neil
4 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 581 additions and 50 deletions
-
10.github/workflows/dockerhub.yml
-
7README.md
-
59acme.sh
-
123deploy/peplink.sh
-
10dnsapi/dns_dpi.sh
-
184dnsapi/dns_ionos.sh
-
26dnsapi/dns_ispconfig.sh
-
3dnsapi/dns_linode_v4.sh
-
4dnsapi/dns_namecheap.sh
-
156dnsapi/dns_rackcorp.sh
-
49notify/telegram.sh
@ -0,0 +1,123 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Script to deploy cert to Peplink Routers |
|||
# |
|||
# The following environment variables must be set: |
|||
# |
|||
# PEPLINK_Hostname - Peplink hostname |
|||
# PEPLINK_Username - Peplink username to login |
|||
# PEPLINK_Password - Peplink password to login |
|||
# |
|||
# The following environmental variables may be set if you don't like their |
|||
# default values: |
|||
# |
|||
# PEPLINK_Certtype - Certificate type to target for replacement |
|||
# defaults to "webadmin", can be one of: |
|||
# * "chub" (ContentHub) |
|||
# * "openvpn" (OpenVPN CA) |
|||
# * "portal" (Captive Portal SSL) |
|||
# * "webadmin" (Web Admin SSL) |
|||
# * "webproxy" (Proxy Root CA) |
|||
# * "wwan_ca" (Wi-Fi WAN CA) |
|||
# * "wwan_client" (Wi-Fi WAN Client) |
|||
# PEPLINK_Scheme - defaults to "https" |
|||
# PEPLINK_Port - defaults to "443" |
|||
# |
|||
#returns 0 means success, otherwise error. |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
_peplink_get_cookie_data() { |
|||
grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' |
|||
} |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
peplink_deploy() { |
|||
|
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _cfullchain "$_cfullchain" |
|||
_debug _ckey "$_ckey" |
|||
|
|||
# Get Hostname, Username and Password, but don't save until we successfully authenticate |
|||
_getdeployconf PEPLINK_Hostname |
|||
_getdeployconf PEPLINK_Username |
|||
_getdeployconf PEPLINK_Password |
|||
if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then |
|||
_err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set" |
|||
return 1 |
|||
fi |
|||
_debug2 PEPLINK_Hostname "$PEPLINK_Hostname" |
|||
_debug2 PEPLINK_Username "$PEPLINK_Username" |
|||
_secure_debug2 PEPLINK_Password "$PEPLINK_Password" |
|||
|
|||
# Optional certificate type, scheme, and port for Peplink |
|||
_getdeployconf PEPLINK_Certtype |
|||
_getdeployconf PEPLINK_Scheme |
|||
_getdeployconf PEPLINK_Port |
|||
|
|||
# Don't save the certificate type until we verify it exists and is supported |
|||
_savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme" |
|||
_savedeployconf PEPLINK_Port "$PEPLINK_Port" |
|||
|
|||
# Default vaules for certificate type, scheme, and port |
|||
[ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin" |
|||
[ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https" |
|||
[ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443" |
|||
|
|||
_debug2 PEPLINK_Certtype "$PEPLINK_Certtype" |
|||
_debug2 PEPLINK_Scheme "$PEPLINK_Scheme" |
|||
_debug2 PEPLINK_Port "$PEPLINK_Port" |
|||
|
|||
_base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port" |
|||
_debug _base_url "$_base_url" |
|||
|
|||
# Login, get the auth token from the cookie |
|||
_info "Logging into $PEPLINK_Hostname:$PEPLINK_Port" |
|||
encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)" |
|||
encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)" |
|||
response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi") |
|||
auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER") |
|||
_debug3 response "$response" |
|||
_debug auth_token "$auth_token" |
|||
|
|||
if [ -z "$auth_token" ]; then |
|||
_err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme." |
|||
_err "Check your username and password." |
|||
return 1 |
|||
fi |
|||
|
|||
_H1="Cookie: $auth_token" |
|||
export _H1 |
|||
_debug2 H1 "${_H1}" |
|||
|
|||
# Now that we know the hostnameusername and password are good, save them |
|||
_savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname" |
|||
_savedeployconf PEPLINK_Username "$PEPLINK_Username" |
|||
_savedeployconf PEPLINK_Password "$PEPLINK_Password" |
|||
|
|||
_info "Generate form POST request" |
|||
|
|||
encoded_key="$(_url_encode <"$_ckey")" |
|||
encoded_fullchain="$(_url_encode <"$_cfullchain")" |
|||
body="cert_type=$PEPLINK_Certtype&cert_uid=§ion=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain" |
|||
_debug3 body "$body" |
|||
|
|||
_info "Upload $PEPLINK_Certtype certificate to the Peplink" |
|||
|
|||
response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi") |
|||
_debug3 response "$response" |
|||
|
|||
if echo "$response" | grep 'Success' >/dev/null; then |
|||
# We've verified this certificate type is valid, so save it |
|||
_savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype" |
|||
_info "Certificate was updated" |
|||
return 0 |
|||
else |
|||
_err "Unable to update certificate, error code $response" |
|||
return 1 |
|||
fi |
|||
} |
@ -0,0 +1,184 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Supports IONOS DNS API Beta v1.0.0 |
|||
# |
|||
# Usage: |
|||
# Export IONOS_PREFIX and IONOS_SECRET before calling acme.sh: |
|||
# |
|||
# $ export IONOS_PREFIX="..." |
|||
# $ export IONOS_SECRET="..." |
|||
# |
|||
# $ acme.sh --issue --dns dns_ionos ... |
|||
|
|||
IONOS_API="https://api.hosting.ionos.com/dns" |
|||
IONOS_ROUTE_ZONES="/v1/zones" |
|||
|
|||
IONOS_TXT_TTL=60 # minimum accepted by API |
|||
IONOS_TXT_PRIO=10 |
|||
|
|||
dns_ionos_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
if ! _ionos_init; then |
|||
return 1 |
|||
fi |
|||
|
|||
_new_record="{\"name\":\"$_sub_domain.$_domain\",\"type\":\"TXT\",\"content\":\"$txtvalue\",\"ttl\":$IONOS_TXT_TTL,\"prio\":$IONOS_TXT_PRIO,\"disabled\":false}" |
|||
|
|||
# As no POST route is supported by the API, check for existing records and include them in the PATCH request in order not delete them. |
|||
# This is required to support ACME v2 wildcard certificate creation, where two TXT records for the same domain name are created. |
|||
|
|||
_ionos_get_existing_records "$fulldomain" "$_zone_id" |
|||
|
|||
if [ "$_existing_records" ]; then |
|||
_body="[$_new_record,$_existing_records]" |
|||
else |
|||
_body="[$_new_record]" |
|||
fi |
|||
|
|||
if _ionos_rest PATCH "$IONOS_ROUTE_ZONES/$_zone_id" "$_body" && [ -z "$response" ]; then |
|||
_info "TXT record has been created successfully." |
|||
return 0 |
|||
fi |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
dns_ionos_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
if ! _ionos_init; then |
|||
return 1 |
|||
fi |
|||
|
|||
if ! _ionos_get_record "$fulldomain" "$_zone_id" "$txtvalue"; then |
