diff --git a/install_dehydrated.sh b/install_dehydrated.sh index 32ef47e..6694251 100755 --- a/install_dehydrated.sh +++ b/install_dehydrated.sh @@ -131,6 +131,8 @@ while [[ "X$DH_BASE_DIR" = "X" ]]; do done HOOK_OUT_FILE="${DH_BASE_DIR}/hook.sh" DH_CRON_SCRIPT="${DH_BASE_DIR}/cron/dehydrated_cron.sh" +DH_CHANGE_SSL_DIRECTIVES_SCRIPT="${DH_BASE_DIR}/tools/change_ssl_directives.sh" +DH_UPDATE_SSL_DIRECTIVES_SCRIPT="${DH_BASE_DIR}/tools/update_ssl_directives.sh" echo "" @@ -2751,7 +2753,10 @@ fi if [[ "$DH_CRON_TYPE" = "user" ]]; then - echononl " Activate dehydrated cronjob for root user .." + + # Cronjob for dehydrated main script (ordering certificates) + # + echononl " Activate dehydrated cronjob for $(basename "$DH_CRON_SCRIPT") for root user .." _success=true _cur_cron=`mktemp` [[ $? -ne 0 ]] && _success=false @@ -2762,7 +2767,7 @@ if [[ "$DH_CRON_TYPE" = "user" ]]; then else if grep `basename $DH_CRON_SCRIPT` $_cur_cron > /dev/null 2>&1 ; then echo_skipped - info "Cronjob already activated." + info "Cronjob for $(basename "$DH_CRON_SCRIPT") already activated." else _success=true cat <> $_cur_cron @@ -2798,10 +2803,86 @@ EOF else echo_failed fi + fi # if grep `basename $DH_CRON_SCRIPT` /etc/cron.d/* - fi # if grep `basename $DH_CRON_SCRIPT` /etc/cron.d/* + + # Cronjob for dehydrated update vhosts script (change ssl directives) + # + echononl " Activate dehydrated cronjob for $(basename "$DH_UPDATE_SSL_DIRECTIVES_SCRIPT") for root user .." + _success=true + _cur_cron=`mktemp` + [[ $? -ne 0 ]] && _success=false + crontab -u root -l > $_cur_cron + [[ $? -ne 0 ]] && _success=false + if ! $success ; then + echo_failed + else + if grep `basename $DH_UPDATE_SSL_DIRECTIVES_SCRIPT` $_cur_cron > /dev/null 2>&1 ; then + echo_skipped + info "Cronjob for $(basename "$DH_UPDATE_SSL_DIRECTIVES_SCRIPT") already activated." + else + _success=true + cat <> $_cur_cron + +# - Check whether all certificates are included in the VHOST configurations +# - +33 05 * * * $DH_UPDATE_SSL_DIRECTIVES_SCRIPT +EOF + [[ $? -ne 0 ]] && _success=false + crontab -u root $_cur_cron + [[ $? -ne 0 ]] && _success=false + if $success ; then + echo_ok + else + echo_failed + fi + fi # if grep `basename $DH_UPDATE_SSL_DIRECTIVES_SCRIPT` + fi # if ! $success ; then + rm -f $_cur_cron + + + # - Check, whether a system based update vhosts script exists in /etc/cron.d + # - + if grep -l `basename $DH_UPDATE_SSL_DIRECTIVES_SCRIPT` /etc/cron.d/* > /dev/null 2>&1 ; then + warn "A system based update vhost cronjob already exists in /etc/cron.d/\n\t Deleteing this one now.." + _success=true + echononl " Delete update vhost cronjob in /etc/cron.d/.." + for _file in $(grep -l `basename $DH_UPDATE_SSL_DIRECTIVES_SCRIPT` /etc/cron.d/*) ; do + rm -f $_file > /dev/null 2>&1 + [[ $? -ne 0 ]] && _success=false + done + if $success ; then + echo_ok + else + echo_failed + fi + + fi # if grep `basename $DH_CHANGE_SSL_DIRECTIVES_SCRIPT` /etc/cron.d/* + + # - Remove crontjob's for old (and noe renamed) script $DH_CHANGE_SSL_DIRECTIVES_SCRIPT + # - + if crontab -l | grep `basename $DH_CHANGE_SSL_DIRECTIVES_SCRIPT` > /dev/null 2>&1 ; then + warn "Dehydrated's update vhost cronjob is also activated for root user.