|
|
ssh root@10.5.10.53 service gogs restart
|
|
exit 0;;
|
|
|
|
nginx-start)
|
|
echo -e "${BBlue}NGINX Starting...${Color_Off}"
|
|
service nginx start
|
|
ssh root@10.5.10.52 service nginx start
|
|
ssh root@10.5.10.53 service nginx start
|
|
exit 0;;
|
|
|
|
nginx-stop)
|
|
echo -e "${BBlue}NGINX Stopping...${Color_Off}"
|
|
service nginx stop
|
|
ssh root@10.5.10.52 service nginx stop
|
|
ssh root@10.5.10.53 service nginx stop
|
|
exit 0;;
|
|
|
|
nginx-restart)
|
|
echo -e "${BBlue}NGINX Restarting...${Color_Off}"
|
|
service nginx restart
|
|
ssh root@10.5.10.52 service nginx restart
|
|
ssh root@10.5.10.53 service nginx restart
|
|
exit 0;;
|
|
|
|
reload)
|
|
service nginx reload
|
|
ssh root@10.5.10.52 service nginx reload
|
|
ssh root@10.5.10.53 service nginx reload
|
|
exit 0
|
|
;;
|
|
|
|
new)
|
|
# "$0" stop
|
|
echo -e "${Green}Requesting Certificate for '${BBlue}$2${Green}'...${Color_Off}"
|
|
# $DAEMON certonly --standalone -d $2
|
|
$DAEMON certonly --webroot -w /var/www/html -d $2
|
|
# chown -R root:letsencrypt /etc/letsencrypt
|
|
# chmod -R 6775 /etc/letsencrypt
|
|
# "$0" start
|
|
# redirect_artica-ssl_files
|
|
exit 0
|
|
;;
|
|
|
|
new-mass)
|
|
echo -e "${Green}Requesting Certificate for '${BBlue}$2${Green}'...${Color_Off}"
|
|
# $DAEMON certonly --standalone -d $2
|
|
$DAEMON certonly --webroot -w /var/www/html -d $2
|
|
# chown -R root:letsencrypt /etc/letsencrypt
|
|
# chmod -R 6775 /etc/letsencrypt
|
|
# redirect_artica-ssl_files
|
|
exit 0
|
|
;;
|
|
|
|
renew)
|
|
"$0" stop
|
|
echo -e "${Green}Renewing Certificates...${Color_Off}"
|
|
# $DAEMON renew
|
|
$DAEMON renew certonly --webroot -w /var/www/html -d $2
|
|
chown -R root:letsencrypt /etc/letsencrypt
|
|
chmod -R 6775 /etc/letsencrypt
|
|
"$0" start
|
|
# redirect_artica-ssl_files
|
|
exit 0
|
|
;;
|
|
|
|
nightlyrenew)
|
|
rm -f /opt/runcerts/cert-renewal-run-$(hostname)
|
|
"$0" stop >> /opt/runcerts/cert-renewal-run-$(hostname)
|
|
# $DAEMON renew >> /opt/runcerts/cert-renewal-run-$(hostname)
|
|
$DAEMON renew certonly --webroot -w /var/www/html -d $2 >> /opt/runcerts/cert-renewal-run-$(hostname)
|
|
chown -R root:letsencrypt /etc/letsencrypt
|
|
chmod -R 6775 /etc/letsencrypt
|
|
"$0" start >> /opt/runcerts/cert-renewal-run-$(hostname)
|
|
exit 0
|
|
;;
|
|
|
|
|
|
redirect-ssl)
|
|
redirect_artica-ssl_files
|
|
service nginx restart
|
|
|
|
read -n 1 -t 10 -p "Are you sure you wish to reboot (y/N)?" redirect_choice
|
|
case "$redirect_choice" in
|
|
[Yy]) if [ "$EUID" -ne 0 ]
|
|
then
|
|
service artica-webservices restart
|
|
fi
|
|
exit 0;;
|
|
esac
|
|
exit 0
|
|
;;
|
|
|
|
*)
|
|
echo
|
|
echo
|
|
echo "Usage: $0 {new|new-mass|renew|redirect-ssl|stop|start}"
|
|
echo
|
|
echo "'new' - Creates a new certificate."
|
|
echo "---------------------------------------------------------------------------------------"
|
|
echo "examples:"
|
|
echo " single-domain = 'runcerts new www.example.com'"
|
|
echo " multiple-domains = 'runcerts new www.example.com,dev.example.com,...'"
|
|
echo
|
|
echo "'new-mass' - Creates a new certificate, but doesnt go through the"
|
|
echo " process of stopping and restarting nginx each time"
|
|
echo "---------------------------------------------------------------------------------------"
|
|
echo "examples (same as 'new'):"
|
|
echo " single-domain = 'runcerts new-mass www.example.com'"
|
|
echo " multiple-domains = 'runcerts new-mass www.example.com,dev.example.com,...'"
|
|
echo
|
|
echo "'renew' - Renews all certificates. This command could be run routinly by adding this"
|
|
echo " line into crontab: \"0 4 * * 0 /usr/local/bin/runcerts renew\""
|
|
echo "---------------------------------------------------------------------------------------"
|
|
echo "examples:"
|
|
echo " 'runcerts renew'"
|
|
echo
|
|
echo "'redirect-ssl' - Redirects the configured Artica certificates to use the LetsEncrypt certificates"
|
|
echo "---------------------------------------------------------------------------------------"
|
|
echo "examples:"
|
|
echo " 'runcerts redirect-ssl'"
|
|
echo
|
|
echo "'stop' - Stops any process that interfere with creating a standalone server"
|
|
echo "---------------------------------------------------------------------------------------"
|
|
echo "examples:"
|
|
echo " 'runcerts stop'"
|
|
echo
|
|
echo "'start' - Starts any process that had interfered with creating a standalone server"
|
|
echo "---------------------------------------------------------------------------------------"
|
|
echo "examples:"
|
|
echo " 'runcerts start'"
|
|
echo
|
|
|
|
exit 1
|
|
;;
|
|
|
|
esac
|
|
exit 0
|