Infra-Mirrors/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2024-09-28 20:25:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update cpanel and gandi dns plugin handling.

Browse Source 
Minor adjustments to init logic.
This commit is contained in:
Eric Nemchik 2022-10-06 14:58:47 +00:00
parent e2d02de457
commit 3fb6e3f54d
6 changed files with 23 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -336,6 +336,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
## Versions ## Versions
* **06.10.22:** - Update cpanel and gandi dns plugin handling. Minor adjustments to init logic.
* **05.10.22:** - Use certbot file hooks instead of command line hooks * **05.10.22:** - Use certbot file hooks instead of command line hooks
* **04.10.22:** - Add godaddy and porkbun dns plugins. * **04.10.22:** - Add godaddy and porkbun dns plugins.
* **03.10.22:** - Add default_server back to default site conf's https listen. * **03.10.22:** - Add default_server back to default site conf's https listen.

1
readme-vars.yml
View File

@ -156,6 +156,7 @@ app_setup_nginx_reverse_proxy_block: ""
# changelog # changelog
changelogs: changelogs:
- { date: "06.10.22:", desc: "Update cpanel and gandi dns plugin handling. Minor adjustments to init logic." }
- { date: "05.10.22:", desc: "Use certbot file hooks instead of command line hooks" } - { date: "05.10.22:", desc: "Use certbot file hooks instead of command line hooks" }
- { date: "04.10.22:", desc: "Add godaddy and porkbun dns plugins." } - { date: "04.10.22:", desc: "Add godaddy and porkbun dns plugins." }
- { date: "03.10.22:", desc: "Add default_server back to default site conf's https listen." } - { date: "03.10.22:", desc: "Add default_server back to default site conf's https listen." }

6
root/defaults/dns-conf/cpanel.ini
View File

@ -1,6 +1,6 @@
# Instructions: https://github.com/badjware/certbot-dns-cpanel#credentials # Instructions: https://github.com/badjware/certbot-dns-cpanel#credentials
# Replace with your values # Replace with your values
# include the scheme and the port number (usually 2083 for https) # include the scheme and the port number (usually 2083 for https)
certbot_dns_cpanel:cpanel_url = https://cpanel.example.com:2083 dns_cpanel_url = https://cpanel.example.com:2083
certbot_dns_cpanel:cpanel_username = username dns_cpanel_username = username
certbot_dns_cpanel:cpanel_password = 1234567890abcdef dns_cpanel_password = 1234567890abcdef

6
root/defaults/dns-conf/gandi.ini
View File

@ -1,3 +1,7 @@
# Instructions: https://github.com/obynio/certbot-plugin-gandi#usage # Instructions: https://github.com/obynio/certbot-plugin-gandi#usage
# Replace with your value # Replace with your value
certbot_plugin_gandi:dns_api_key=APIKEY # live dns v5 api key
dns_gandi_api_key=APIKEY
# optional organization id, remove it if not used
#dns_gandi_sharing_id=SHARINGID

2
root/defaults/dns-conf/infomaniak.ini
View File

@ -1,3 +1,3 @@
Instructions: https://github.com/Infomaniak/certbot-dns-infomaniak#via-ini-file # Instructions: https://github.com/Infomaniak/certbot-dns-infomaniak#via-ini-file
# Replace with your values # Replace with your values
dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX dns_infomaniak_token = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

