Add in letsencrypt and add requires for certificates and lib
This commit is contained in:
@@ -1,3 +0,0 @@
|
||||
#! /bin/sh
|
||||
systemctl is-active --quiet dehydrated.timer && systemctl stop dehydrated.timer
|
||||
|
||||
@@ -1,159 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 2022 Koozali SME Server
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
#
|
||||
#----------------------------------------------------------------------
|
||||
|
||||
event=$1
|
||||
fqdn=$2
|
||||
todo=$3
|
||||
domainlist=""
|
||||
|
||||
case $todo in
|
||||
disabled|enabled)
|
||||
#
|
||||
;;
|
||||
*)
|
||||
todo="all"
|
||||
;;
|
||||
esac
|
||||
|
||||
if [[ ! -z "$fqdn" ]]
|
||||
then
|
||||
# if fqdn not empty just use this one
|
||||
domainlist="$fqdn"
|
||||
elif [[ ! -z "$event" ]] && [[ "$event" == *"domain"* ]]
|
||||
then
|
||||
# else if event *domains* => all domains
|
||||
domainlist=$(perl -Mesmith::DomainsDB -e 'my $domains = esmith::DomainsDB->open; my @DOM = $domains->get_all_by_prop(type=>"domain"); print( join(" " , map { $_->key } @DOM)) ')
|
||||
elif [[ ! -z "$event" ]] && [[ "$event" == *"host"* ]]
|
||||
then
|
||||
# else if event *hosts* => all hosts
|
||||
domainlist=$(perl -Mesmith::HostsDB -e 'my $domains = esmith::HostsDB->open; my @DOM = $domains->get_all_by_prop(type=>"host"); print( join(" " , map { $_->key } @DOM)) ')
|
||||
else
|
||||
# else all domain and hosts
|
||||
domains=$(perl -Mesmith::DomainsDB -e 'my $domains = esmith::DomainsDB->open; my @DOM = $domains->get_all_by_prop(type=>"domain"); print( join(" " , map { $_->key } @DOM)) ')
|
||||
hosts=$(perl -Mesmith::HostsDB -e 'my $domains = esmith::HostsDB->open; my @DOM = $domains->get_all_by_prop(type=>"host"); print( join(" " , map { $_->key } @DOM)) ')
|
||||
domainlist="$domains $hosts"
|
||||
fi
|
||||
domainlist=$(echo $domainlist |sort|uniq)
|
||||
|
||||
#list from pihole install script; only ipv4 ones
|
||||
#here we select our
|
||||
dns=$(/sbin/e-smith/db configuration getprop letesencrypt dnscheck||echo "https://cloudflare-dns.com/dns-query,8.8.8.8,8.8.4.4,1.1.1.1,1.0.0.1,208.67.222.222,208.67.220.220,4.2.2.1,4.2.2.2,8.20.247.20,84.200.69.80,84.200.70.40,9.9.9.10,149.112.112.10")
|
||||
# from https://stackoverflow.com/questions/10586153/how-to-split-a-string-into-an-array-in-bash
|
||||
IFS=', ' read -r -a DNS <<< "$dns"
|
||||
RANDOM=$$$(date +%s)
|
||||
x=1
|
||||
#TODO: if only one element skip the random selection
|
||||
while [ $x -le 5 ]; do
|
||||
mydns=${DNS[ $RANDOM % ${#DNS[@]} ]}
|
||||
if [[ $mydns == http* ]] ; then
|
||||
curl -s $mydns >/dev/null
|
||||
if [[ "$?" == "0" ]]; then
|
||||
break
|
||||
fi
|
||||
else
|
||||
nc -z -w2 $mydns 53
|
||||
if [[ "$?" == "0" ]]; then
|
||||
break
|
||||
fi
|
||||
fi
|
||||
x=$(( $x + 1 ))
|
||||
#in case of failure defaulting on a dns over https after 5
|
||||
mydns="https://cloudflare-dns.com/dns-query"
|
||||
done
|
||||
echo "External DNS Server : $mydns"
|
||||
|
||||
MYFORCEDIP=$(/sbin/e-smith/db configuration getprop letesencrypt ExternalIP)
|
||||
# check if gateway or server only
|
||||
MYMODE=$(/sbin/e-smith/db configuration get SystemMode)
|
||||
# check our external ip if gateway, internal else
|
||||
LOCALIP=$(/sbin/e-smith/db configuration get InternalIP)
|
||||
MYIP=$LOCALIP
|
||||
# check the ip suggested by external world that point to us.
|
||||
MYEXTIP=$(/usr/sbin/e-smith/getmyip)
|
||||
|
||||
if [ -z "$MYFORCEDIP" ]; then
|
||||
# we do not expect that a server-only has an ip routable on internet as firewall is not designed for that
|
||||
# but in case, we handle the situation as for ExternalIP in servergateway mode, please write ad hoc rules for masq if you do so...
