Menu
▾
▴
astlinux-commits
|
From: <abe...@us...> - 2017-01-15 16:32:03
|
Revision: 8098
http://sourceforge.net/p/astlinux/code/8098
Author: abelbeck
Date: 2017-01-15 16:32:01 +0000 (Sun, 15 Jan 2017)
Log Message:
-----------
acme, astlinux.sh changes by David Kerr
Modified Paths:
--------------
branches/1.0/package/acme/astlinux.sh
Modified: branches/1.0/package/acme/astlinux.sh
===================================================================
--- branches/1.0/package/acme/astlinux.sh 2017-01-15 16:16:59 UTC (rev 8097)
+++ branches/1.0/package/acme/astlinux.sh 2017-01-15 16:32:01 UTC (rev 8098)
@@ -37,20 +37,20 @@
fi
sleep 1
service lighttpd init
+ logger -s -t ${0##*/}[$$] "${BASH_SOURCE##*/}:$LINENO New ACME certificates deployed for HTTPS and Lighttpd restarted"
fi
if [ "$SIPTLSCERT_ACME" = "yes" ]; then
-# TODO. Not sure what the right files to use are. Need to test.
-# See..
-# https://web.johncook.uk/articles/computing/lets-encrypt-launch
-# https://www.jedwarddurrett.com/20160604162607.php
-
mkdir -p /mnt/kd/ssl/sip-tls/keys
- cat "$_cfullchain" > /mnt/kd/ssl/sip-tls/keys/server.crt
+ if [ -f "$_cfullchain" ]; then
+ cat "$_cfullchain" > /mnt/kd/ssl/sip-tls/keys/server.crt
+ else
+ cat "$_ccert" > /mnt/kd/ssl/sip-tls/keys/server.crt
+ fi
cat "$_ckey" > /mnt/kd/ssl/sip-tls/keys/server.key
chmod 600 /mnt/kd/ssl/sip-tls/keys/server.key
-# How to tell Asterisk to reload certificate?
-# Hopefully just a reload (of just SIP or PJSIP?) and not a restart
+ asterisk -rx "core restart when convenient" >/dev/null 2>&1 &
+ logger -s -t ${0##*/}[$$] "${BASH_SOURCE##*/}:$LINENO New ACME certificates deployed for SIP-TLS and Asterisk restart when convenient requested"
fi
return 0
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2017-01-15 17:15:11
|
Revision: 8099
http://sourceforge.net/p/astlinux/code/8099
Author: abelbeck
Date: 2017-01-15 17:15:08 +0000 (Sun, 15 Jan 2017)
Log Message:
-----------
acme, astlinux.sh, simplify logger messages by removing bash'isms
Modified Paths:
--------------
branches/1.0/package/acme/astlinux.sh
Modified: branches/1.0/package/acme/astlinux.sh
===================================================================
--- branches/1.0/package/acme/astlinux.sh 2017-01-15 16:32:01 UTC (rev 8098)
+++ branches/1.0/package/acme/astlinux.sh 2017-01-15 17:15:08 UTC (rev 8099)
@@ -37,7 +37,7 @@
fi
sleep 1
service lighttpd init
- logger -s -t ${0##*/}[$$] "${BASH_SOURCE##*/}:$LINENO New ACME certificates deployed for HTTPS and Lighttpd restarted"
+ logger -s -t acme-client "New ACME certificates deployed for HTTPS and Lighttpd restarted"
fi
if [ "$SIPTLSCERT_ACME" = "yes" ]; then
@@ -50,7 +50,7 @@
cat "$_ckey" > /mnt/kd/ssl/sip-tls/keys/server.key
chmod 600 /mnt/kd/ssl/sip-tls/keys/server.key
asterisk -rx "core restart when convenient" >/dev/null 2>&1 &
- logger -s -t ${0##*/}[$$] "${BASH_SOURCE##*/}:$LINENO New ACME certificates deployed for SIP-TLS and Asterisk restart when convenient requested"
+ logger -s -t acme-client "New ACME certificates deployed for SIP-TLS and Asterisk restart when convenient requested"
fi
return 0
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2017-01-15 21:01:18
|
Revision: 8100
http://sourceforge.net/p/astlinux/code/8100
Author: abelbeck
Date: 2017-01-15 21:01:17 +0000 (Sun, 15 Jan 2017)
Log Message:
-----------