24
root/etc/cont-init.d/50-certbot
View File

@ -34,9 +34,11 @@ chown -R abc:abc /config/dns-conf
# update plugin names in dns conf inis # update plugin names in dns conf inis
sed -i 's|^certbot_dns_aliyun:||g' /config/dns-conf/aliyun.ini sed -i 's|^certbot_dns_aliyun:||g' /config/dns-conf/aliyun.ini
sed -i 's|^certbot_dns_cpanel:|dns_|g' /config/dns-conf/cpanel.ini
sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini sed -i 's|^certbot_dns_domeneshop:||g' /config/dns-conf/domeneshop.ini
sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini sed -i 's|^certbot_dns_inwx:||g' /config/dns-conf/inwx.ini
sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini sed -i 's|^certbot_dns_transip:||g' /config/dns-conf/transip.ini
sed -i 's|^certbot_plugin_gandi:dns_|dns_gandi_|g' /config/dns-conf/gandi.ini
# copy default renewal hooks # copy default renewal hooks
chmod -R +x /defaults/etc/letsencrypt/renewal-hooks chmod -R +x /defaults/etc/letsencrypt/renewal-hooks
@ -134,16 +136,13 @@ if [ "$VALIDATION" = "dns" ]; then
if [ "$DNSPLUGIN" = "route53" ]; then if [ "$DNSPLUGIN" = "route53" ]; then
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}" PREFCHAL="--dns-${DNSPLUGIN} ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(cpanel)$ ]]; then elif [[ "$DNSPLUGIN" =~ ^(azure|gandi)$ ]]; then
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi if [ -n "$PROPAGATION" ]; then echo "${DNSPLUGIN} dns plugin does not support setting propagation time"; fi
PREFCHAL="-a certbot-dns-${DNSPLUGIN}:${DNSPLUGIN} --certbot-dns-${DNSPLUGIN}:${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini"
elif [[ "$DNSPLUGIN" =~ ^(gandi)$ ]]; then
if [ -n "$PROPAGATION" ]; then echo "Gandi dns plugin does not support setting propagation time"; fi
PREFCHAL="-a certbot-plugin-${DNSPLUGIN}:dns --certbot-plugin-${DNSPLUGIN}:dns-credentials /config/dns-conf/${DNSPLUGIN}.ini"
elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then elif [[ "$DNSPLUGIN" =~ ^(google)$ ]]; then
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}" PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.json ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(aliyun|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then elif [[ "$DNSPLUGIN" =~ ^(aliyun|cpanel|desec|dnspod|do|domeneshop|dynu|godaddy|he|hetzner|infomaniak|inwx|ionos|loopia|netcup|njalla|porkbun|transip|vultr)$ ]]; then
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(standalone)$ ]]; then elif [[ "$DNSPLUGIN" =~ ^(standalone)$ ]]; then
@ -152,19 +151,16 @@ if [ "$VALIDATION" = "dns" ]; then
elif [[ "$DNSPLUGIN" =~ ^(directadmin)$ ]]; then elif [[ "$DNSPLUGIN" =~ ^(directadmin)$ ]]; then
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="-a ${DNSPLUGIN} --${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" PREFCHAL="-a ${DNSPLUGIN} --${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
elif [[ "$DNSPLUGIN" =~ ^(azure)$ ]]; then
if [ -n "$PROPAGATION" ]; then echo "Azure dns plugin does not support setting propagation time"; fi
PREFCHAL="-a dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini"
else else
if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi if [ -n "$PROPAGATION" ]; then PROPAGATIONPARAM="--dns-${DNSPLUGIN}-propagation-seconds ${PROPAGATION}"; fi
PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}" PREFCHAL="--dns-${DNSPLUGIN} --dns-${DNSPLUGIN}-credentials /config/dns-conf/${DNSPLUGIN}.ini ${PROPAGATIONPARAM}"
fi fi
echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected" echo "${VALIDATION} validation via ${DNSPLUGIN} plugin is selected"
elif [ "$VALIDATION" = "tls-sni" ]; then elif [ "$VALIDATION" = "tls-sni" ]; then
PREFCHAL="--non-interactive --standalone --preferred-challenges http" PREFCHAL="--standalone --preferred-challenges http"
echo "*****tls-sni validation has been deprecated, attempting http validation instead" echo "*****tls-sni validation has been deprecated, attempting http validation instead"
elif [ "$VALIDATION" = "duckdns" ]; then elif [ "$VALIDATION" = "duckdns" ]; then
PREFCHAL="--non-interactive --manual --preferred-challenges dns --manual-auth-hook /app/duckdns-txt" PREFCHAL="--manual --preferred-challenges dns --manual-auth-hook /app/duckdns-txt"
chmod +x /app/duckdns-txt chmod +x /app/duckdns-txt
echo "duckdns validation is selected" echo "duckdns validation is selected"
if [ "$SUBDOMAINS" = "wildcard" ]; then if [ "$SUBDOMAINS" = "wildcard" ]; then
@ -175,7 +171,7 @@ elif [ "$VALIDATION" = "duckdns" ]; then
export URL_REAL="-d ${URL}" export URL_REAL="-d ${URL}"
fi fi
else else
PREFCHAL="--non-interactive --standalone --preferred-challenges http" PREFCHAL="--standalone --preferred-challenges http"
echo "http validation is selected" echo "http validation is selected"
fi fi
@ -234,7 +230,9 @@ fi
if [ -f "/config/keys/letsencrypt/chain.pem" ] && { [ "${CERTPROVIDER}" == "letsencrypt" ] || [ "${CERTPROVIDER}" == "" ]; } && [ "${STAGING}" != "true" ] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then if [ -f "/config/keys/letsencrypt/chain.pem" ] && { [ "${CERTPROVIDER}" == "letsencrypt" ] || [ "${CERTPROVIDER}" == "" ]; } && [ "${STAGING}" != "true" ] && ! openssl x509 -in /config/keys/letsencrypt/chain.pem -noout -issuer | grep -q "ISRG Root X"; then
echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking." echo "The cert seems to be using the old LE root cert, which is no longer valid. Deleting and revoking."
REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory" REV_ACMESERVER="https://acme-v02.api.letsencrypt.org/directory"
if [[ -f /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem ]]; then
certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem --server $REV_ACMESERVER certbot revoke --non-interactive --cert-path /config/etc/letsencrypt/live/"$ORIGDOMAIN"/fullchain.pem --server $REV_ACMESERVER
fi
rm -rf /config/etc/letsencrypt/{archive,live,renewal} rm -rf /config/etc/letsencrypt/{archive,live,renewal}
fi fi