]> TLD Linux GIT Repositories - packages/dehydrated.git/blob - hook.sh
TLD / packages / dehydrated.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
- from PLD, TLDized
[packages/dehydrated.git] / hook.sh
1 #!/bin/sh
2
3 # concat file atomic way
4 atomic_concat() {
5         local file=$1; shift
6         > $file.new
7         chmod 600 $file.new
8         cat "$@" > $file.new
9         cp -f $file $file.dehydrated~
10         mv -f $file.new $file
11 }
12
13 lighttpd_reload() {
14         if [ ! -x /usr/sbin/lighttpd ] || [ ! -f /etc/lighttpd/server.pem ]; then
15                 return
16         fi
17
18         echo " + Hook: Overwritting /etc/lighttpd/server.pem and reloading lighttpd..."
19         atomic_concat /etc/lighttpd/server.pem "$FULLCHAINCERT" "$PRIVKEY"
20         /sbin/service lighttpd reload
21 }
22
23 haproxy_reload() {
24         if [ ! -x /usr/sbin/haproxy ] || [ ! -f /etc/haproxy/server.pem ]; then
25                 return
26         fi
27
28         echo " + Hook: Overwritting /etc/haproxy/server.pem and restarting haproxy..."
29         atomic_concat /etc/haproxy/server.pem "$FULLCHAINCERT" "$PRIVKEY"
30         /sbin/service haproxy reload
31 }
32
33 nginx_reload() {
34         if [ ! -f /etc/nginx/server.crt ] || [ ! -f /etc/nginx/server.key ]; then
35                 return
36         fi
37
38         echo " + Hook: Overwritting /etc/nginx/server.{crt,key} and reloading nginx..."
39         atomic_concat /etc/nginx/server.crt "$FULLCHAINCERT"
40         atomic_concat /etc/nginx/server.key "$PRIVKEY"
41         /sbin/service nginx reload
42 }
43
44 httpd_reload() {
45         if [ ! -x /etc/rc.d/init.d/httpd ]; then
46                 return
47         fi
48
49         echo " + Hook: Reloading Apache..."
50         /sbin/service httpd graceful
51 }
52
53
54 case "$1" in
55 deploy_cert)
56         DOMAIN="$2"
57         PRIVKEY="$3"
58         CERT="$4"
59         FULLCHAINCERT="$5"
60         CHAINCERT="$6"
61         TIMESTAMP="$7"
62
63         lighttpd_reload
64         nginx_reload
65         httpd_reload
66         haproxy_reload
67         ;;
68 clean_challenge)
69         CHALLENGE_TOKEN="$2"
70         KEYAUTH="$3"
71         echo " + Hook: $1: Nothing to do..."
72         ;;
73 deploy_challenge)
74         echo " + Hook: $1: Nothing to do..."
75         ;;
76 unchanged_cert)
77         echo " + Hook: $1: Nothing to do..."
78         ;;
79 *)
80         echo " + Hook: $1: Nothing to do..."
81         ;;
82 esac
letsencrypt/acme client implemented as a shell-script