fradev
3 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
27 changed files with 1020 additions and 112 deletions
-
18.github/workflows/DNS.yml
-
11.github/workflows/FreeBSD.yml
-
3.github/workflows/Linux.yml
-
3.github/workflows/MacOS.yml
-
23.github/workflows/PebbleStrict.yml
-
9.github/workflows/Solaris.yml
-
3.github/workflows/Ubuntu.yml
-
7.github/workflows/Windows.yml
-
1Dockerfile
-
145acme.sh
-
25deploy/haproxy.sh
-
2deploy/kong.sh
-
280deploy/lighttpd.sh
-
27deploy/ssh.sh
-
1deploy/synology_dsm.sh
-
77dnsapi/dns_1984hosting.sh
-
159dnsapi/dns_cpanel.sh
-
5dnsapi/dns_gcloud.sh
-
2dnsapi/dns_he.sh
-
8dnsapi/dns_netcup.sh
-
5dnsapi/dns_rackspace.sh
-
158dnsapi/dns_veesp.sh
-
14dnsapi/dns_world4you.sh
-
51notify/bark.sh
-
48notify/feishu.sh
-
3notify/mail.sh
-
44notify/pushbullet.sh
@ -0,0 +1,280 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Script for acme.sh to deploy certificates to lighttpd |
||||
|
# |
||||
|
# The following variables can be exported: |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_PEM_NAME="${domain}.pem" |
||||
|
# |
||||
|
# Defines the name of the PEM file. |
||||
|
# Defaults to "<domain>.pem" |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_PEM_PATH="/etc/lighttpd" |
||||
|
# |
||||
|
# Defines location of PEM file for Lighttpd. |
||||
|
# Defaults to /etc/lighttpd |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_RELOAD="systemctl reload lighttpd" |
||||
|
# |
||||
|
# OPTIONAL: Reload command used post deploy |
||||
|
# This defaults to be a no-op (ie "true"). |
||||
|
# It is strongly recommended to set this something that makes sense |
||||
|
# for your distro. |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_ISSUER="yes" |
||||
|
# |
||||
|
# OPTIONAL: Places CA file as "${DEPLOY_LIGHTTPD_PEM}.issuer" |
||||
|
# Note: Required for OCSP stapling to work |
||||
|
# |
||||
|
# export DEPLOY_LIGHTTPD_BUNDLE="no" |
||||
|
# |
||||
|
# OPTIONAL: Deploy this certificate as part of a multi-cert bundle |
||||
|
# This adds a suffix to the certificate based on the certificate type |
||||
|
# eg RSA certificates will have .rsa as a suffix to the file name |
||||
|
# Lighttpd will load all certificates and provide one or the other |
||||
|
# depending on client capabilities |
||||
|
# Note: This functionality requires Lighttpd was compiled against |
||||
|
# a version of OpenSSL that supports this. |
||||
|
# |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#domain keyfile certfile cafile fullchain |
||||
|
lighttpd_deploy() { |
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
# Some defaults |
||||
|
DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT="/etc/lighttpd" |
||||
|
DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT="${_cdomain}.pem" |
||||
|
DEPLOY_LIGHTTPD_BUNDLE_DEFAULT="no" |
||||
|
DEPLOY_LIGHTTPD_ISSUER_DEFAULT="yes" |
||||
|
DEPLOY_LIGHTTPD_RELOAD_DEFAULT="true" |
||||
|
|
||||
|
_debug _cdomain "${_cdomain}" |
||||
|
_debug _ckey "${_ckey}" |
||||
|
_debug _ccert "${_ccert}" |
||||
|
_debug _cca "${_cca}" |
||||
|
_debug _cfullchain "${_cfullchain}" |
||||
|
|
||||
|
# PEM_PATH is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_PEM_PATH |
||||
|
_debug2 DEPLOY_LIGHTTPD_PEM_PATH "${DEPLOY_LIGHTTPD_PEM_PATH}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_PEM_PATH}" ]; then |
