Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5751 Commits
8 Branches
43 Tags
27 MiB
Tree: 0c2d7b9c06
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0c2d7b9c06'
${ noResults }
acme.sh/deploy/strongswan.sh

98 lines
2.6 KiB
Raw Normal View History

Create strongswan.sh
7 years ago
Add swanctl support
4 days ago
support both debian and redhat
7 years ago
Add swanctl support
4 days ago
support both debian and redhat
7 years ago
Add swanctl support
4 days ago
support both debian and redhat
7 years ago
Add swanctl support
4 days ago
support both debian and redhat
7 years ago
Add swanctl support
4 days ago
support both debian and redhat
7 years ago
Add swanctl support
4 days ago
support both debian and redhat
7 years ago
Add swanctl support
4 days ago
Create strongswan.sh
7 years ago
  1. #!/usr/bin/env sh
  3. #Here is a sample custom api script.
  4. #This file name is "myapi.sh"
  5. #So, here must be a method myapi_deploy()
  6. #Which will be called by acme.sh to deploy the cert
  7. #returns 0 means success, otherwise error.
  9. ######## Public functions #####################
  11. #domain keyfile certfile cafile fullchain
  12. strongswan_deploy() {
  13. _cdomain="${1}"
  14. _ckey="${2}"
  15. _ccert="${3}"
  16. _cca="${4}"
  17. _cfullchain="${5}"
  18. _info "Using strongswan"
  19. if _exists ipsec; then
  20. _ipsec=ipsec
  21. elif _exists strongswan; then
  22. _ipsec=strongswan
  23. fi
  24. if _exists swanctl; then
  25. _swanctl=swanctl
  26. fi
  27. # For legacy stroke mode
  28. if [ -n "${_ipsec}" ]; then
  29. _info "${_ipsec} command detected"
  30. _confdir=$(${_ipsec} --confdir)
  31. if [ -z "${_confdir}" ]; then
  32. _err "no strongswan --confdir is detected"
  33. return 1
  34. fi
  35. _info _confdir "${_confdir}"
  36. __deploy_cert "$@" "stroke" "${_confdir}"
  37. ${_ipsec} reload
  38. fi
  39. # For modern vici mode
  40. if [ -n "${_swanctl}" ]; then
  41. _info "${_swanctl} command detected"
  42. for _dir in /usr/local/etc/swanctl /etc/swanctl /etc/strongswan/swanctl; do
  43. if [ -d ${_dir} ]; then
  44. _confdir=${_dir}
  45. _info _confdir "${_confdir}"
  46. break
  47. fi
  48. done
  49. if [ -z "${_confdir}" ]; then
  50. _err "no swanctl config dir is found"
  51. return 1
  52. fi
  53. __deploy_cert "$@" "vici" "${_confdir}"
  54. ${_swanctl} --load-creds
  55. fi
  56. if [ -z "${_swanctl}" ] && [ -z "${_ipsec}" ]; then
  57. _err "no strongswan or ipsec command is detected"
  58. _err "no swanctl is detected"
  59. return 1
  60. fi
  61. }
  63. #################### Private functions below ##################################
  65. __deploy_cert() {
  66. _cdomain="${1}"
  67. _ckey="${2}"
  68. _ccert="${3}"
  69. _cca="${4}"
  70. _cfullchain="${5}"
  71. _swan_mode="${6}"
  72. _confdir="${7}"
  73. _debug _cdomain "${_cdomain}"
  74. _debug _ckey "${_ckey}"
  75. _debug _ccert "${_ccert}"
  76. _debug _cca "${_cca}"
  77. _debug _cfullchain "${_cfullchain}"
  78. _debug _swan_mode "${_swan_mode}"
  79. _debug _confdir "${_confdir}"
  80. if [ "${_swan_mode}" = "vici" ]; then
  81. _dir_private="private"
  82. _dir_cert="x509"
  83. _dir_ca="x509ca"
  84. elif [ "${_swan_mode}" = "stroke" ]; then
  85. _dir_private="ipsec.d/private"
  86. _dir_cert="ipsec.d/certs"
  87. _dir_ca="ipsec.d/cacerts"
  88. else
  89. _err "unknown StrongSwan mode ${_swan_mode}"
  90. return 1
  91. fi
  92. cat "${_ckey}" >"${_confdir}/${_dir_private}/$(basename "${_ckey}")"
  93. cat "${_ccert}" >"${_confdir}/${_dir_cert}/$(basename "${_ccert}")"
  94. cat "${_cca}" >"${_confdir}/${_dir_ca}/$(basename "${_cca}")"
  95. if [ "${_swan_mode}" = "stroke" ]; then
  96. cat "${_cfullchain}" >"${_confdir}/${_dir_ca}/$(basename "${_cfullchain}")"
  97. fi
  98. }