yacloud/acme.sh
1
0
Fork 0
mirror of https://github.com/acmesh-official/acme.sh.git synced 2025-04-30 07:22:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge 0f805cc366f8a6f1421e29c8dc45b7095fcb335c into b0535d8b40a30f9fd2b26b3ea2a49469dcb4d0a8

Browse Source
This commit is contained in:
Laurent Grawet 2025-04-29 09:46:21 +00:00 committed by GitHub
commit 203257c754
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 53 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
deploy/haproxy.sh
View File

@ -43,7 +43,8 @@
# needing to reload HAProxy. Default is "no". # needing to reload HAProxy. Default is "no".
# #
# Require the socat binary. DEPLOY_HAPROXY_STATS_SOCKET variable uses the socat # Require the socat binary. DEPLOY_HAPROXY_STATS_SOCKET variable uses the socat
# address format. # address format. The certificate can be deployed to a comma separated ',' list
# of hosts ("TCP4:10.0.0.1:1999,TCP4:10.0.0.2:1999")
# #
# export DEPLOY_HAPROXY_MASTER_CLI="UNIX:/run/haproxy-master.sock" # export DEPLOY_HAPROXY_MASTER_CLI="UNIX:/run/haproxy-master.sock"
# #
@ -193,7 +194,6 @@ haproxy_deploy() {
_issuer="${_pem}.issuer" _issuer="${_pem}.issuer"
_ocsp="${_pem}.ocsp" _ocsp="${_pem}.ocsp"
_reload="${Le_Deploy_haproxy_reload}" _reload="${Le_Deploy_haproxy_reload}"
_statssock="${Le_Deploy_haproxy_stats_socket}"
_info "Deploying PEM file" _info "Deploying PEM file"
# Create a temporary PEM file # Create a temporary PEM file
@ -327,62 +327,65 @@ haproxy_deploy() {
# Update certificate over HAProxy stats socket or master CLI. # Update certificate over HAProxy stats socket or master CLI.
if _exists socat; then if _exists socat; then
# look for the certificate on the stats socket, to chose between updating or creating one IFS=','
_socat_cert_cmd="echo '${_cmdpfx}show ssl cert' | socat '${_statssock}' - | grep -q '^${_pem}$'" for _statssock in ${Le_Deploy_haproxy_stats_socket}; do
_debug _socat_cert_cmd "${_socat_cert_cmd}" # look for the certificate on the stats socket, to choose between updating or creating one
eval "${_socat_cert_cmd}" _socat_cert_cmd="echo '${_cmdpfx}show ssl cert' | socat '${_statssock}' - | grep -q '^${_pem}$'"
_ret=$? _debug _socat_cert_cmd "${_socat_cert_cmd}"
if [ "${_ret}" != "0" ]; then eval "${_socat_cert_cmd}"
_newcert="1"
_info "Creating new certificate '${_pem}' over HAProxy ${_socketname}."
# certificate wasn't found, it's a new one. We should check if the crt-list exists and creates/inserts the certificate.
_socat_crtlist_show_cmd="echo '${_cmdpfx}show ssl crt-list' | socat '${_statssock}' - | grep -q '^${Le_Deploy_haproxy_pem_path}$'"
_debug _socat_crtlist_show_cmd "${_socat_crtlist_show_cmd}"
eval "${_socat_crtlist_show_cmd}"
_ret=$? _ret=$?
if [ "${_ret}" != "0" ]; then if [ "${_ret}" != "0" ]; then
_err "Couldn't find '${Le_Deploy_haproxy_pem_path}' in haproxy 'show ssl crt-list'" _newcert="1"
return "${_ret}" _info "Creating new certificate '${_pem}' over HAProxy ${_socketname}."
