certificates/dehydrated-cron
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Add suport for Nginx managed by GitLapb (GilLab CE Omnibux Packacke)

Browse Source 
- Some changes on script output - make it more clearer
This commit is contained in:
ckubu@oopen.de 2017-01-26 01:50:53 +01:00
parent 47ca1ef6c1
commit 07e85a90cf
1 changed files with 217 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

311
install_dehydrated.sh
View File

@ -5,6 +5,8 @@ _DH_CONF_DIR=/etc/dehydrated
_DH_BASE_DIR=/var/lib/dehydrated
_DH_WELL_KNOWN_DIR=/var/www/dehydrated
STR_SUCCESS="Certificate has been produced"
# -------------
# --- Some functions
# -------------
@ -188,7 +190,8 @@ echo ""
echo "[1] Apache2 from Debian Package System"
echo "[2] Apache2 installed from Sources"
echo "[3] nginx from Debian Package System"
echo "[4] Other Webserver Installation"
echo "[4] GitLab integrated Webserver (GiLab CE Omnibus Package)"
echo "[5] Other Webserver Installation"
echo ""
echononl "Eingabe: "
@ -196,6 +199,7 @@ echononl "Eingabe: "
while [ "$WEBSERVER_INSTALLATION" != "Apache2_Debian" \
-a "$WEBSERVER_INSTALLATION" != "Apache2_Source" \
-a "$WEBSERVER_INSTALLATION" != "Nginx_Debian" \
-a "$WEBSERVER_INSTALLATION" != "GitLab" \
-a "$WEBSERVER_INSTALLATION" != "Other_Webserver_Installation" ];do
read OPTION
case $OPTION in
@ -205,10 +209,12 @@ while [ "$WEBSERVER_INSTALLATION" != "Apache2_Debian" \
;;
3) WEBSERVER_INSTALLATION="Nginx_Debian"
;;
4) WEBSERVER_INSTALLATION="Other_Webserver_Installation"
4) WEBSERVER_INSTALLATION="GitLab"
;;
5) WEBSERVER_INSTALLATION="Other_Webserver_Installation"
;;
*) echo ""
echo -e "\tFalsche Eingabe ! [ 1 = Apache2 Debian ; 2 = Apache2 Sources ; 3 = Nginx Debian ; 4 = Other ]"
echo -e "\tFalsche Eingabe ! [ 1 = Apache2 Debian ; 2 = Apache2 Sources ; 3 = Nginx Debian ; 4 = Other ; 5 = GitLab]"
echo ""
echononl "Eingabe:"
;;
@ -218,8 +224,11 @@ done
_set_apache_conf_symlink=false
apache_installed=false
nginx_installed=false
gitlab_installed=false
gitlab_reconfigure=false
nginx_init_script=/etc/init.d/nginx
apache_control_script=/etc/init.d/apache2
gitlab_ctl_script=/usr/bin/gitlab-ctl
if [[ "$WEBSERVER_INSTALLATION" = "Apache2_Debian" ]] ;then
APACHE_VHOST_DIR=/etc/apache2/sites-enabled
@ -273,6 +282,10 @@ elif [[ "$WEBSERVER_INSTALLATION" = "Nginx_Debian" ]] ;then
NGINX_VHOST_DIR=${NGINX_BASE_DIR}/sites-enabled
NGINX_SNIPPET_DIR=${NGINX_BASE_DIR}/snippets
nginx_installed=true
elif [[ "$WEBSERVER_INSTALLATION" = "GitLab" ]] ;then
GITLAB_CONF_FILE=/etc/gitlab/gitlab.rb
gitlab_ctl_script=/usr/bin/gitlab-ctl
gitlab_installed=true
else
APACHE_VHOST_DIR=
APACHE_CONF_DIR=
@ -381,7 +394,7 @@ if [[ -n "$NGINX_BASE_DIR" ]]; then
echononl " Configure Nginx Webserver: Create alias for WLLKNOWN Directory.."
