Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2323 Commits
9 Branches
44 Tags
15 MiB
Tree: 2e87cff035
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2e87cff035'
${ noResults }
acme.sh/deploy/ali_slb.sh

166 lines
4.8 KiB
Raw Normal View History

add ali_slb.sh
6 years ago
modify ali_slb.sh, set_slb_server_certificate
6 years ago
add ali_slb.sh
6 years ago
modify ali_slb.sh, set_slb_server_certificate
6 years ago
add ali_slb.sh
6 years ago
modify ali_slb.sh, set_slb_server_certificate
6 years ago
add ali_slb.sh
6 years ago
modify ali_slb.sh, set_slb_server_certificate
6 years ago
add ali_slb.sh
6 years ago
modify ali_slb.sh, set_slb_server_certificate
6 years ago
add ali_slb.sh
6 years ago
modify ali_slb.sh, set_slb_server_certificate
6 years ago
add ali_slb.sh
6 years ago
modify ali_slb.sh, set_slb_server_certificate
6 years ago
add ali_slb.sh
6 years ago
modify ali_slb.sh, set_slb_server_certificate
6 years ago
add ali_slb.sh
6 years ago
modify ali_slb.sh, set_slb_server_certificate
6 years ago
add ali_slb.sh
6 years ago
modify ali_slb.sh, set_slb_server_certificate
6 years ago
add ali_slb.sh
6 years ago
modify ali_slb.sh, set_slb_server_certificate
6 years ago
add ali_slb.sh
6 years ago
  1. #!/bin/bash
  3. # Attention:
  4. #This file name is "ali_slb.sh"
  5. #So, here must be a method ali_slb_deploy()
  6. #Which will be called by acme.sh to deploy the cert
  7. #returns 0 means success, otherwise error.
  9. ######## Public functions #####################
  10. # 参考: https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide
  11. #domain keyfile certfile cafile fullchain
  12. #Ali_SLB_Region="My_SLB_Region"
  13. #Ali_SLB_Access_Id="My_SLB_Access_Id"
  14. #Ali_SLB_Access_Secret="My_SLB_Access_Secret"
  15. Ali_SLB_Domain="https://slb.aliyuncs.com/"
  17. ali_slb_deploy() {
  18. _cdomain="$1"
  19. _ckey="$2"
  20. _ccert="$3"
  21. _cca="$4"
  22. _cfullchain="$5"
  24. _debug _cdomain "$_cdomain"
  25. _debug _ckey "$_ckey"
  26. _debug _ccert "$_ccert"
  27. _debug _cca "$_cca"
  28. _debug _cfullchain "$_cfullchain"
  30. if [ -z "$Ali_SLB_Access_Id" ] || [ -z "$Ali_SLB_Access_Secret" ]; then
  31. Ali_SLB_Access_Id=""
  32. Ali_SLB_Access_Secret=""
  33. _err "You don't specify aliyun api key and secret yet."
  34. return 1
  35. fi
  37. #save the api key and secret to the account conf file.
  38. _saveaccountconf_mutable Ali_SLB_Access_Id "$Ali_SLB_Access_Id"
  39. _saveaccountconf_mutable Ali_SLB_Access_Secret "$Ali_SLB_Access_Secret"
  41. #_ali_regions && _ali_rest "Regions"
  42. _add_slb_ca_query "$_ckey" "$_cfullchain" && _ali_rest "Upload Server Certificate"
  44. #returns 0 means success, otherwise error.