# certificate wasn't found, it's a new one. We should check if the crt-list exists and creates/inserts the certificate.
_socat_crtlist_show_cmd="echo '${_cmdpfx}show ssl crt-list' | socat '${_statssock}' - | grep -q '^${Le_Deploy_haproxy_pem_path}$'"
_debug _socat_crtlist_show_cmd "${_socat_crtlist_show_cmd}"
eval "${_socat_crtlist_show_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Couldn't find '${Le_Deploy_haproxy_pem_path}' in haproxy 'show ssl crt-list'"
return "${_ret}"
fi
# create a new certificate
_socat_new_cmd="echo '${_cmdpfx}new ssl cert ${_pem}' | socat '${_statssock}' - | grep -q 'New empty'"
_debug _socat_new_cmd "${_socat_new_cmd}"
eval "${_socat_new_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Couldn't create '${_pem}' in haproxy"
return "${_ret}"
fi
else
_info "Update existing certificate '${_pem}' over HAProxy ${_socketname}."
fi fi
# create a new certificate _socat_cert_set_cmd="echo -e '${_cmdpfx}set ssl cert ${_pem} <<\n$(cat "${_pem}")\n' | socat '${_statssock}' - | grep -q 'Transaction created'"
_socat_new_cmd="echo '${_cmdpfx}new ssl cert ${_pem}' | socat '${_statssock}' - | grep -q 'New empty'" _secure_debug _socat_cert_set_cmd "${_socat_cert_set_cmd}"
_debug _socat_new_cmd "${_socat_new_cmd}" eval "${_socat_cert_set_cmd}"
eval "${_socat_new_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Couldn't create '${_pem}' in haproxy"
return "${_ret}"
fi
else
_info "Update existing certificate '${_pem}' over HAProxy ${_socketname}."
fi
_socat_cert_set_cmd="echo -e '${_cmdpfx}set ssl cert ${_pem} <<\n$(cat "${_pem}")\n' | socat '${_statssock}' - | grep -q 'Transaction created'"
_secure_debug _socat_cert_set_cmd "${_socat_cert_set_cmd}"
eval "${_socat_cert_set_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Can't update '${_pem}' in haproxy"
return "${_ret}"
fi
_socat_cert_commit_cmd="echo '${_cmdpfx}commit ssl cert ${_pem}' | socat '${_statssock}' - | grep -q '^Success!$'"
_debug _socat_cert_commit_cmd "${_socat_cert_commit_cmd}"
eval "${_socat_cert_commit_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Can't commit '${_pem}' in haproxy"
return ${_ret}
fi
if [ "${_newcert}" = "1" ]; then
# if this is a new certificate, it needs to be inserted into the crt-list`
_socat_cert_add_cmd="echo '${_cmdpfx}add ssl crt-list ${Le_Deploy_haproxy_pem_path} ${_pem}' | socat '${_statssock}' - | grep -q 'Success!'"
_debug _socat_cert_add_cmd "${_socat_cert_add_cmd}"
eval "${_socat_cert_add_cmd}"
_ret=$? _ret=$?
if [ "${_ret}" != "0" ]; then if [ "${_ret}" != "0" ]; then
_err "Can't update '${_pem}' in haproxy" _err "Can't update '${_pem}' in haproxy"
return "${_ret}" return "${_ret}"
fi fi
fi _socat_cert_commit_cmd="echo '${_cmdpfx}commit ssl cert ${_pem}' | socat '${_statssock}' - | grep -q '^Success!$'"
_debug _socat_cert_commit_cmd "${_socat_cert_commit_cmd}"
eval "${_socat_cert_commit_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Can't commit '${_pem}' in haproxy"
return ${_ret}
fi
if [ "${_newcert}" = "1" ]; then
# if this is a new certificate, it needs to be inserted into the crt-list`
_socat_cert_add_cmd="echo '${_cmdpfx}add ssl crt-list ${Le_Deploy_haproxy_pem_path} ${_pem}' | socat '${_statssock}' - | grep -q 'Success!'"
_debug _socat_cert_add_cmd "${_socat_cert_add_cmd}"
eval "${_socat_cert_add_cmd}"
_ret=$?
if [ "${_ret}" != "0" ]; then
_err "Can't update '${_pem}' in haproxy"
return "${_ret}"
fi
fi
done
else else
_err "'socat' is not available, couldn't update over ${_socketname}" _err "'socat' is not available, couldn't update over ${_socketname}"
fi fi