|||
_err "Could not find _acme-challenge TXT record." |
|||
return 1 |
|||
fi |
|||
|
|||
if _ionos_rest DELETE "$IONOS_ROUTE_ZONES/$_zone_id/records/$_record_id" && [ -z "$response" ]; then |
|||
_info "TXT record has been deleted successfully." |
|||
return 0 |
|||
fi |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_ionos_init() { |
|||
IONOS_PREFIX="${IONOS_PREFIX:-$(_readaccountconf_mutable IONOS_PREFIX)}" |
|||
IONOS_SECRET="${IONOS_SECRET:-$(_readaccountconf_mutable IONOS_SECRET)}" |
|||
|
|||
if [ -z "$IONOS_PREFIX" ] || [ -z "$IONOS_SECRET" ]; then |
|||
_err "You didn't specify an IONOS api prefix and secret yet." |
|||
_err "Read https://beta.developer.hosting.ionos.de/docs/getstarted to learn how to get a prefix and secret." |
|||
_err "" |
|||
_err "Then set them before calling acme.sh:" |
|||
_err "\$ export IONOS_PREFIX=\"...\"" |
|||
_err "\$ export IONOS_SECRET=\"...\"" |
|||
_err "\$ acme.sh --issue -d ... --dns dns_ionos" |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable IONOS_PREFIX "$IONOS_PREFIX" |
|||
_saveaccountconf_mutable IONOS_SECRET "$IONOS_SECRET" |
|||
|
|||
if ! _get_root "$fulldomain"; then |
|||
_err "Cannot find this domain in your IONOS account." |
|||
return 1 |
|||
fi |
|||
} |
|||
|
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
|
|||
if _ionos_rest GET "$IONOS_ROUTE_ZONES"; then |
|||
response="$(echo "$response" | tr -d "\n")" |
|||
|
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
if [ -z "$h" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
_zone="$(echo "$response" | _egrep_o "\"name\":\"$h\".*\}")" |
|||
if [ "$_zone" ]; then |
|||
_zone_id=$(printf "%s\n" "$_zone" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') |
|||
if [ "$_zone_id" ]; then |
|||
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain=$h |
|||
|
|||
return 0 |
|||
fi |
|||
|
|||
return 1 |
|||
fi |
|||
|
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
fi |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_ionos_get_existing_records() { |
|||
fulldomain=$1 |
|||
zone_id=$2 |
|||
|
|||
if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then |
|||
response="$(echo "$response" | tr -d "\n")" |
|||
|
|||
_existing_records="$(printf "%s\n" "$response" | _egrep_o "\"records\":\[.*\]" | _head_n 1 | cut -d '[' -f 2 | sed 's/]//')" |
|||
fi |
|||
} |
|||
|
|||
_ionos_get_record() { |
|||
fulldomain=$1 |
|||
zone_id=$2 |
|||
txtrecord=$3 |
|||
|
|||
if _ionos_rest GET "$IONOS_ROUTE_ZONES/$zone_id?recordName=$fulldomain&recordType=TXT"; then |
|||
response="$(echo "$response" | tr -d "\n")" |
|||
|
|||
_record="$(echo "$response" | _egrep_o "\"name\":\"$fulldomain\"[^\}]*\"type\":\"TXT\"[^\}]*\"content\":\"\\\\\"$txtrecord\\\\\"\".*\}")" |
|||
if [ "$_record" ]; then |
|||
_record_id=$(printf "%s\n" "$_record" | _egrep_o "\"id\":\"[a-fA-F0-9\-]*\"" | _head_n 1 | cut -d : -f 2 | tr -d '\"') |
|||
|
|||
return 0 |
|||
fi |
|||
fi |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_ionos_rest() { |
|||
method="$1" |
|||
route="$2" |
|||
data="$3" |
|||
|
|||
IONOS_API_KEY="$(printf "%s.%s" "$IONOS_PREFIX" "$IONOS_SECRET")" |
|||
|
|||
export _H1="X-API-Key: $IONOS_API_KEY" |
|||
|
|||
if [ "$method" != "GET" ]; then |
|||
export _H2="Accept: application/json" |
|||
export _H3="Content-Type: application/json" |