||||
|
Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_pem_path "${Le_Deploy_lighttpd_pem_path}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_pem_path}" ]; then |
||||
|
Le_Deploy_lighttpd_pem_path="${DEPLOY_LIGHTTPD_PEM_PATH_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# Ensure PEM_PATH exists |
||||
|
if [ -d "${Le_Deploy_lighttpd_pem_path}" ]; then |
||||
|
_debug "PEM_PATH ${Le_Deploy_lighttpd_pem_path} exists" |
||||
|
else |
||||
|
_err "PEM_PATH ${Le_Deploy_lighttpd_pem_path} does not exist" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# PEM_NAME is optional. If not provided then assume "${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_PEM_NAME |
||||
|
_debug2 DEPLOY_LIGHTTPD_PEM_NAME "${DEPLOY_LIGHTTPD_PEM_NAME}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_PEM_NAME}" ]; then |
||||
|
Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_pem_name "${Le_Deploy_lighttpd_pem_name}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_pem_name}" ]; then |
||||
|
Le_Deploy_lighttpd_pem_name="${DEPLOY_LIGHTTPD_PEM_NAME_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# BUNDLE is optional. If not provided then assume "${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_BUNDLE |
||||
|
_debug2 DEPLOY_LIGHTTPD_BUNDLE "${DEPLOY_LIGHTTPD_BUNDLE}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_BUNDLE}" ]; then |
||||
|
Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_bundle "${Le_Deploy_lighttpd_bundle}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_bundle}" ]; then |
||||
|
Le_Deploy_lighttpd_bundle="${DEPLOY_LIGHTTPD_BUNDLE_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# ISSUER is optional. If not provided then assume "${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_ISSUER |
||||
|
_debug2 DEPLOY_LIGHTTPD_ISSUER "${DEPLOY_LIGHTTPD_ISSUER}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_ISSUER}" ]; then |
||||
|
Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_issuer "${Le_Deploy_lighttpd_issuer}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_issuer}" ]; then |
||||
|
Le_Deploy_lighttpd_issuer="${DEPLOY_LIGHTTPD_ISSUER_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# RELOAD is optional. If not provided then assume "${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}" |
||||
|
_getdeployconf DEPLOY_LIGHTTPD_RELOAD |
||||
|
_debug2 DEPLOY_LIGHTTPD_RELOAD "${DEPLOY_LIGHTTPD_RELOAD}" |
||||
|
if [ -n "${DEPLOY_LIGHTTPD_RELOAD}" ]; then |
||||
|
Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD}" |
||||
|
_savedomainconf Le_Deploy_lighttpd_reload "${Le_Deploy_lighttpd_reload}" |
||||
|
elif [ -z "${Le_Deploy_lighttpd_reload}" ]; then |
||||
|
Le_Deploy_lighttpd_reload="${DEPLOY_LIGHTTPD_RELOAD_DEFAULT}" |
||||
|
fi |
||||
|
|
||||
|
# Set the suffix depending if we are creating a bundle or not |
||||
|
if [ "${Le_Deploy_lighttpd_bundle}" = "yes" ]; then |
||||
|
_info "Bundle creation requested" |
||||
|
# Initialise $Le_Keylength if its not already set |
||||
|
if [ -z "${Le_Keylength}" ]; then |
||||
|
Le_Keylength="" |
||||
|
fi |
||||
|
if _isEccKey "${Le_Keylength}"; then |
||||
|
_info "ECC key type detected" |
||||
|
_suffix=".ecdsa" |
||||
|
else |
||||
|
_info "RSA key type detected" |
||||
|
_suffix=".rsa" |
||||
|
fi |
||||
|