  45. return 0
  46. }
  48. ######## Private functions #####################
  49. _ali_rest() {
  51. signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_SLB_Access_Secret&" | _hex_dump | tr -d " ")" | _base64)
  52. signature=$(_ali_urlencode "$signature")
  53. url="$Ali_SLB_Domain?$query&Signature=$signature"
  54. if ! response="$(_get "$url" "" 3000)"; then
  55. _err "Error <$1>"
  56. return 1
  57. fi
  59. if [ -z "$2" ]; then
  60. message="$(printf "%s" "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")"
  61. if [ -n "$message" ]; then
  62. _err "$message"
  63. return 1
  64. fi
  65. fi
  67. _debug response "$response"
  69. # 上传证书成功, 将证书绑定到监听端口443
  70. _set_slb_server_certificate && _ali_set_slb_server_certificate "Set Server Certificate on port 443"
  72. return 0
  73. }
  75. _ali_set_slb_server_certificate() {
  77. signature=$(printf "%s" "GET&%2F&$(_ali_urlencode "$query")" | _hmac "sha1" "$(printf "%s" "$Ali_SLB_Access_Secret&" | _hex_dump | tr -d " ")" | _base64)
  78. signature=$(_ali_urlencode "$signature")
  79. url="$Ali_SLB_Domain?$query&Signature=$signature"
  80. if ! response="$(_get "$url" "" 3000)"; then
  81. _err "Error <$1>"
  82. return 1
  83. fi
  85. if [ -z "$2" ]; then
  86. message="$(printf "%s" "$response" | _egrep_o "\"Message\":\"[^\"]*\"" | cut -d : -f 2 | tr -d \")"
  87. if [ -n "$message" ]; then
  88. _err "$message"
  89. return 1
  90. fi
  91. fi
  93. _debug response "$response"
  94. return 0
  95. }
  97. _ali_urlencode() {
  98. echo $(php -r "echo str_replace(['+','*','%7E'], ['%20','%2A','~'], urlencode(\"$1\"));")
  99. }
  101. _ali_nonce() {
  102. date +"%s%N"
  103. }
  105. _ali_regions() {
  106. query=''
  107. query=$query'AccessKeyId='$Ali_Api_Key
  108. query=$query'&Action=DescribeRegions'
  109. query=$query'&Format=json'
  110. query=$query'&SignatureMethod=HMAC-SHA1'
  111. query=$query'&SignatureNonce='$(_ali_nonce)
  112. query=$query'&SignatureVersion=1.0'
  113. query=$query'&Timestamp='$(_timestamp)
  114. query=$query'&Version=2014-05-15'
  115. }
  117. #_add_slb_ca_query "$_ckey" "$_cfullchain"
  118. _add_slb_ca_query() {
  119. ca_key=$(_readfile "$1")
  120. ca_cert=$(_readfile "$2")
  121. query=''
  122. query=$query'&Action=UploadServerCertificate'
  123. query=$query'&RegionId='$Ali_SLB_Region
  124. query=$query'&ServerCertificate='$ca_cert
  125. query=$query'&ServerCertificateName='$(_date)
  126. query=$query'&Format=json'
  127. query=$query'&PrivateKey='$ca_key
  128. query=$query'&SignatureMethod=HMAC-SHA1'
  129. query=$query'&Timestamp='$(_timestamp)
  130. query=$query'&SignatureVersion=1.0'
  131. query=$query'&SignatureNonce='$(_ali_nonce)
  132. query=$query'AccessKeyId='$Ali_Api_Key
  133. query=$query'&Version=2014-05-15'
  134. }
  136. #_add_slb_ca_query "$_ckey" "$_cfullchain"
  137. _set_slb_server_certificate() {
  138. ca_key=$(_readfile "$1")
  139. ca_cert=$(_readfile "$2")
  140. query=''
  141. query=$query'&Action=SetLoadBalancerHTTPSListenerAttribute'
  142. query=$query'&RegionId='$Ali_SLB_Region
  143. query=$query'LoadBalancerId=lb-t4nj5vuz8ish9emfk1f20'
  144. query=$query'ListenerPort=443'
  145. query=$query'ServerCertificateId=1231579085529123_15dbf6ff26f_1991415478_2054196746'
  146. query=$query'Bandwidth=-1'
  147. query=$query'StickySession=on'
  148. query=$query'StickySessionType=insert'
  149. query=$query'HealthCheck=on'
  150. query=$query'&Version=2014-05-15'
  151. query=$query'AccessKeyId='$Ali_Api_Key
  152. query=$query'&SignatureMethod=HMAC-SHA1'
  153. query=$query'&Timestamp='$(_timestamp)
  154. query=$query'&SignatureVersion=1.0'
  155. query=$query'&SignatureNonce='$(_ali_nonce)
  156. }
  157. _readfile() {
  158. echo $(php -r "echo str_replace(['+','*','%7E'], ['%20','%2A','~'], urlencode(file_get_contents(\"$1\")));")
  159. }
  161. _timestamp() {
  162. date -u +"%Y-%m-%dT%H%%3A%M%%3A%SZ"
  163. }
  165. _date() {
  166. date -u +"%Y%m%d"
  167. }