acme, astlinux.sh deploy now uses ACME_SERVICE rc.conf variable
Modified Paths:
--------------
branches/1.0/package/acme/astlinux.sh
Modified: branches/1.0/package/acme/astlinux.sh
===================================================================
--- branches/1.0/package/acme/astlinux.sh 2017-01-15 17:15:08 UTC (rev 8099)
+++ branches/1.0/package/acme/astlinux.sh 2017-01-15 21:01:17 UTC (rev 8100)
@@ -8,6 +8,21 @@
. /etc/rc.conf
+#service_type
+astlinux_is_acme_service()
+{
+ local service IFS
+
+ unset IFS
+ for service in $ACME_SERVICE; do
+ if [ "$service" = "$1" ]; then
+ return 0
+ fi
+ done
+
+ return 1
+}
+
######## Public functions #####################
#domain keyfile certfile cafile fullchain
@@ -24,23 +39,27 @@
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
- if [ -n "$HTTPSCERT" -a "$HTTPS_ACME" = "yes" ]; then
- service lighttpd stop
- cat "$_ckey" "$_ccert" > "$HTTPSCERT"
- chmod 600 "$HTTPSCERT"
- if [ -n "$HTTPSCHAIN" ]; then
- if [ -f "$_cfullchain" ]; then
- cat "$_cfullchain" > "$HTTPSCHAIN"
- else
- rm -f "$HTTPSCHAIN"
+ if astlinux_is_acme_service lighttpd; then
+ if [ -z "$HTTPSCERT" ]; then
+ logger -s -t acme-client "Failed to deploy ACME certificates HTTPS, invalid HTTPSCERT path"
+ else
+ service lighttpd stop
+ cat "$_ckey" "$_ccert" > "$HTTPSCERT"
+ chmod 600 "$HTTPSCERT"
+ if [ -n "$HTTPSCHAIN" ]; then
+ if [ -f "$_cfullchain" ]; then
+ cat "$_cfullchain" > "$HTTPSCHAIN"
+ else
+ rm -f "$HTTPSCHAIN"
+ fi
fi
+ sleep 1
+ service lighttpd init
+ logger -s -t acme-client "New ACME certificates deployed for HTTPS and Lighttpd restarted"
fi
- sleep 1
- service lighttpd init
- logger -s -t acme-client "New ACME certificates deployed for HTTPS and Lighttpd restarted"
fi
- if [ "$SIPTLSCERT_ACME" = "yes" ]; then
+ if astlinux_is_acme_service asterisk; then
mkdir -p /mnt/kd/ssl/sip-tls/keys
if [ -f "$_cfullchain" ]; then
cat "$_cfullchain" > /mnt/kd/ssl/sip-tls/keys/server.crt
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <abe...@us...> - 2017-01-15 21:34:46
|
Revision: 8101
http://sourceforge.net/p/astlinux/code/8101
Author: abelbeck
Date: 2017-01-15 21:34:44 +0000 (Sun, 15 Jan 2017)
Log Message:
-----------
acme, astlinux.sh deploy, add prosody support (untested)
Modified Paths:
--------------
branches/1.0/package/acme/astlinux.sh
Modified: branches/1.0/package/acme/astlinux.sh
===================================================================
--- branches/1.0/package/acme/astlinux.sh 2017-01-15 21:01:17 UTC (rev 8100)
+++ branches/1.0/package/acme/astlinux.sh 2017-01-15 21:34:44 UTC (rev 8101)
@@ -72,5 +72,22 @@
logger -s -t acme-client "New ACME certificates deployed for SIP-TLS and Asterisk restart when convenient requested"
fi
+ if astlinux_is_acme_service prosody; then
+ service prosody stop
+ mkdir -p /mnt/kd/prosody/certs
+ if [ -f "$_cfullchain" ]; then
+ cat "$_cfullchain" > /mnt/kd/prosody/certs/server.crt
+ else
+ cat "$_ccert" > /mnt/kd/prosody/certs/server.crt
+ fi
+ cat "$_ckey" > /mnt/kd/prosody/certs/server.key
+ chmod 600 /mnt/kd/prosody/certs/server.key
+ chown prosody:prosody /mnt/kd/prosody/certs/server.crt
+ chown prosody:prosody /mnt/kd/prosody/certs/server.key
+ sleep 1
+ service prosody init
+ logger -s -t acme-client "New ACME certificates deployed for XMPP and Prosody restarted"
+ fi
+
return 0
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X