|
||||
if [[ "$MYMODE" == "servergateway" ]] ; then
|
||||
MYIP=$(/sbin/e-smith/db configuration get ExternalIP);
|
||||
fi
|
||||
if [[ "$MYIP" != "$MYEXTIP" ]] ; then
|
||||
echo "External Interface IP: $MYIP"
|
||||
echo "Detected Wan IP : $MYEXTIP"
|
||||
echo "You seem to be behind a firewall, using the external IP obtained with our test $MYEXTIP"
|
||||
MYIP=$MYEXTIP
|
||||
fi
|
||||
else
|
||||
MYIP=$MYFORCEDIP
|
||||
fi
|
||||
|
||||
echo "============================================================================================="
|
||||
OUTPUT="Domain\tStatus\tMYIP\tA\tLE_status\tLE_previous"
|
||||
# TODO all : check disabled and enabled ; active : check enabled and undef only
|
||||
|
||||
for DOMAIN in $domainlist
|
||||
do
|
||||
# is it a host, a domain or should we ignore it
|
||||
TYPE=$(/sbin/e-smith/db domains gettype $DOMAIN || /sbin/e-smith/db hosts gettype $DOMAIN )
|
||||
if [[ "$TYPE" == "domain" ]] ; then
|
||||
TYPE="domains"
|
||||
elif [[ "$TYPE" == "host" ]] ; then
|
||||
TYPE="hosts"
|
||||
else
|
||||
echo "$DOMAIN is not in domains and not in hosts ($TYPE)"
|
||||
continue
|
||||
fi
|
||||
# do we have a priority ?
|
||||
currentstate=$(/sbin/e-smith/db $TYPE getprop $DOMAIN letsencryptSSLcert || echo "disabled")
|
||||
if [ "$currentstate" != "$todo" -a "$todo" != "all" ] ; then
|
||||
#echo "$DOMAIN skipping, only checking $todo $TYPE"
|
||||
continue
|
||||
fi
|
||||
# https://stackoverflow.com/questions/15268987/bash-based-regex-domain-name-validation
|
||||
if ( ! echo $DOMAIN| grep -P -q '(?=^.{4,253}$)(^(?:[a-zA-Z0-9](?:(?:[a-zA-Z0-9\-]){0,61}[a-zA-Z0-9])?\.)+([a-zA-Z]{2,}|xn--[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])$)' -Z ) ; then
|
||||
if [[ "$currentstate" == "disabled" ]]; then continue; fi
|
||||
echo "$DOMAIN is not a RFC compliant domain, disabling"
|
||||
/sbin/e-smith/db $TYPE setprop $DOMAIN letsencryptSSLcert disabled
|
||||
/sbin/e-smith/db $TYPE delprop $DOMAIN letsencryptMYIP
|
||||
continue
|
||||
fi
|
||||
THISDOMIP=$(/usr/bin/q A @$mydns $DOMAIN -f json |jq -r 'first(.Answers[].A | select( . != null )) // null' 2>/dev/null || /usr/bin/q A @$LOCALIP $DOMAIN -f json |jq -r 'first(.Answers[].A | select( . != null )) // null' 2>/dev/null )
|
||||
previous=$(/sbin/e-smith/db $TYPE getprop $DOMAIN letsencryptSSLcert||echo 'undefined');
|
||||
# if it does not resolve, next
|
||||
if [[ "$THISDOMIP" == "" ]]
|
||||
then
|
||||
OUTPUT="$OUTPUT\n$DOMAIN\tNOK\t$MYIP\tnoip\tdisabled\t$previous"
|
||||
/sbin/e-smith/db $TYPE setprop $DOMAIN letsencryptSSLcert disabled
|
||||
/sbin/e-smith/db $TYPE delprop $DOMAIN letsencryptMYIP
|
||||
continue;
|
||||
fi
|
||||
if [[ "$MYIP" == "$THISDOMIP" ]]
|
||||
then
|
||||
OUTPUT="$OUTPUT\n$DOMAIN\tOK\t$MYIP\t$THISDOMIP\tenabled\t$previous"
|
||||
/sbin/e-smith/db $TYPE setprop $DOMAIN letsencryptSSLcert enabled letsencryptMYIP $THISDOMIP
|
||||
else
|
||||
OUTPUT="$OUTPUT\n$DOMAIN\tNOK\t$MYIP\t$THISDOMIP\tdisabled\t$previous"
|
||||
/sbin/e-smith/db $TYPE setprop $DOMAIN letsencryptSSLcert disabled letsencryptMYIP $THISDOMIP
|
||||
fi
|
||||
sleep 1
|
||||
done
|
||||
printf "%b" $OUTPUT |column -t -s $'\t'
|
||||
|
||||
Reference in New Issue
Block a user