|||
|
|||
response="$(_post "$data" "$IONOS_API$route" "" "$method")" |
|||
else |
|||
export _H2="Accept: */*" |
|||
|
|||
response="$(_get "$IONOS_API$route")" |
|||
fi |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "Error $route" |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
@ -0,0 +1,156 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Provider: RackCorp (www.rackcorp.com) |
|||
# Author: Stephen Dendtler (sdendtler@rackcorp.com) |
|||
# Report Bugs here: https://github.com/senjoo/acme.sh |
|||
# Alternate email contact: support@rackcorp.com |
|||
# |
|||
# You'll need an API key (Portal: ADMINISTRATION -> API) |
|||
# Set the environment variables as below: |
|||
# |
|||
# export RACKCORP_APIUUID="UUIDHERE" |
|||
# export RACKCORP_APISECRET="SECRETHERE" |
|||
# |
|||
|
|||
RACKCORP_API_ENDPOINT="https://api.rackcorp.net/api/rest/v2.4/json.php" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
dns_rackcorp_add() { |
|||
fulldomain="$1" |
|||
txtvalue="$2" |
|||
|
|||
_debug fulldomain="$fulldomain" |
|||
_debug txtvalue="$txtvalue" |
|||
|
|||
if ! _rackcorp_validate; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Searching for root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
_debug _lookup "$_lookup" |
|||
_debug _domain "$_domain" |
|||
|
|||
_info "Creating TXT record." |
|||
|
|||
if ! _rackcorp_api dns.record.create "\"name\":\"$_domain\",\"type\":\"TXT\",\"lookup\":\"$_lookup\",\"data\":\"$txtvalue\",\"ttl\":300"; then |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_rackcorp_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
|
|||
_debug fulldomain="$fulldomain" |
|||
_debug txtvalue="$txtvalue" |
|||
|
|||
if ! _rackcorp_validate; then |
|||
return 1 |
|||
fi |
|||
|
|||
_debug "Searching for root zone" |
|||
if ! _get_root "$fulldomain"; then |
|||
return 1 |
|||
fi |
|||
_debug _lookup "$_lookup" |
|||
_debug _domain "$_domain" |
|||
|
|||
_info "Creating TXT record." |
|||
|
|||
if ! _rackcorp_api dns.record.delete "\"name\":\"$_domain\",\"type\":\"TXT\",\"lookup\":\"$_lookup\",\"data\":\"$txtvalue\""; then |
|||
return 1 |
|||
fi |
|||
|
|||
return 0 |
|||
} |
|||
|
|||
#################### Private functions below ################################## |
|||
#_acme-challenge.domain.com |
|||
#returns |
|||
# _lookup=_acme-challenge |
|||
# _domain=domain.com |
|||
_get_root() { |
|||
domain=$1 |
|||
i=1 |
|||
p=1 |
|||
if ! _rackcorp_api dns.domain.getall "\"name\":\"$domain\""; then |
|||
return 1 |
|||
fi |
|||
while true; do |
|||
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
|||
_debug searchhost "$h" |
|||
if [ -z "$h" ]; then |
|||
_err "Could not find domain for record $domain in RackCorp using the provided credentials" |
|||
#not valid |
|||
return 1 |
|||
fi |
|||
|
|||
_rackcorp_api dns.domain.getall "\"exactName\":\"$h\"" |
|||
|
|||
if _contains "$response" "\"matches\":1"; then |
|||
if _contains "$response" "\"name\":\"$h\""; then |
|||
_lookup=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
|||
_domain="$h" |
|||
return 0 |
|||
fi |
|||
fi |
|||
p=$i |
|||
i=$(_math "$i" + 1) |
|||
done |
|||
|
|||
return 1 |
|||
} |
|||
|
|||
_rackcorp_validate() { |
|||
RACKCORP_APIUUID="${RACKCORP_APIUUID:-$(_readaccountconf_mutable RACKCORP_APIUUID)}" |
|||
if [ -z "$RACKCORP_APIUUID" ]; then |
