mirror of
https://github.com/acmesh-official/acme.sh.git
synced 2025-04-30 06:22:46 +00:00
136 lines
3.3 KiB
Bash
136 lines
3.3 KiB
Bash
#!/usr/bin/env sh
|
|
|
|
http_scp_info='SCP HTTP-01 validation plugin
|
|
Site: github.com/acmesh-official/acme.sh/wiki/HTTP-API
|
|
Docs: github.com/acmesh-official/acme.sh/wiki/HTTP-API#http_scp
|
|
Options:
|
|
HTTP_SCP_USER Username for SSH/SCP
|
|
HTTP_SCP_HOST Remote host
|
|
HTTP_SCP_PATH Remote webroot path
|
|
HTTP_SCP_PORT SSH port (optional)
|
|
HTTP_SCP_KEY SSH private key path (optional)
|
|
'
|
|
|
|
#Here we implement scp-based http validation
|
|
|
|
#Returns 0 means success, otherwise error.
|
|
|
|
######## Public functions #####################
|
|
|
|
#Usage: http_scp_deploy domain token keyauthorization
|
|
http_scp_deploy() {
|
|
_cdomain="$1"
|
|
_ctoken="$2"
|
|
_ckey="$3"
|
|
|
|
_debug _cdomain "$_cdomain"
|
|
_debug _ctoken "$_ctoken"
|
|
|
|
_getconfig
|
|
if [ "$?" != "0" ]; then
|
|
return 1
|
|
fi
|
|
|
|
_info "Deploying challenge file to remote server using SCP"
|
|
_wellknown_path="$HTTP_SCP_PATH/.well-known/acme-challenge"
|
|
|
|
# Create temporary file with token content
|
|
_tempcontent="$(_mktemp)"
|
|
if [ "$?" != "0" ]; then
|
|
_err "Failed to create temporary file"
|
|
return 1
|
|
fi
|
|
|
|
echo "$_ckey" > "$_tempcontent"
|
|
|
|
# Prepare SSH options
|
|
_scp_options=""
|
|
if [ -n "$HTTP_SCP_KEY" ]; then
|
|
_scp_options="$_scp_options -i $HTTP_SCP_KEY"
|
|
fi
|
|
|
|
if [ -n "$HTTP_SCP_PORT" ]; then
|
|
_scp_options="$_scp_options -P $HTTP_SCP_PORT"
|
|
fi
|
|
_scp_options="$_scp_options -o StrictHostKeyChecking=no"
|
|
|
|
# Create challenge directory if it doesn't exist
|
|
_info "Creating challenge directory on remote server"
|
|
# shellcheck disable=SC2029 # We intentionally want client-side expansion of _wellknown_path
|
|
if ! ssh $HTTP_SCP_USER@$HTTP_SCP_HOST $_scp_options "mkdir -p ${_wellknown_path}"; then
|
|
_err "Failed to create challenge directory on remote server"
|
|
rm -f "$_tempcontent"
|
|
return 1
|
|
fi
|
|
|
|
# Upload challenge file
|
|
_info "Uploading challenge file"
|
|
if ! scp $_scp_options "$_tempcontent" $HTTP_SCP_USER@$HTTP_SCP_HOST:"${_wellknown_path}/${_ctoken}"; then
|
|
_err "Failed to upload challenge file"
|
|
rm -f "$_tempcontent"
|
|
return 1
|
|
fi
|
|
|
|
rm -f "$_tempcontent"
|
|
return 0
|
|
}
|
|
|
|
#Usage: http_scp_rm domain token
|
|
http_scp_rm() {
|
|
_cdomain="$1"
|
|
_ctoken="$2"
|
|
|
|
_debug _cdomain "$_cdomain"
|
|
_debug _ctoken "$_ctoken"
|
|
|
|
_getconfig
|
|
if [ "$?" != "0" ]; then
|
|
return 1
|
|
fi
|
|
|
|
_info "Removing challenge file from remote server"
|
|
_wellknown_path="$HTTP_SCP_PATH/.well-known/acme-challenge"
|
|
|
|
# Prepare SSH options
|
|
_scp_options=""
|
|
if [ -n "$HTTP_SCP_KEY" ]; then
|
|
_scp_options="$_scp_options -i $HTTP_SCP_KEY"
|
|
fi
|
|
|
|
if [ -n "$HTTP_SCP_PORT" ]; then
|
|
_scp_options="$_scp_options -p $HTTP_SCP_PORT"
|
|
else
|
|
_scp_options="$_scp_options -p 22"
|
|
fi
|
|
_scp_options="$_scp_options -o StrictHostKeyChecking=no"
|
|
|
|
# Remove challenge file
|
|
_info "Removing challenge file from remote server"
|
|
# shellcheck disable=SC2029 # We intentionally want client-side expansion of _wellknown_path and _ctoken
|
|
if ! ssh $HTTP_SCP_USER@$HTTP_SCP_HOST $_scp_options "rm -f ${_wellknown_path}/${_ctoken}"; then
|
|
_err "Failed to remove challenge file from remote server"
|
|
return 1
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
_getconfig() {
|
|
if [ -z "$HTTP_SCP_USER" ]; then
|
|
_err "HTTP_SCP_USER is not defined"
|
|
return 1
|
|
fi
|
|
|
|
if [ -z "$HTTP_SCP_HOST" ]; then
|
|
_err "HTTP_SCP_HOST is not defined"
|
|
return 1
|
|
fi
|
|
|
|
if [ -z "$HTTP_SCP_PATH" ]; then
|
|
_err "HTTP_SCP_PATH is not defined"
|
|
return 1
|
|
fi
|
|
|
|
return 0
|
|
}
|