mirror of
https://github.com/acmesh-official/acme.sh.git
synced 2025-07-12 06:08:51 +00:00
Merge branch 'dev' of https://github.com/Neilpang/acme.sh into ssh-deploy
This commit is contained in:
David Kerr
@ -16,17 +16,40 @@ strongswan_deploy() {
|
||||
_cca="$4"
|
||||
_cfullchain="$5"
|
||||
|
||||
_info "Using strongswan"
|
||||
|
||||
if [ -x /usr/sbin/ipsec ]; then
|
||||
_ipsec=/usr/sbin/ipsec
|
||||
elif [ -x /usr/sbin/strongswan ]; then
|
||||
_ipsec=/usr/sbin/strongswan
|
||||
elif [ -x /usr/local/sbin/ipsec ]; then
|
||||
_ipsec=/usr/local/sbin/ipsec
|
||||
else
|
||||
_err "no strongswan or ipsec command is detected"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_info _ipsec "$_ipsec"
|
||||
|
||||
_confdir=$($_ipsec --confdir)
|
||||
if [ $? -ne 0 ] || [ -z "$_confdir" ]; then
|
||||
_err "no strongswan --confdir is detected"
|
||||
return 1
|
||||
fi
|
||||
|
||||
_info _confdir "$_confdir"
|
||||
|
||||
_debug _cdomain "$_cdomain"
|
||||
_debug _ckey "$_ckey"
|
||||
_debug _ccert "$_ccert"
|
||||
_debug _cca "$_cca"
|
||||
_debug _cfullchain "$_cfullchain"
|
||||
|
||||
cat "$_ckey" >"/etc/ipsec.d/private/$(basename "$_ckey")"
|
||||
cat "$_ccert" >"/etc/ipsec.d/certs/$(basename "$_ccert")"
|
||||
cat "$_cca" >"/etc/ipsec.d/cacerts/$(basename "$_cca")"
|
||||
cat "$_cfullchain" >"/etc/ipsec.d/cacerts/$(basename "$_cfullchain")"
|
||||
cat "$_ckey" >"${_confdir}/ipsec.d/private/$(basename "$_ckey")"
|
||||
cat "$_ccert" >"${_confdir}/ipsec.d/certs/$(basename "$_ccert")"
|
||||
cat "$_cca" >"${_confdir}/ipsec.d/cacerts/$(basename "$_cca")"
|
||||
cat "$_cfullchain" >"${_confdir}/ipsec.d/cacerts/$(basename "$_cfullchain")"
|
||||
|
||||
ipsec reload
|
||||
$_ipsec reload
|
||||
|
||||
}
|
||||
|
||||
56
deploy/vault_cli.sh
Normal file
56
deploy/vault_cli.sh
Normal file
@ -0,0 +1,56 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
# Here is a script to deploy cert to hashicorp vault
|
||||
# (https://www.vaultproject.io/)
|
||||
#
|
||||
# it requires the vault binary to be available in PATH, and the following
|
||||
# environment variables:
|
||||
#
|
||||
# VAULT_PREFIX - this contains the prefix path in vault
|
||||
# VAULT_ADDR - vault requires this to find your vault server
|
||||
#
|
||||
# additionally, you need to ensure that VAULT_TOKEN is avialable or
|
||||
# `vault auth` has applied the appropriate authorization for the vault binary
|
||||
# to access the vault server
|
||||
|
||||
#returns 0 means success, otherwise error.
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
#domain keyfile certfile cafile fullchain
|
||||
vault_cli_deploy() {
|
||||
|
||||
_cdomain="$1"
|
||||
_ckey="$2"
|
||||
_ccert="$3"
|
||||
_cca="$4"
|
||||
_cfullchain="$5"
|
||||
|
||||
_debug _cdomain "$_cdomain"
|
||||
_debug _ckey "$_ckey"
|
||||
_debug _ccert "$_ccert"
|
||||
_debug _cca "$_cca"
|
||||
_debug _cfullchain "$_cfullchain"
|
||||
|
||||
# validate required env vars
|
||||
if [ -z "$VAULT_PREFIX" ]; then
|
||||
_err "VAULT_PREFIX needs to be defined (contains prefix path in vault)"
|
||||
return 1
|
||||
fi
|
||||
|
||||
if [ -z "$VAULT_ADDR" ]; then
|
||||
_err "VAULT_ADDR needs to be defined (contains vault connection address)"
|
||||
return 1
|
||||
fi
|
||||
|
||||
VAULT_CMD=$(which vault)
|
||||
if [ ! $? ]; then
|
||||
_err "cannot find vault binary!"
|
||||
return 1
|
||||
fi
|
||||
|
||||
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
|
||||
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
|
||||
$VAULT_CMD write "${VAULT_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user