\n\t Deleting now.." + echononl " Delete dehydrated's update vhost cronjob for user root.." + _success=true + _cur_cron=`mktemp` + [[ $? -ne 0 ]] && _success=false + crontab -u root -l > $_cur_cron + [[ $? -ne 0 ]] && _success=false + sed -i "/`basename $DH_CHANGE_SSL_DIRECTIVES_SCRIPT`/d" $_cur_cron > /dev/null 2>&1 + [[ $? -ne 0 ]] && _success=false + crontab -u root $_cur_cron + [[ $? -ne 0 ]] && _success=false + if $success ; then + echo_ok + else + echo_failed + fi + + fi # if crontab -l | grep `basename $DH_CHANGE_SSL_DIRECTIVES_SCRIPT` elif [[ "$DH_CRON_TYPE" = "system" ]]; then + echononl " Activate dehydrated cronjob in /etc/cron.d/" if grep `basename $DH_CRON_SCRIPT` /etc/cron.d/* > /dev/null 2>&1 ; then echo_skipped @@ -2812,6 +2893,10 @@ elif [[ "$DH_CRON_TYPE" = "system" ]]; then # - Generate/Renew Let's Encrypt Certificates if needed (using dehydrated script) # - 21 05 * * * root $DH_CRON_SCRIPT + +# - Check whether all certificates are included in the VHOST configurations +# - +31 05 * * * root $DH_UPDATE_SSL_DIRECTIVES_SCRIPT EOF if [[ $? -eq 0 ]]; then echo_ok @@ -2842,6 +2927,28 @@ EOF fi # if crontab -l | grep `basename $DH_CRON_SCRIPT` + # - Check, whether a dehydrated's update vhost cron job exists for user root + # - + if crontab -l | grep `basename $DH_UPDATE_SSL_DIRECTIVES_SCRIPT` > /dev/null 2>&1 ; then + warn "Dehydrated's update vhost cronjob is also activated for root user.\n\t Deleting now.." + echononl " Delete dehydrated's update vhost cronjob for user root.." + _success=true + _cur_cron=`mktemp` + [[ $? -ne 0 ]] && _success=false + crontab -u root -l > $_cur_cron + [[ $? -ne 0 ]] && _success=false + sed -i "/`basename $DH_UPDATE_SSL_DIRECTIVES_SCRIPT`/d" $_cur_cron > /dev/null 2>&1 + [[ $? -ne 0 ]] && _success=false + crontab -u root $_cur_cron + [[ $? -ne 0 ]] && _success=false + if $success ; then + echo_ok + else + echo_failed + fi + + fi # if crontab -l | grep `basename $DH_UPDATE_SSL_DIRECTIVES_SCRIPT` + fi @@ -3295,12 +3402,12 @@ fi # - Sript change_ssl_directives.sh # -if [[ -f "${DH_BASE_DIR}/tools/change_ssl_directives.sh" ]]; then +if [[ -f "${DH_UPDATE_SSL_DIRECTIVES_SCRIPT}" ]]; then # - Backup existing script change_ssl_directives.sh # - - echononl " Backup ${DH_BASE_DIR}/tools/change_ssl_directives.sh.." - cp -a ${DH_BASE_DIR}/tools/change_ssl_directives.sh ${DH_BASE_DIR}/tools/change_ssl_directives.sh.$_date > /dev/null 2>&1 + echononl " Backup ${DH_UPDATE_SSL_DIRECTIVES_SCRIPT}.." + cp -a "${DH_UPDATE_SSL_DIRECTIVES_SCRIPT}" "${DH_UPDATE_SSL_DIRECTIVES_SCRIPT}.$_date" > /dev/null 2>&1 if [[ $? -eq 0 ]]; then echo_ok else @@ -3309,8 +3416,8 @@ if [[ -f "${DH_BASE_DIR}/tools/change_ssl_directives.sh" ]]; then fi -echononl " Install script \"change_ssl_directives.sh\" into ${DH_BASE_DIR}/tools/" -cat < ${DH_BASE_DIR}/tools/change_ssl_directives.sh +echononl " Install script \"$(basename "${DH_UPDATE_SSL_DIRECTIVES_SCRIPT}")\" into ${DH_BASE_DIR}/tools/" +cat < ${DH_UPDATE_SSL_DIRECTIVES_SCRIPT} #!/usr/bin/env bash # - Changes "SSLCertificate.."-lines in vhost configuration @@ -3729,20 +3836,20 @@ else echo_failed fi -echononl " Make \"${DH_BASE_DIR}/tools/change_ssl_directives.sh\" executable.." -chmod 755 ${DH_BASE_DIR}/tools/change_ssl_directives.sh +echononl " Make \"${DH_UPDATE_SSL_DIRECTIVES_SCRIPT}\" executable.." +chmod 755 "${DH_UPDATE_SSL_DIRECTIVES_SCRIPT}" if [[ $? -eq 0 ]]; then echo_ok else echo_failed fi -if [[ -f "${DH_BASE_DIR}/tools/change_ssl_directives.sh.$_date" ]]; then - diff ${DH_BASE_DIR}/tools/change_ssl_directives.sh ${DH_BASE_DIR}/tools/change_ssl_directives.sh.$_date > /dev/null 2>&1 +if [[ -f "${DH_UPDATE_SSL_DIRECTIVES_SCRIPT}.$_date" ]]; then + diff "${DH_UPDATE_SSL_DIRECTIVES_SCRIPT}" "${DH_UPDATE_SSL_DIRECTIVES_SCRIPT}.$_date" > /dev/null 2>&1 if [[ $? -eq 0 ]]; then - info "Script change_ssl_directives.sh has not change.\n\t Removing previously created backup.." - echononl " Remove ${DH_BASE_DIR}/tools/change_ssl_directives.sh.$_date.." - rm -f ${DH_BASE_DIR}/tools/change_ssl_directives.sh.$_date + info "Script $(basename "${DH_UPDATE_SSL_DIRECTIVES_SCRIPT}") has not change.\n\t Removing previously created backup.." + echononl " Remove ${DH_UPDATE_SSL_DIRECTIVES_SCRIPT}.$_date.." + rm -f "${DH_UPDATE_SSL_DIRECTIVES_SCRIPT}.$_date" if [[ $? -eq 0 ]]; then echo_ok else