[Astlinux-commits] SF.net SVN: astlinux:[8453] branches/1.0/package

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Revision: 8453
          http://sourceforge.net/p/astlinux/code/8453
Author:   abelbeck
Date:     2017-07-17 18:07:24 +0000 (Mon, 17 Jul 2017)
Log Message:
-----------
stunnel, make the ACME deploy script install a https_stunnel_server.pem cert including the fullchain, and restart stunnel if the server is active

Modified Paths:
--------------
    branches/1.0/package/acme/deploy/astlinux.sh
    branches/1.0/package/stunnel/stunnel.init

Modified: branches/1.0/package/acme/deploy/astlinux.sh
===================================================================

--- branches/1.0/package/acme/deploy/astlinux.sh	2017-07-17 15:19:40 UTC (rev 8452)
+++ branches/1.0/package/acme/deploy/astlinux.sh	2017-07-17 18:07:24 UTC (rev 8453)
@@ -57,6 +57,23 @@
       service lighttpd init
       logger -s -t acme-client "New ACME certificates deployed for HTTPS and 'lighttpd' restarted"
     fi
+
+    ## stunnel server
+    if [ -n "$STUNNEL_SERVERS" ]; then
+      service stunnel stop
+    fi
+    mkdir -p /mnt/kd/ssl
+    if [ -f "$_cfullchain" ]; then
+      cat "$_ckey" "$_cfullchain" > /mnt/kd/ssl/https_stunnel_server.pem
+    else
+      cat "$_ckey" "$_ccert" > /mnt/kd/ssl/https_stunnel_server.pem
+    fi
+    chmod 600 /mnt/kd/ssl/https_stunnel_server.pem
+    if [ -n "$STUNNEL_SERVERS" ]; then
+      sleep 1
+      service stunnel init
+      logger -s -t acme-client "New ACME certificates deployed for HTTPS and 'stunnel' restarted"
+    fi
   fi
 
   if astlinux_is_acme_service asterisk; then

Modified: branches/1.0/package/stunnel/stunnel.init
===================================================================
--- branches/1.0/package/stunnel/stunnel.init	2017-07-17 15:19:40 UTC (rev 8452)
+++ branches/1.0/package/stunnel/stunnel.init	2017-07-17 18:07:24 UTC (rev 8453)
@@ -2,6 +2,8 @@
 
 . /etc/rc.conf
 
+STUNNEL_ACME_SERVER_CERT="/mnt/kd/ssl/https_stunnel_server.pem"
+
 gen_stunnel_config()
 {
   local type="$1" stunnel="$2" client="" IFS
@@ -68,6 +70,8 @@
       fi
       if [ -n "$STUNNEL_SERVER_CERT" ]; then
         SCERT="$STUNNEL_SERVER_CERT"
+      elif [ -f "$STUNNEL_ACME_SERVER_CERT" ]; then
+        SCERT="$STUNNEL_ACME_SERVER_CERT"
       elif [ -n "$HTTPSCERT" ]; then
         SCERT="$HTTPSCERT"
       else

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



