bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Added plus check for dumpcerts

Browse Source
This commit is contained in:
root 2025-01-15 17:57:16 +00:00
parent 41c26e9048
commit bcf53d8da5
1 changed files with 56 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
bin/dumpcerts Executable file → Normal file
View File

@ -13,60 +13,68 @@ fail() {
. /etc/federated . /etc/federated
echo -ne "\n* Dumping certs from traefik into /federated/certs.new.." if [[ "${PLUS}" != "true" ]]; then
traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs.new &> /dev/null echo -ne "\n* Dumping certs from traefik into /federated/certs.new.."
[ $? -ne 0 ] && fail "Couldn't dump certs from traefik-certs-dumper into certs.new" traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/acme.json --dest /federated/certs.new &> /dev/null
echo -ne "done." [ $? -ne 0 ] && fail "Couldn't dump certs from traefik-certs-dumper into certs.new"
echo -ne "done."
diff /federated/certs.new/certs/$DOMAIN.crt /federated/certs/certs/$DOMAIN.crt &> /dev/null diff /federated/certs.new/certs/$DOMAIN.crt /federated/certs/certs/$DOMAIN.crt &> /dev/null
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
echo -ne "\n* The certificates are the same (we are not restarting services)." echo -ne "\n* The certificates are the same (we are not restarting services)."
else else
echo -ne "\n* The certificates are NOT the same (we will restart services)." echo -ne "\n* The certificates are NOT the same (we will restart services)."
MATCH="no" MATCH="no"
fi fi
echo -ne "\n* Moving certs from /federated/certs.new into /federated/certs.." echo -ne "\n* Moving certs from /federated/certs.new into /federated/certs.."
cp /federated/certs.new/certs/$DOMAIN.crt /federated/certs/certs/$DOMAIN.crt cp /federated/certs.new/certs/$DOMAIN.crt /federated/certs/certs/$DOMAIN.crt
[ $? -ne 0 ] && fail "Couldn't move /federated/certs.new to /federated/certs" [ $? -ne 0 ] && fail "Couldn't move /federated/certs.new to /federated/certs"
cp /federated/certs.new/private/$DOMAIN.key /federated/certs/private/$DOMAIN.key cp /federated/certs.new/private/$DOMAIN.key /federated/certs/private/$DOMAIN.key
[ $? -ne 0 ] && fail "Couldn't move /federated/certs.new to /federated/certs" [ $? -ne 0 ] && fail "Couldn't move /federated/certs.new to /federated/certs"
rm -rf /federated/certs.new rm -rf /federated/certs.new
echo -ne "done." echo -ne "done."
echo -ne "\n* Installing certs into /federated/apps that use it.." echo -ne "\n* Installing certs into /federated/apps that use it.."
# Install into PostgreSQL container # Install into PostgreSQL container
cp /federated/certs/certs/$DOMAIN.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt cp /federated/certs/certs/$DOMAIN.crt /federated/apps/postgresql/data/var/lib/postgresql/server.crt
cp /federated/certs/private/$DOMAIN.key /federated/apps/postgresql/data/var/lib/postgresql/server.key cp /federated/certs/private/$DOMAIN.key /federated/apps/postgresql/data/var/lib/postgresql/server.key
chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key chown 999 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key chmod 600 /federated/apps/postgresql/data/var/lib/postgresql/server.crt /federated/apps/postgresql/data/var/lib/postgresql/server.key
# Install into LDAP container # Install into LDAP container
cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/ldap/data/certs/ cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/ldap/data/certs/
# Install into Mail container # Install into Mail container
cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/mail/data/root/certs/ cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/mail/data/root/certs/
# Install into Collabora container # Install into Collabora container
#cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/ #cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/collabora/data/root/certs/
#chown 104 /federated/apps/collabora/data/root/certs/* #chown 104 /federated/apps/collabora/data/root/certs/*
# Install into Matrix container # Install into Matrix container
cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/matrix/data/matrix/ cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/matrix/data/matrix/
chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN.crt /federated/apps/matrix/data/matrix/$DOMAIN.key chmod 644 /federated/apps/matrix/data/matrix/$DOMAIN.crt /federated/apps/matrix/data/matrix/$DOMAIN.key
echo -ne "done.\n"
if [ "$MATCH" = "no" ]; then
echo "\n* Restarting services that use the certificate.."
/federated/bin/stop postgresql
/federated/bin/stop ldap
/federated/bin/stop mail
/federated/bin/stop matrix
/federated/bin/start postgresql
/federated/bin/start ldap
/federated/bin/start mail
/federated/bin/start matrix
echo -ne "done.\n" echo -ne "done.\n"
fi
echo -ne "\n\n" if [ "$MATCH" = "no" ]; then
echo "\n* Restarting services that use the certificate.."
/federated/bin/stop postgresql
/federated/bin/stop ldap
/federated/bin/stop mail
/federated/bin/stop matrix
/federated/bin/start postgresql
/federated/bin/start ldap
/federated/bin/start mail
/federated/bin/start matrix
echo -ne "done.\n"
fi
echo -ne "\n\n"
else
echo -ne "\n* Dumping certs from traefik into /federated/certs.."
traefik-certs-dumper file --version v2 --source /federated/apps/traefik/data/letsencrypt/httpacme.json --dest /federated/certs &> /dev/null
[ $? -ne 0 ] && fail "Couldn't dump certs from traefik-certs-dumper into certs"
echo -ne "done."
echo -ne "\n\n"
fi