if ! grep grep -E "location\s+/.well-known/acme-challenge/" ${NGINX_SNIPPET_DIR}/letsencrypt-acme-challenge.conf > /dev/null 2>&1 ; then
if ! grep -E "location\s+/.well-known/acme-challenge/" ${NGINX_SNIPPET_DIR}/letsencrypt-acme-challenge.conf > /dev/null 2>&1 ; then
cat <<EOF > ${NGINX_SNIPPET_DIR}/letsencrypt-acme-challenge.conf
location /.well-known/acme-challenge/ {
@ -403,6 +416,42 @@ EOF
fi
fi
if [[ -n "$GITLAB_CONF_FILE" ]]; then
echononl " Adjust GitLab Configuration (${GITLAB_CONF_FILE})"
if ! grep -E "^\s*nginx\['custom_gitlab_server_config'\]" $GITLAB_CONF_FILE 2> /dev/null | grep -q ".well-known/acme-challenge" 2> /dev/null ; then
if ! grep -q -E "^\s*#\s*nginx\['custom_gitlab_server_config'\]" $GITLAB_CONF_FILE 2> /dev/null ; then
cat <<EOF >> ${GITLAB_CONF_FILE}
################################################################################
## Added by dehydrated install script $(basename $0)
################################################################################
nginx['custom_gitlab_server_config'] = "location ^~ /.well-known/acme-challenge { alias /var/www/dehydrated; }"
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
gitlab_reconfigure=true
else
echo_failed
fi
else
perl -i -n -p -e "s#^(\s*\#\s*(nginx\['custom_gitlab_server_config'\]).*)#\1\n\2 = \"location ^~ /.well-known/acme-challenge { alias \/var\/www\/dehydrated; }\"#" $GITLAB_CONF_FILE
if [[ $? -eq 0 ]] ; then
echo_ok
gitlab_reconfigure=true
else
echo_failed
fi
fi
else
echo_skipped
fi
fi
if [[ -d "$DH_WELL_KNOWN_DIR" ]]; then
echononl " Backup \"$DH_WELL_KNOWN_DIR\" directory.."
mv $DH_WELL_KNOWN_DIR $DH_WELL_KNOWN_DIR.$_date
@ -515,8 +564,6 @@ if $apache_installed ; then
echo_skipped
warn "Apache Control Script (apachectl) not found."
fi
else
apache_installed=/etc/init.d/apache2
fi
if $nginx_installed ; then
@ -530,6 +577,30 @@ if $nginx_installed ; then
echo_failed
warn "Restart of nginx webserver failed.."
fi
else
echo_skipped
warn "Nginx Control Script (nginx_init_script) not found."
fi
fi
if $gitlab_installed ; then
echononl " Reconfiguring (and restarting) Gitlab Services.."
if $gitlab_reconfigure ; then
if [[ -x "$gitlab_ctl_script" ]]; then
$gitlab_ctl_script reconfigure > /dev/null 2>&1
if [[ $? -eq 0 ]] ; then
echo_ok
else
echo_failed
warn "Restart of Gitlab Services failed.."
fi
else
echo_skipped
warn "Gitlab Control Script (gitlab-ctl) not found."
fi
else
echo_skipped
fi
fi
@ -729,7 +800,7 @@ while read -r line || [[ -n "$line" ]]; do
echo " rm \"\${BASEDIR}/certs/\${DOMAIN}/privkey_cert_chain.pem"\" >> $HOOK_OUT_FILE
echo " fi" >> $HOOK_OUT_FILE
echo " ln -s \"privkey_cert_chain-\${TIMESTAMP}.pem\" \"\${BASEDIR}/certs/\${DOMAIN}/privkey_cert_chain.pem\"" >>$HOOK_OUT_FILE
echo " echo \" + Hook: \$DOMAIN - Certificate has been produced\"" >> $HOOK_OUT_FILE
echo " echo \" + Hook: \$DOMAIN - $STR_SUCCESS\"" >> $HOOK_OUT_FILE
echo "" >> $HOOK_OUT_FILE
found=false
fi
@ -822,6 +893,11 @@ dovecot_installed=false
pureftpd_installed=false
apache_installed=$apache_installed
nginx_installed=$nginx_installed
# - gitlab_installed
# -
# - Set to "true" if webserver nginx is controlled by GitLab (Omnibus Package).
# - Note: in that case, "nginx_installed" must be set to "false"
gitlab_installed=$gitlab_installed
# ---
@ -889,7 +965,7 @@ ttl_211=3600
# - Logging in that file and evaluatiog the results will happen in any case,
# - even if variable LOGGING is set to true
# -
_logfile="/tmp/dehydrated-`date +%Y-%m-%d-%H%M`.log"
_logfile="/tmp/dehydrated-\$(date +%Y-%m-%d-%H%M).log"
EOF
if [[ $? -eq 0 ]] ; then
echo_ok
@ -1337,15 +1413,6 @@ else
exit 10
fi
if grep -i "error:" \$_logfile > /dev/null 2>&1 ; then
if \$verbose ; then
warn "Maybe not all certificates are generated. See Output below."
else
echo -e "\\n [ Warn ]: Mayby not all certificates are generated! See Output below."
fi
fi
# ---
# --- Postgeneration Tasks
@ -1357,15 +1424,16 @@ restart_dovecot=false
restart_pureftpd=false
restart_apache=false
restart_nginx=false
restart_gitlab=false
declare -a zone_to_reload_arr
declare -a _tmp_arr
certs_updated=false
_processed_hosts="\$(cat \$_logfile | grep "Certificate has been produced" 2> /dev/null | awk '{print\$3}')"
_processed_hosts="\$(cat \$_logfile | grep "$STR_SUCCESS" 2> /dev/null | awk '{print\$3}')"
# - Evaluate dehydrated's output - see if certificates where created
# -
if grep -i "Hook:" \$_logfile > /dev/null 2>&1 ; then
if [[ -n "\$_processed_hosts" ]] ; then
certs_updated=true
@ -1385,6 +1453,8 @@ if grep -i "Hook:" \$_logfile > /dev/null 2>&1 ; then
restart_apache=true
elif \$nginx_installed ; then
restart_nginx=true
elif \$gitlab_installed ; then
restart_gitlab=true
fi
# ---
@ -1666,13 +1736,10 @@ fi
# - Nothing to do if al is up tp date
# -
if ! \$certs_updated ; then
if ! \$certs_updated && ! grep -q -i "error:" \$_logfile 2> /dev/null ; then
if \$verbose ; then
info "All Certificates are up to date."
fi
if \$verbose || grep -i "error:" \$_logfile > /dev/null 2>&1 ; then
echo ""
echo ""
echo "Output message from dehydrated script:"
@ -1680,11 +1747,11 @@ if ! \$certs_updated ; then
echo ""
cat \$_logfile
echo ""
echo ""
fi
rm -f \$_logfile
\$verbose && echo ""
exit 0
fi
@ -1787,98 +1854,154 @@ fi
# --- Restart Services
# ---
if \$restart_apache ; then
if [[ -x "$apache_control_script" ]]; then
$apache_control_script graceful > /dev/null 2>&1
if \$certs_updated ; then
if \$restart_apache ; then
if [[ -x "$apache_control_script" ]]; then
$apache_control_script graceful > /dev/null 2>&1
if [[ \$? -gt 0 ]]; then
if \$verbose ; then
error "Restarting Apache Webserver failed!"
else
echo -e "\\n [ Error ]: Restarting Apache Webserver failed! \\n"
fi
else
if \$verbose ; then
info "Apache Webserver restarted."
else
echo -e "\\n [ Info ]: Apache Webserver restarted.\\n"
fi
fi
else
if \$verbose ; then
warn "Apache Control Script (apachectl) not found. Take care to restart webservice manually"
else
echo -e "\\n [ Warn ]: Apache Control Script (apachectl) not found. Take care to restart webservice manually"
fi
fi
fi
if \$restart_gitlab ; then
if [[ -x "$gitlab_ctl_script" ]]; then
$gitlab_ctl_script hup > /dev/null 2>&1
if [[ \$? -gt 0 ]]; then
if \$verbose ; then
error "Graceful restart of GitLab Services (sending HUP signal) failed!"
else
echo -e "\\n [ Error ]: Graceful restart of GitLab Services (sending HUP signal) failed! \\n"
fi
else
if \$verbose ; then
info "GitLab Services reloaded."
else
echo -e "\\n [ Info ]: GitLab Services reloaded.\\n"
fi
fi
else
if \$verbose ; then
warn "GitLab Control Script (gitlab-ctl) not found. Take care to restart service manually"
else
echo -e "\\n [ Warn ]: GitLab Control Script (gitlab-ctl) not found. Take care to restart service manually"
fi
fi
fi
if \$restart_postfix ; then
/etc/init.d/postfix reload > /dev/null 2>&1
if [[ \$? -gt 0 ]]; then
if \$verbose ; then
error "Restarting Apache Webserver failed!"
error "Restarting Postfix failed!"
else
echo -e "\\n [ Error ]: Restarting Apache Webserver failed! \\n"
echo -e "\\n [ Error ]: Restarting Postfix failed! \\n"
fi
else
if \$verbose ; then
info "Apache Webserver restarted."
info "Postfix service restarted."
else
echo -e "\\n [ Info ]: Apache Webserver restarted.\\n"
echo -e "\\n [ Info ]: Postfix service restarted.\\n"
fi
fi
else
if \$verbose ; then
warn "Apache Control Script (apachectl) not found. Take care to restart webservice manually"
fi
if \$restart_dovecot ; then
/etc/init.d/dovecot restart > /dev/null 2>&1
if [[ \$? -gt 0 ]]; then
if \$verbose ; then
error "Restarting Dovecot Service failed!"
else
echo -e "\\n [ Error ]: Restarting Dovecot Service failed! \\n"
fi
else
echo -e "\\n [ Warn ]: Apache Control Script (apachectl) not found. Take care to restart webservice manually"
if \$verbose ; then
info "Dovecot service restarted."
else
echo -e "\\n [ Info ]: Dovecot service restarted.\\n"
fi
fi
fi
fi
if \$restart_postfix ; then
/etc/init.d/postfix reload > /dev/null 2>&1
if [[ \$? -gt 0 ]]; then
if \$verbose ; then
error "Restarting Postfix failed!"
if \$restart_pureftpd ; then
/etc/init.d/pure-ftpd restart > /dev/null 2>&1
if [[ \$? -gt 0 ]]; then
if \$verbose ; then
error "Restarting PureFTP Server failed!"
else
echo -e "\\n [ Error ]: Restarting PureFTP Server failed! \\n"
fi
else
echo -e "\\n [ Error ]: Restarting Postfix failed! \\n"
fi
else
if \$verbose ; then
info "Postfix service restarted."
else
echo -e "\\n [ Info ]: Postfix service restarted.\\n"
if \$verbose ; then
info "PureFTP Server restarted."
else
echo -e "\\n [ Info ]: PureFTP Server restarted.\\n"
fi
fi
fi
fi
if \$restart_dovecot ; then
/etc/init.d/dovecot restart > /dev/null 2>&1
if [[ \$? -gt 0 ]]; then
if \$verbose ; then
error "Restarting Dovecot Service failed!"
if \$restart_nginx ; then
/etc/init.d/nginx restart > /dev/null 2>&1
if [[ \$? -gt 0 ]]; then
if \$verbose ; then
error "Restarting Nginx Webserver failed!"
else
echo -e "\\n [ Error ]: Restarting Nginx Webserver failed! \\n"
fi
else
echo -e "\\n [ Error ]: Restarting Dovecot Service failed! \\n"
fi
else
if \$verbose ; then
info "Dovecot service restarted."
else
echo -e "\\n [ Info ]: Dovecot service restarted.\\n"
fi
fi
fi
if \$restart_pureftpd ; then
/etc/init.d/pure-ftpd restart > /dev/null 2>&1
if [[ \$? -gt 0 ]]; then
if \$verbose ; then
error "Restarting PureFTP Server failed!"
else
echo -e "\\n [ Error ]: Restarting PureFTP Server failed! \\n"
fi
else
if \$verbose ; then
info "PureFTP Server restarted."
else
echo -e "\\n [ Info ]: PureFTP Server restarted.\\n"
fi
fi
fi
if \$restart_nginx ; then
/etc/init.d/nginx restart > /dev/null 2>&1
if [[ \$? -gt 0 ]]; then
if \$verbose ; then
error "Restarting Nginx Webserver failed!"
else
echo -e "\\n [ Error ]: Restarting Nginx Webserver failed! \\n"
fi
else
if \$verbose ; then
info "Nginx Webserver restarted."
else
echo -e "\\n [ Info ]: Nginx Webserver restarted.\\n"
if \$verbose ; then
info "Nginx Webserver restarted."
else
echo -e "\\n [ Info ]: Nginx Webserver restarted.\\n"
fi
fi
fi
fi
if [[ -n "\$_processed_hosts" ]] ; then
if \$verbose || grep -i "error:" \$_logfile > /dev/null 2>&1 || grep -i "done\!" \$_logfile > /dev/null 2>&1; then
echo ""
echo ""
echo "Certificates successfully created:"
echo "=================================="
echo ""
for _hostname in \$_processed_hosts ; do
echo " \$_hostname"
done
echo ""
fi
if grep -i "error:" \$_logfile > /dev/null 2>&1 > /dev/null 2>&1; then
cp -a \$_logfile /var/log/ > /dev/null 2>&1
if \$verbose ; then
error "Creating (some) Certificates failed!\\n\\t See also /var/log/\$(basename \$_logfile)"
else
echo -e "\\n[ Error ]: Creating (some) Certificates failed!"
echo -e " See also /var/log/\$(basename \$_logfile) \\n"
fi
echo ""
echo "Output message from dehydrated script:"
echo "======================================"
echo ""
cat \$_logfile
echo ""
elif \$verbose ; then
echo ""
echo ""
echo "Output message from dehydrated script:"