%PDF- %PDF-
Direktori : /opt/webdir/bin/menu/08_web/ |
Current File : //opt/webdir/bin/menu/08_web/04_manage_certificates.sh |
PROGNAME=$(basename $0) PROGPATH=$(dirname $0) [[ -z $DEBUG ]] && DEBUG=0 . $PROGPATH/functions.sh || exit 1 site_menu_dir=$BIN_DIR/menu/06_site site_menu_fnc=$site_menu_dir/functions.sh . $site_menu_fnc || exit 1 logo=$(get_logo) sites_related_by_cert(){ https_cert="${1}" [[ -z $https_cert ]] && return 255 # get related status SITES_LINKED_BY_CERT= sites_https_info=$($bx_sites_script -a list | \ grep ':https:' | grep -v ":$site_name:" | sed -e 's/^bxSite:https://' | \ grep ":$https_cert:") if [[ -n $sites_https_info ]]; then SITES_LINKED_BY_CERT=$(echo "$sites_https_info" | awk -F':' '{printf "%s,", $1}') fi # push-server if [[ -z $PUSH_SSL ]]; then cache_push_servers_status fi if [[ $PUSH_SSL == "$https_cert" ]]; then SITES_LINKED_BY_CERT=$SITES_LINKED_BY_CERT"push-server," fi if [[ $DEBUG -gt 0 ]]; then echo "Related sites: $SITES_LINKED_BY_CERT" fi } # return # 1 - LE # 2 - Own # 3 - Standart # 255 - Site doesn't exist # 0 - Not configured site_https_status() { site_name="${1:-default}" cache_pool_sites POOL_SITES_KERNEL_LIST=$(echo "$POOL_SITES_KERNEL_LIST" | grep -v ':ext_kernel:') POOL_SITES_KERNEL_COUNT=$(echo "$POOL_SITES_KERNEL_LIST" | grep -vc '^$') POOL_SITES_LIST="$POOL_SITES_KERNEL_LIST $POOL_SITES_LINK_LIST" if [[ $(echo "$POOL_SITES_LIST" | grep -c "^$site_name:") -eq 0 ]]; then return 255 fi # get site status site_root=$(echo "$POOL_SITES_LIST" | grep "^$site_name:" | awk -F':' '{print $6}') site_https_info=$($bx_sites_script -a status --site $site_name -r $site_root | \ grep ':https:' | sed -e 's/^bxSite:https://') https_cert=$(echo "$site_https_info" | awk -F':' '{print $4}' | \ sed -e "s:/etc/nginx/::") https_key=$(echo "$site_https_info" | awk -F':' '{print $5}' | \ sed -e "s:/etc/nginx/::") if [[ $DEBUG -gt 0 ]]; then echo "Site: $site_name" echo "Root: $site_root" echo "Cert: $https_cert" echo "Key: $https_key" fi if [[ ( $https_cert == "$https_key" ) && ( $https_cert == 'ssl/cert.pem' ) ]]; then return 3 fi if [[ $(echo "$https_cert" | grep -wc "dehydrated") -gt 0 ]]; then sites_related_by_cert "$https_cert" return 1 fi if [[ ( -n $https_cert ) && ( -n $https_key ) ]]; then return 2 fi return 0 } certs_status(){ cert_path="${1}" [[ -z $cert_path ]] && return 255 SITES_LIST= cert_info=$($bx_sites_script -a cert_status --certificate "$cert_path") site_certs_count=$(echo "$cert_info" | grep 'site_certs_count:' | awk -F':' '{print $2}') if [[ $site_certs_count -eq 0 ]]; then return 1 fi SITES_LIST=$(echo "$cert_info" | grep 'site_certs:' | \ awk -F':' '{print $3}') return 0 } sites_https_status() { site_list="${1:-default}" sites_https_status_rtn=0 sites_https_cnt=0 IFS_BAK=$IFS IFS=',' for sn in $site_list; do sn=$(echo "$sn" | sed -e "s/\s\+//g") if [[ $sn == "push-server" ]]; then continue fi site_https_status "$sn" site_https_status_rtn=$? [[ $site_https_status_rtn -gt $sites_https_status_rtn ]] && \ sites_https_status_rtn=$site_https_status_rtn sites_https_cnt=$(( $sites_https_cnt + 1 )) done IFS=$IFS_BAK IFS_BAK= return $sites_https_status_rtn } configure_le() { print_message "$WEB0037" \ "$WEB0038" \ '' SITE_NAME "default" print_message "$WEB0039" \ "$WEB0040" \ '' DNS_NAMES print_message "$WEB0041" \ '' '' EMAIL if [[ -z $DNS_NAMES ]]; then print_message "$WEB0200" \ $WEB0042 "" any_key return 1 fi if [[ -z $EMAIL ]]; then print_message "$WEB0200" \ "$WEB0043" "" any_key return 1 fi if [[ $DEBUG -gt 0 ]]; then echo "Site: $SITE_NAME" echo "DNS: $DNS_NAMES" echo "Email: $EMAIL" fi sites_https_status "$SITE_NAME" site_https_status_rtn=$? if [[ $DEBUG -gt 0 ]]; then echo "Check: $site_https_status_rtn" fi if [[ $site_https_status_rtn -eq 255 ]]; then print_message "$WEB0200" \ "$WEB0044 $SITE_NAME" \ "" any_key return 1 fi if [[ $(echo "$SITE_NAME" | grep -c "push-server" ) && $sites_https_cnt -eq 0 ]]; then print_message "$WEB0068" "$WEB0069" \ "" any_key return 1 fi if [[ ( $site_https_status_rtn -eq 1 ) || ( $site_https_status_rtn -eq 2 ) ]]; then print_message "$WEB0045" \ "Sites: $SITE_NAME" "" any_key "n" else print_message "$WEB0046" \ "Sites: $SITE_NAME" "" any_key "y" fi if [[ $(echo "$any_key" | grep -wci "y") -gt 0 ]]; then task_exec="$bx_sites_script -a configure_le --site \"$SITE_NAME\" -r $site_root" task_exec="$task_exec --email \"$EMAIL\" --dns \"$DNS_NAMES\"" [[ $DEBUG -gt 0 ]] && \ echo "task_exec=$task_exec" exec_pool_task "$task_exec" "$WEB0047" fi } configure_own_cert() { NGINX_CERT_DIR=/etc/nginx/certs print_message "$WEB0037" \ "$WEB0038" \ '' SITE_NAME "default" sites_https_status "$SITE_NAME" site_https_status_rtn=$? if [[ $DEBUG -gt 0 ]]; then echo "Check: $site_https_status_rtn" fi if [[ $site_https_status_rtn -eq 255 ]]; then print_message "$WEB0200" \ "$WEB0044 $SITE_NAME" \ "" any_key return 1 fi print_color_text "$(get_text "$WEB0048" "$NGINX_CERT_DIR")" print_message "$WEB0049" "" "" PrivateKey print_message "$WEB0050" "" "" Certificate print_message "$WEB0051" "" "" CertificateChain if [[ $DEBUG -gt 0 ]]; then echo "Site: $SITE_NAME" echo "Private Key: $PrivateKey" echo "Certificate: $Certificate" echo "Certificate Chain: $CertificateChain" fi # test options if [[ ( -z $PrivateKey ) || ( -z $Certificate ) ]]; then print_message "$WEB0200" \ "$WEB0052" \ "" any_key return 1 fi if [[ ! ( -f $PrivateKey ) && ! ( -f $NGINX_CERT_DIR/$PrivateKey ) ]]; then print_message "$WEB0200" \ "$WEB0053 $PrivateKey" \ "" any_key return 1 fi if [[ ! ( -f $Certificate ) && ! ( -f $NGINX_CERT_DIR/$Certificate ) ]]; then print_message "$WEB0200" \ "$WEB0054 $Certificate" \ "" any_key return 1 fi if [[ ( -n $CertificateChain ) && \ ( ! ( -f $CertificateChain ) && ! ( -f $NGINX_CERT_DIR/$CertificateChain ) ) ]]; then print_message "$WEB0200" \ "$WEB0055 $CertificateChain" \ "" any_key return 1 fi if [[ ( $site_https_status_rtn -eq 1 ) || ( $site_https_status_rtn -eq 2 ) ]]; then print_message "$WEB0045" \ "Sites: $SITE_NAME" "" any_key "n" else print_message "$WEB0046" \ "Sites: $SITE_NAME" "" any_key "y" fi if [[ $(echo "$any_key" | grep -wci "y") -gt 0 ]]; then task_exec="$bx_sites_script -a configure_cert --site \"$SITE_NAME\" -r $site_root" task_exec="$task_exec --private_key $PrivateKey" task_exec="$task_exec --certificate $Certificate" [[ -n $CertificateChain ]] && \ task_exec="$task_exec --certificate_chain $CertificateChain" [[ $DEBUG -gt 0 ]] && \ echo "task_exec=$task_exec" exec_pool_task "$task_exec" "$WEB0056" fi } reset_cert() { NGINX_CERT_DIR=/etc/nginx/certs print_message "$WEB0070" \ "" "" CERT_PATH certs_status "$CERT_PATH" if [[ $? -gt 0 ]]; then print_message "$WEB0200" \ "$(get_text "$WEB0072" "$CERT_PATH")" return 1 fi if [[ $CERT_PATH == "/etc/nginx/ssl/cert.pem" ]]; then print_message "$WEB0200" \ "$(get_text "$WEB0073" "$SITES_LIST")" return 1 fi SITE_NAME="$SITES_LIST" sites_https_status "$SITE_NAME" site_https_status_rtn=$? if [[ $DEBUG -gt 0 ]]; then echo "Check: $site_https_status_rtn" fi if [[ $site_https_status_rtn -eq 255 ]]; then print_message "$WEB0200" \ "$WEB0044 $SITE_NAME" \ "" any_key return 1 fi if [[ $(echo "$SITE_NAME" | grep -wc "push-server") -gt 0 && \ -n "$PUSH_TYPE" && $PUSH_TYPE == "Custom" ]]; then site_https_status_rtn=1 fi if [[ ( $site_https_status_rtn -eq 1 ) || \ ( $site_https_status_rtn -eq 2 ) ]]; then print_message "$WEB0057" \ "Sites: $SITE_NAME" "" any_key "n" else print_message "$WEB0200" \ "$WEB0058 Sites: $SITE_NAME" "" any_key return 1 fi if [[ $(echo "$any_key" | grep -wci "y") -gt 0 ]]; then task_exec="$bx_sites_script -a reset_cert --site \"$SITE_NAME\"" [[ $DEBUG -gt 0 ]] && \ echo "task_exec=$task_exec" exec_pool_task "$task_exec" "$WEB0157" fi } sub_menu(){ menu_00="$WEB0201" menu_01="$WEB0158" menu_02="$WEB0059" menu_03="$WEB0060" MENU_SELECT= until [[ -n "$MENU_SELECT" ]]; do menu_logo="$WEB0056" print_menu_header # print sites #set -x print_site_list_point_https # task info get_task_by_type '(mysql|site)' POOL_TASK_LOCK POOL_TASK_INFO print_task_by_type '(mysql|site)' "$POOL_TASK_LOCK" "$POOL_TASK_INFO" # background task or not found free servers in the pool if [[ ( $POOL_TASK_LOCK -eq 1 ) ]]; then menu_list="\n\t$menu_00" else menu_list="\n\t$menu_01\n\t$menu_02\n\t$menu_03\n\t$menu_00" fi print_menu if [[ $POOL_TASK_LOCK -gt 0 ]]; then print_message "$WEB0202" '' '' MENU_SELECT 0 else print_message "$WEB0205" '' '' MENU_SELECT fi case "$MENU_SELECT" in 0) exit ;; 1) configure_le ;; 2) configure_own_cert ;; 3) reset_cert ;; esac MENU_SELECT= done } sub_menu