|||
RACKCORP_APIUUID="" |
|||
_err "You require a RackCorp API UUID (export RACKCORP_APIUUID=\"<api uuid>\")" |
|||
_err "Please login to the portal and create an API key and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable RACKCORP_APIUUID "$RACKCORP_APIUUID" |
|||
|
|||
RACKCORP_APISECRET="${RACKCORP_APISECRET:-$(_readaccountconf_mutable RACKCORP_APISECRET)}" |
|||
if [ -z "$RACKCORP_APISECRET" ]; then |
|||
RACKCORP_APISECRET="" |
|||
_err "You require a RackCorp API secret (export RACKCORP_APISECRET=\"<api secret>\")" |
|||
_err "Please login to the portal and create an API key and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
_saveaccountconf_mutable RACKCORP_APISECRET "$RACKCORP_APISECRET" |
|||
|
|||
return 0 |
|||
} |
|||
_rackcorp_api() { |
|||
_rackcorpcmd=$1 |
|||
_rackcorpinputdata=$2 |
|||
_debug cmd "$_rackcorpcmd $_rackcorpinputdata" |
|||
|
|||
export _H1="Accept: application/json" |
|||
response="$(_post "{\"APIUUID\":\"$RACKCORP_APIUUID\",\"APISECRET\":\"$RACKCORP_APISECRET\",\"cmd\":\"$_rackcorpcmd\",$_rackcorpinputdata}" "$RACKCORP_API_ENDPOINT" "" "POST")" |
|||
|
|||
if [ "$?" != "0" ]; then |
|||
_err "error $response" |
|||
return 1 |
|||
fi |
|||
_debug2 response "$response" |
|||
if _contains "$response" "\"code\":\"OK\""; then |
|||
_debug code "OK" |
|||
else |
|||
_debug code "FAILED" |
|||
response="" |
|||
return 1 |
|||
fi |
|||
return 0 |
|||
} |
@ -0,0 +1,49 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Support Telegram Bots |
|||
|
|||
#TELEGRAM_BOT_APITOKEN="" |
|||
#TELEGRAM_BOT_CHATID="" |
|||
|
|||
telegram_send() { |
|||
_subject="$1" |
|||
_content="$2" |
|||
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
|||
_debug "_statusCode" "$_statusCode" |
|||
|
|||
TELEGRAM_BOT_APITOKEN="${TELEGRAM_BOT_APITOKEN:-$(_readaccountconf_mutable TELEGRAM_BOT_APITOKEN)}" |
|||
if [ -z "$TELEGRAM_BOT_APITOKEN" ]; then |
|||
TELEGRAM_BOT_APITOKEN="" |
|||
_err "You didn't specify a Telegram BOT API Token TELEGRAM_BOT_APITOKEN yet." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable TELEGRAM_BOT_APITOKEN "$TELEGRAM_BOT_APITOKEN" |
|||
|
|||
TELEGRAM_BOT_CHATID="${TELEGRAM_BOT_CHATID:-$(_readaccountconf_mutable TELEGRAM_BOT_CHATID)}" |
|||
if [ -z "$TELEGRAM_BOT_CHATID" ]; then |
|||
TELEGRAM_BOT_CHATID="" |
|||
_err "You didn't specify a Telegram Chat id TELEGRAM_BOT_CHATID yet." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable TELEGRAM_BOT_CHATID "$TELEGRAM_BOT_CHATID" |
|||
|
|||
_content="$(printf "*%s*\n%s" "$_subject" "$_content" | _json_encode)" |
|||
_data="{\"text\": \"$_content\", " |
|||
_data="$_data\"chat_id\": \"$TELEGRAM_BOT_CHATID\", " |
|||
_data="$_data\"parse_mode\": \"markdown\", " |
|||
_data="$_data\"disable_web_page_preview\": \"1\"}" |
|||
|
|||
export _H1="Content-Type: application/json" |
|||
_telegram_bot_url="https://api.telegram.org/bot${TELEGRAM_BOT_APITOKEN}/sendMessage" |
|||
if _post "$_data" "$_telegram_bot_url"; then |
|||
# shellcheck disable=SC2154 |
|||
_message=$(printf "%s\n" "$response" | sed -n 's/.*"ok":\([^,]*\).*/\1/p') |
|||
if [ "$_message" = "true" ]; then |
|||
_info "telegram send success." |
|||
return 0 |
|||
fi |
|||
fi |
|||
_err "telegram send error." |
|||
_err "$response" |
|||
return 1 |
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue