Infra-Mirrors/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2024-07-01 00:51:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rewrite domain handling

Browse Source 
Use jq instead of python for ZeroSSL vars
This commit is contained in:
Eric Nemchik 2023-02-18 18:28:03 -06:00
parent 18019fb216
commit 43e50ffb03
1 changed files with 23 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
root/etc/s6-overlay/s6-rc.d/init-certbot-config/run
View File

@ -29,7 +29,7 @@ if [[ "${VALIDATION}" = "dns" ]] && [[ ! "${DNSPLUGIN}" =~ ^(acmedns|aliyun|azur
sleep infinity sleep infinity
fi fi
# call option with parameters: $1=name $2=value $3=file # call set_ini_value with parameters: $1=name $2=value $3=file
function set_ini_value() { function set_ini_value() {
name=${1//\//\\/} name=${1//\//\\/}
value=${2//\//\\/} value=${2//\//\\/}
@ -166,8 +166,8 @@ if [[ ! "${URL}" = "${ORIGURL}" ]] ||
echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created" echo "Different validation parameters entered than what was used before. Revoking and deleting existing certificate, and an updated one will be created"
if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then if [[ "${ORIGCERTPROVIDER}" = "zerossl" ]] && [[ -n "${ORIGEMAIL}" ]]; then
REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}") REV_EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${ORIGEMAIL}")
REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])") REV_ZEROSSL_EAB_KID=$(echo "${REV_EAB_CREDS}" | jq .eab_kid)
REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])") REV_ZEROSSL_EAB_HMAC_KEY=$(echo "${REV_EAB_CREDS}" | js .eab_hmac_key)
if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then if [[ -z "${REV_ZEROSSL_EAB_KID}" ]] || [[ -z "${REV_ZEROSSL_EAB_HMAC_KEY}" ]]; then
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping." echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
sleep infinity sleep infinity
@ -218,45 +218,39 @@ fi
set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini set_ini_value "server" "${ACMESERVER}" /config/etc/letsencrypt/cli.ini
# figuring out url only vs url & subdomains vs subdomains only # figuring out domain only vs domain & subdomains vs subdomains only
DOMAINS_ARRAY=()
if [[ -z "${SUBDOMAINS}" ]] || [[ "${ONLY_SUBDOMAINS}" != true ]]; then
DOMAINS_ARRAY+=("${URL}")
fi
if [[ -n "${SUBDOMAINS}" ]]; then if [[ -n "${SUBDOMAINS}" ]]; then
echo "SUBDOMAINS entered, processing" echo "SUBDOMAINS entered, processing"
SUBDOMAINS_ARRAY=()
if [[ "${SUBDOMAINS}" = "wildcard" ]]; then if [[ "${SUBDOMAINS}" = "wildcard" ]]; then
if [[ "${ONLY_SUBDOMAINS}" = true ]]; then SUBDOMAINS_ARRAY+=("*.${URL}")
export URL_REAL="*.${URL}" echo "Wildcard cert for ${URL} will be requested"
echo "Wildcard cert for only the subdomains of ${URL} will be requested"
else
export URL_REAL="*.${URL},${URL}"
echo "Wildcard cert for ${URL} will be requested"
fi
else else
echo "SUBDOMAINS entered, processing"
for job in $(echo "${SUBDOMAINS}" | tr "," " "); do for job in $(echo "${SUBDOMAINS}" | tr "," " "); do
export SUBDOMAINS_REAL="${SUBDOMAINS_REAL},${job}.${URL}" SUBDOMAINS_ARRAY+=("${job}.${URL}")
done done
if [[ "${ONLY_SUBDOMAINS}" = true ]]; then echo "Sub-domains processed are: $(echo "${SUBDOMAINS_ARRAY[*]}" | tr " " ",")"
URL_REAL="${SUBDOMAINS_REAL}"
echo "Only subdomains, no URL in cert"
else
URL_REAL="${URL}${SUBDOMAINS_REAL}"
fi
echo "Sub-domains processed are: ${SUBDOMAINS_REAL}"
fi fi
else DOMAINS_ARRAY+=("${SUBDOMAINS_ARRAY[@]}")
echo "No subdomains defined"
URL_REAL="${URL}"
fi fi
# add extra domains # add extra domains
if [[ -n "${EXTRA_DOMAINS}" ]]; then if [[ -n "${EXTRA_DOMAINS}" ]]; then
echo "EXTRA_DOMAINS entered, processing" echo "EXTRA_DOMAINS entered, processing"
EXTRA_DOMAINS_ARRAY=()
for job in $(echo "${EXTRA_DOMAINS}" | tr "," " "); do for job in $(echo "${EXTRA_DOMAINS}" | tr "," " "); do
export EXTRA_DOMAINS_REAL="${EXTRA_DOMAINS_REAL},${job}" EXTRA_DOMAINS_ARRAY+=("${job}")
done done
echo "Extra domains processed are: ${EXTRA_DOMAINS_REAL}" echo "Extra domains processed are: $(echo "${EXTRA_DOMAINS_ARRAY[*]}" | tr " " ",")"
URL_REAL="${URL_REAL}${EXTRA_DOMAINS_REAL}" DOMAINS_ARRAY+=("${EXTRA_DOMAINS_ARRAY[@]}")
fi fi
set_ini_value "domains" "${URL_REAL}" /config/etc/letsencrypt/cli.ini
# setting domains in cli.ini
set_ini_value "domains" "$(echo "${DOMAINS_ARRAY[*]}" | tr " " ",")" /config/etc/letsencrypt/cli.ini
# figuring out whether to use e-mail and which # figuring out whether to use e-mail and which
if [[ ${EMAIL} == *@* ]]; then if [[ ${EMAIL} == *@* ]]; then
@ -321,8 +315,8 @@ if [[ ! -f "/config/keys/letsencrypt/fullchain.pem" ]]; then
if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then if [[ "${CERTPROVIDER}" = "zerossl" ]] && [[ -n "${EMAIL}" ]]; then
echo "Retrieving EAB from ZeroSSL" echo "Retrieving EAB from ZeroSSL"
EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${EMAIL}") EAB_CREDS=$(curl -s https://api.zerossl.com/acme/eab-credentials-email --data "email=${EMAIL}")
ZEROSSL_EAB_KID=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_kid'])") ZEROSSL_EAB_KID=$(echo "${EAB_CREDS}" | jq .eab_kid)
ZEROSSL_EAB_HMAC_KEY=$(echo "${EAB_CREDS}" | python3 -c "import sys, json; print(json.load(sys.stdin)['eab_hmac_key'])") ZEROSSL_EAB_HMAC_KEY=$(echo "${EAB_CREDS}" | jq .eab_hmac_key)
if [[ -z "${ZEROSSL_EAB_KID}" ]] || [[ -z "${ZEROSSL_EAB_HMAC_KEY}" ]]; then if [[ -z "${ZEROSSL_EAB_KID}" ]] || [[ -z "${ZEROSSL_EAB_HMAC_KEY}" ]]; then
echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping." echo "Unable to retrieve EAB credentials from ZeroSSL. Check the outgoing connections to api.zerossl.com and dns. Sleeping."
sleep infinity sleep infinity