else |
||||
|
_suffix="" |
||||
|
fi |
||||
|
_debug _suffix "${_suffix}" |
||||
|
|
||||
|
# Set variables for later |
||||
|
_pem="${Le_Deploy_lighttpd_pem_path}/${Le_Deploy_lighttpd_pem_name}${_suffix}" |
||||
|
_issuer="${_pem}.issuer" |
||||
|
_ocsp="${_pem}.ocsp" |
||||
|
_reload="${Le_Deploy_lighttpd_reload}" |
||||
|
|
||||
|
_info "Deploying PEM file" |
||||
|
# Create a temporary PEM file |
||||
|
_temppem="$(_mktemp)" |
||||
|
_debug _temppem "${_temppem}" |
||||
|
cat "${_ckey}" "${_ccert}" "${_cca}" >"${_temppem}" |
||||
|
_ret="$?" |
||||
|
|
||||
|
# Check that we could create the temporary file |
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Error code ${_ret} returned during PEM file creation" |
||||
|
[ -f "${_temppem}" ] && rm -f "${_temppem}" |
||||
|
return ${_ret} |
||||
|
fi |
||||
|
|
||||
|
# Move PEM file into place |
||||
|
_info "Moving new certificate into place" |
||||
|
_debug _pem "${_pem}" |
||||
|
cat "${_temppem}" >"${_pem}" |
||||
|
_ret=$? |
||||
|
|
||||
|
# Clean up temp file |
||||
|
[ -f "${_temppem}" ] && rm -f "${_temppem}" |
||||
|
|
||||
|
# Deal with any failure of moving PEM file into place |
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Error code ${_ret} returned while moving new certificate into place" |
||||
|
return ${_ret} |
||||
|
fi |
||||
|
|
||||
|
# Update .issuer file if requested |
||||
|
if [ "${Le_Deploy_lighttpd_issuer}" = "yes" ]; then |
||||
|
_info "Updating .issuer file" |
||||
|
_debug _issuer "${_issuer}" |
||||
|
cat "${_cca}" >"${_issuer}" |
||||
|
_ret="$?" |
||||
|
|
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Error code ${_ret} returned while copying issuer/CA certificate into place" |
||||
|
return ${_ret} |
||||
|
fi |
||||
|
else |
||||
|
[ -f "${_issuer}" ] && _err "Issuer file update not requested but .issuer file exists" |
||||
|
fi |
||||
|
|
||||
|
# Update .ocsp file if certificate was requested with --ocsp/--ocsp-must-staple option |
||||
|
if [ -z "${Le_OCSP_Staple}" ]; then |
||||
|
Le_OCSP_Staple="0" |
||||
|
fi |
||||
|
if [ "${Le_OCSP_Staple}" = "1" ]; then |
||||
|
_info "Updating OCSP stapling info" |
||||
|
_debug _ocsp "${_ocsp}" |
||||
|
_info "Extracting OCSP URL" |
||||
|
_ocsp_url=$(${ACME_OPENSSL_BIN:-openssl} x509 -noout -ocsp_uri -in "${_pem}") |
||||
|
_debug _ocsp_url "${_ocsp_url}" |
||||
|
|
||||
|
# Only process OCSP if URL was present |
||||
|
if [ "${_ocsp_url}" != "" ]; then |
||||
|
# Extract the hostname from the OCSP URL |
||||
|
_info "Extracting OCSP URL" |
||||
|
_ocsp_host=$(echo "${_ocsp_url}" | cut -d/ -f3) |
||||
|
_debug _ocsp_host "${_ocsp_host}" |
||||
|
|
||||
|
# Only process the certificate if we have a .issuer file |
||||
|
if [ -r "${_issuer}" ]; then |
||||
|
# Check if issuer cert is also a root CA cert |
||||
|
_subjectdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) |
||||
|
_debug _subjectdn "${_subjectdn}" |
||||
|
_issuerdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) |
||||
|
_debug _issuerdn "${_issuerdn}" |
||||
|
_info "Requesting OCSP response" |
||||
|
# If the issuer is a CA cert then our command line has "-CAfile" added |
||||
|
if [ "${_subjectdn}" = "${_issuerdn}" ]; then |
||||
|
_cafile_argument="-CAfile \"${_issuer}\"" |
||||
|
else |
||||
|
_cafile_argument="" |
||||
|
fi |
||||
|
_debug _cafile_argument "${_cafile_argument}" |
||||
|
# if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed |
||||
|
_openssl_version=$(${ACME_OPENSSL_BIN:-openssl} version | cut -d' ' -f2) |
||||
|
_debug _openssl_version "${_openssl_version}" |
||||
|
_openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1) |
||||
|
_openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2) |
||||
|
if [ "${_openssl_major}" -eq "1" ] && [ "${_openssl_minor}" -ge "1" ] || [ "${_openssl_major}" -ge "2" ]; then |
||||
|
_header_sep="=" |
||||
|
else |
||||
|
_header_sep=" " |
||||
|
fi |
||||
|
# Request the OCSP response from the issuer and store it |
||||
|
_openssl_ocsp_cmd="${ACME_OPENSSL_BIN:-openssl} ocsp \ |
||||
|
-issuer \"${_issuer}\" \ |
||||
|
-cert \"${_pem}\" \ |
||||
|
-url \"${_ocsp_url}\" \ |
||||
|
-header Host${_header_sep}\"${_ocsp_host}\" \ |
||||
|
-respout \"${_ocsp}\" \ |
||||
|
-verify_other \"${_issuer}\" \ |
||||
|
${_cafile_argument} \ |
||||
|
| grep -q \"${_pem}: good\"" |
||||
|
_debug _openssl_ocsp_cmd "${_openssl_ocsp_cmd}" |
||||
|
eval "${_openssl_ocsp_cmd}" |
||||
|
_ret=$? |
||||
|
else |
||||
|
# Non fatal: No issuer file was present so no OCSP stapling file created |
||||
|
_err "OCSP stapling in use but no .issuer file was present" |
||||
|
fi |
||||
|
else |
||||
|
# Non fatal: No OCSP url was found int the certificate |
||||
|
_err "OCSP update requested but no OCSP URL was found in certificate" |
||||
|
fi |
||||
|
|
||||
|
# Non fatal: Check return code of openssl command |
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Updating OCSP stapling failed with return code ${_ret}" |
||||
|
fi |
||||
|
else |
||||
|
# An OCSP file was already present but certificate did not have OCSP extension |
||||
|
if [ -f "${_ocsp}" ]; then |
||||
|
_err "OCSP was not requested but .ocsp file exists." |
||||
|
# Could remove the file at this step, although Lighttpd just ignores it in this case |
||||
|
# rm -f "${_ocsp}" || _err "Problem removing stale .ocsp file" |
||||
|
fi |
||||
|
fi |
||||
|
|
||||
|
# Reload Lighttpd |
||||
|
_debug _reload "${_reload}" |
||||
|
eval "${_reload}" |
||||
|
_ret=$? |
||||
|
if [ "${_ret}" != "0" ]; then |
||||
|
_err "Error code ${_ret} during reload" |
||||
|
return ${_ret} |
||||
|
else |
||||
|
_info "Reload successful" |
||||
|
fi |
||||
|
|
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,159 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
# |
||||
|
#Author: Bjarne Saltbaek |
||||
|
#Report Bugs here: https://github.com/acmesh-official/acme.sh/issues/3732 |
||||
|
# |
||||
|
# |
||||
|
######## Public functions ##################### |
||||
|
# |
||||
|
# Export CPANEL username,api token and hostname in the following variables |
||||
|
# |
||||
|
# cPanel_Username=username |
||||
|
# cPanel_Apitoken=apitoken |
||||
|
# cPanel_Hostname=hostname |
||||
|
# |
||||
|
# Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
# Used to add txt record |
||||
|
dns_cpanel_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_info "Adding TXT record to cPanel based system" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
_debug cPanel_Username "$cPanel_Username" |
||||
|
_debug cPanel_Apitoken "$cPanel_Apitoken" |
||||
|
_debug cPanel_Hostname "$cPanel_Hostname" |
||||
|
|
||||
|
if ! _cpanel_login; then |
||||
|
_err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "No matching root domain for $fulldomain found" |
||||
|
return 1 |
||||
|
fi |
||||
|
# adding entry |
||||
|
_info "Adding the entry" |
||||
|
stripped_fulldomain=$(echo "$fulldomain" | sed "s/.$_domain//") |
||||
|
_debug "Adding $stripped_fulldomain to $_domain zone" |
||||
|
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=add_zone_record&domain=$_domain&name=$stripped_fulldomain&type=TXT&txtdata=$txtvalue&ttl=1" |
||||
|
if _successful_update; then return 0; fi |
||||
|
_err "Couldn't create entry!" |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
# Usage: fulldomain txtvalue |
||||
|
# Used to remove the txt record after validation |
||||
|
dns_cpanel_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
_info "Using cPanel based system" |
||||
|
_debug fulldomain "$fulldomain" |
||||
|
_debug txtvalue "$txtvalue" |
||||
|
|
||||
|
if ! _cpanel_login; then |
||||
|
_err "cPanel Login failed for user $cPanel_Username. Check $HTTP_HEADER file" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! _get_root; then |
||||
|
_err "No matching root domain for $fulldomain found" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_findentry "$fulldomain" "$txtvalue" |
||||
|
if [ -z "$_id" ]; then |
||||
|
_info "Entry doesn't exist, nothing to delete" |
||||
|
return 0 |
||||
|
fi |
||||
|
_debug "Deleting record..." |
||||
|
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=remove_zone_record&domain=$_domain&line=$_id" |
||||
|
# removing entry |
||||
|
_debug "_result is: $_result" |
||||
|
|
||||
|
if _successful_update; then return 0; fi |
||||
|
_err "Couldn't delete entry!" |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
|
||||
|
_checkcredentials() { |
||||
|
cPanel_Username="${cPanel_Username:-$(_readaccountconf_mutable cPanel_Username)}" |
||||
|
cPanel_Apitoken="${cPanel_Apitoken:-$(_readaccountconf_mutable cPanel_Apitoken)}" |
||||
|
cPanel_Hostname="${cPanel_Hostname:-$(_readaccountconf_mutable cPanel_Hostname)}" |
||||
|
|
||||
|
if [ -z "$cPanel_Username" ] || [ -z "$cPanel_Apitoken" ] || [ -z "$cPanel_Hostname" ]; then |
||||
|
cPanel_Username="" |
||||
|
cPanel_Apitoken="" |
||||
|
cPanel_Hostname="" |
||||
|
_err "You haven't specified cPanel username, apitoken and hostname yet." |
||||
|
_err "Please add credentials and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
#save the credentials to the account conf file. |
||||
|
_saveaccountconf_mutable cPanel_Username "$cPanel_Username" |
||||
|
_saveaccountconf_mutable cPanel_Apitoken "$cPanel_Apitoken" |
||||
|
_saveaccountconf_mutable cPanel_Hostname "$cPanel_Hostname" |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_cpanel_login() { |
||||
|
if ! _checkcredentials; then return 1; fi |
||||
|
|
||||
|
if ! _myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=CustInfo&cpanel_jsonapi_func=displaycontactinfo"; then |
||||
|
_err "cPanel login failed for user $cPanel_Username." |
||||
|
return 1 |
||||
|
fi |
||||
|
return 0 |
||||
|
} |
||||
|
|
||||
|
_myget() { |
||||
|
#Adds auth header to request |
||||
|
export _H1="Authorization: cpanel $cPanel_Username:$cPanel_Apitoken" |
||||
|
_result=$(_get "$cPanel_Hostname/$1") |
||||
|
} |
||||
|
|
||||
|
_get_root() { |
||||
|
_myget 'json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzones' |
||||
|
_domains=$(echo "$_result" | sed 's/.*\(zones.*\[\).*/\1/' | cut -d':' -f2 | sed 's/"//g' | sed 's/{//g') |
||||
|
_debug "_result is: $_result" |
||||
|
_debug "_domains is: $_domains" |
||||
|
if [ -z "$_domains" ]; then |
||||
|
_err "Primary domain list not found!" |
||||
|
return 1 |
||||
|
fi |
||||
|
for _domain in $_domains; do |
||||
|
_debug "Checking if $fulldomain ends with $_domain" |
||||
|
if (_endswith "$fulldomain" "$_domain"); then |
||||
|
_debug "Root domain: $_domain" |
||||
|
return 0 |
||||
|
fi |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_successful_update() { |
||||
|
if (echo "$_result" | grep -q 'newserial'); then return 0; fi |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
_findentry() { |
||||
|
_debug "In _findentry" |
||||
|
#returns id of dns entry, if it exists |
||||
|
_myget "json-api/cpanel?cpanel_jsonapi_apiversion=2&cpanel_jsonapi_module=ZoneEdit&cpanel_jsonapi_func=fetchzone_records&domain=$_domain" |
||||
|
_id=$(echo "$_result" | sed "s/.*\(line.*$fulldomain.*$txtvalue\).*/\1/" | cut -d ':' -f 2 | cut -d ',' -f 1) |
||||
|
_debug "_result is: $_result" |
||||
|
_debug "fulldomain. is $fulldomain." |
||||
|
_debug "txtvalue is $txtvalue" |
||||
|
_debug "_id is: $_id" |
||||
|
if [ -n "$_id" ]; then |
||||
|
_debug "Entry found with _id=$_id" |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
} |
@ -0,0 +1,158 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# bug reports to stepan@plyask.in |
||||
|
|
||||
|
# |
||||
|
# export VEESP_User="username" |
||||
|
# export VEESP_Password="password" |
||||
|
|
||||
|
VEESP_Api="https://secure.veesp.com/api" |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#Usage: add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
||||
|
dns_veesp_add() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
VEESP_Password="${VEESP_Password:-$(_readaccountconf_mutable VEESP_Password)}" |
||||
|
VEESP_User="${VEESP_User:-$(_readaccountconf_mutable VEESP_User)}" |
||||
|
VEESP_auth=$(printf "%s" "$VEESP_User:$VEESP_Password" | _base64) |
||||
|
|
||||
|
if [ -z "$VEESP_Password" ] || [ -z "$VEESP_User" ]; then |
||||
|
VEESP_Password="" |
||||
|
VEESP_User="" |
||||
|
_err "You don't specify veesp api key and email yet." |
||||
|
_err "Please create you key and try again." |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
#save the api key and email to the account conf file. |
||||
|
_saveaccountconf_mutable VEESP_Password "$VEESP_Password" |
||||
|
_saveaccountconf_mutable VEESP_User "$VEESP_User" |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_info "Adding record" |
||||
|
if VEESP_rest POST "service/$_service_id/dns/$_domain_id/records" "{\"name\":\"$fulldomain\",\"ttl\":1,\"priority\":0,\"type\":\"TXT\",\"content\":\"$txtvalue\"}"; then |
||||
|
if _contains "$response" "\"success\":true"; then |
||||
|
_info "Added" |
||||
|
#todo: check if the record takes effect |
||||
|
return 0 |
||||
|
else |
||||
|
_err "Add txt record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
# Usage: fulldomain txtvalue |
||||
|
# Used to remove the txt record after validation |
||||
|
dns_veesp_rm() { |
||||
|
fulldomain=$1 |
||||
|
txtvalue=$2 |
||||
|
|
||||
|
VEESP_Password="${VEESP_Password:-$(_readaccountconf_mutable VEESP_Password)}" |
||||
|
VEESP_User="${VEESP_User:-$(_readaccountconf_mutable VEESP_User)}" |
||||
|
VEESP_auth=$(printf "%s" "$VEESP_User:$VEESP_Password" | _base64) |
||||
|
|
||||
|
_debug "First detect the root zone" |
||||
|
if ! _get_root "$fulldomain"; then |
||||
|
_err "invalid domain" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_debug _sub_domain "$_sub_domain" |
||||
|
_debug _domain "$_domain" |
||||
|
|
||||
|
_debug "Getting txt records" |
||||
|
VEESP_rest GET "service/$_service_id/dns/$_domain_id" |
||||
|
|
||||
|
count=$(printf "%s\n" "$response" | _egrep_o "\"type\":\"TXT\",\"content\":\".\"$txtvalue.\"\"" | wc -l | tr -d " ") |
||||
|
_debug count "$count" |
||||
|
if [ "$count" = "0" ]; then |
||||
|
_info "Don't need to remove." |
||||
|
else |
||||
|
record_id=$(printf "%s\n" "$response" | _egrep_o "{\"id\":[^}]*\"type\":\"TXT\",\"content\":\".\"$txtvalue.\"\"" | cut -d\" -f4) |
||||
|
_debug "record_id" "$record_id" |
||||
|
if [ -z "$record_id" ]; then |
||||
|
_err "Can not get record id to remove." |
||||
|
return 1 |
||||
|
fi |
||||
|
if ! VEESP_rest DELETE "service/$_service_id/dns/$_domain_id/records/$record_id"; then |
||||
|
_err "Delete record error." |
||||
|
return 1 |
||||
|
fi |
||||
|
_contains "$response" "\"success\":true" |
||||
|
fi |
||||
|
} |
||||
|
|
||||
|
#################### Private functions below ################################## |
||||
|
#_acme-challenge.www.domain.com |
||||
|
#returns |
||||
|
# _sub_domain=_acme-challenge.www |
||||
|
# _domain=domain.com |
||||
|
# _domain_id=sdjkglgdfewsdfg |
||||
|
_get_root() { |
||||
|
domain=$1 |
||||
|
i=2 |
||||
|
p=1 |
||||
|
if ! VEESP_rest GET "dns"; then |
||||
|
return 1 |
||||
|
fi |
||||
|
while true; do |
||||
|
h=$(printf "%s" "$domain" | cut -d . -f $i-100) |
||||
|
_debug h "$h" |
||||
|
if [ -z "$h" ]; then |
||||
|
#not valid |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if _contains "$response" "\"name\":\"$h\""; then |
||||
|
_domain_id=$(printf "%s\n" "$response" | _egrep_o "\"domain_id\":[^,]*,\"name\":\"$h\"" | cut -d : -f 2 | cut -d , -f 1 | cut -d '"' -f 2) |
||||
|
_debug _domain_id "$_domain_id" |
||||
|
_service_id=$(printf "%s\n" "$response" | _egrep_o "\"name\":\"$h\",\"service_id\":[^}]*" | cut -d : -f 3 | cut -d '"' -f 2) |
||||
|
_debug _service_id "$_service_id" |
||||
|
if [ "$_domain_id" ]; then |
||||
|
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p) |
||||
|
_domain="$h" |
||||
|
return 0 |
||||
|
fi |
||||
|
return 1 |
||||
|
fi |
||||
|
p=$i |
||||
|
i=$(_math "$i" + 1) |
||||
|
done |
||||
|
return 1 |
||||
|
} |
||||
|
|
||||
|
VEESP_rest() { |
||||
|
m=$1 |
||||
|
ep="$2" |
||||
|
data="$3" |
||||
|
_debug "$ep" |
||||
|
|
||||
|
export _H1="Accept: application/json" |
||||
|
export _H2="Authorization: Basic $VEESP_auth" |
||||
|
if [ "$m" != "GET" ]; then |
||||
|
_debug data "$data" |
||||
|
export _H3="Content-Type: application/json" |
||||
|
response="$(_post "$data" "$VEESP_Api/$ep" "" "$m")" |
||||
|
else |
||||
|
response="$(_get "$VEESP_Api/$ep")" |
||||
|
fi |
||||
|
|
||||
|
if [ "$?" != "0" ]; then |
||||
|
_err "error $ep" |
||||
|
return 1 |
||||
|
fi |
||||
|
_debug2 response "$response" |
||||
|
return 0 |
||||
|
} |
@ -0,0 +1,51 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#Support iOS Bark Notification |
||||
|
|
||||
|
#BARK_API_URL="https://api.day.app/xxxx" |
||||
|
#BARK_SOUND="yyyy" |
||||
|
#BARK_GROUP="zzzz" |
||||
|
|
||||
|
# subject content statusCode |
||||
|
bark_send() { |
||||
|
_subject="$1" |
||||
|
_content="$2" |
||||
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
||||
|
_debug "_subject" "$_subject" |
||||
|
_debug "_content" "$_content" |
||||
|
_debug "_statusCode" "$_statusCode" |
||||
|
|
||||
|
BARK_API_URL="${BARK_API_URL:-$(_readaccountconf_mutable BARK_API_URL)}" |
||||
|
if [ -z "$BARK_API_URL" ]; then |
||||
|
BARK_API_URL="" |
||||
|
_err "You didn't specify a Bark API URL BARK_API_URL yet." |
||||
|
_err "You can download Bark from App Store and get yours." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable BARK_API_URL "$BARK_API_URL" |
||||
|
|
||||
|
BARK_SOUND="${BARK_SOUND:-$(_readaccountconf_mutable BARK_SOUND)}" |
||||
|
_saveaccountconf_mutable BARK_SOUND "$BARK_SOUND" |
||||
|
|
||||
|
BARK_GROUP="${BARK_GROUP:-$(_readaccountconf_mutable BARK_GROUP)}" |
||||
|
if [ -z "$BARK_GROUP" ]; then |
||||
|
BARK_GROUP="ACME" |
||||
|
_info "The BARK_GROUP is not set, so use the default ACME as group name." |
||||
|
else |
||||
|
_saveaccountconf_mutable BARK_GROUP "$BARK_GROUP" |
||||
|
fi |
||||
|
|
||||
|
_content=$(echo "$_content" | _url_encode) |
||||
|
_subject=$(echo "$_subject" | _url_encode) |
||||
|
|
||||
|
response="$(_get "$BARK_API_URL/$_subject/$_content?sound=$BARK_SOUND&group=$BARK_GROUP")" |
||||
|
|
||||
|
if [ "$?" = "0" ] && _contains "$response" "success"; then |
||||
|
_info "Bark API fired success." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
_err "Bark API fired error." |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
} |
@ -0,0 +1,48 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#Support feishu webhooks api |
||||
|
|
||||
|
#required |
||||
|
#FEISHU_WEBHOOK="xxxx" |
||||
|
|
||||
|
#optional |
||||
|
#FEISHU_KEYWORD="yyyy" |
||||
|
|
||||
|
# subject content statusCode |
||||
|
feishu_send() { |
||||
|
_subject="$1" |
||||
|
_content="$2" |
||||
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
||||
|
_debug "_subject" "$_subject" |
||||
|
_debug "_content" "$_content" |
||||
|
_debug "_statusCode" "$_statusCode" |
||||
|
|
||||
|
FEISHU_WEBHOOK="${FEISHU_WEBHOOK:-$(_readaccountconf_mutable FEISHU_WEBHOOK)}" |
||||
|
if [ -z "$FEISHU_WEBHOOK" ]; then |
||||
|
FEISHU_WEBHOOK="" |
||||
|
_err "You didn't specify a feishu webhooks FEISHU_WEBHOOK yet." |
||||
|
_err "You can get yours from https://www.feishu.cn" |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable FEISHU_WEBHOOK "$FEISHU_WEBHOOK" |
||||
|
|
||||
|
FEISHU_KEYWORD="${FEISHU_KEYWORD:-$(_readaccountconf_mutable FEISHU_KEYWORD)}" |
||||
|
if [ "$FEISHU_KEYWORD" ]; then |
||||
|
_saveaccountconf_mutable FEISHU_KEYWORD "$FEISHU_KEYWORD" |
||||
|
fi |
||||
|
|
||||
|
_content=$(echo "$_content" | _json_encode) |
||||
|
_subject=$(echo "$_subject" | _json_encode) |
||||
|
_data="{\"msg_type\": \"text\", \"content\": {\"text\": \"[$FEISHU_KEYWORD]\n$_subject\n$_content\"}}" |
||||
|
|
||||
|
response="$(_post "$_data" "$FEISHU_WEBHOOK" "" "POST" "application/json")" |
||||
|
|
||||
|
if [ "$?" = "0" ] && _contains "$response" "StatusCode\":0"; then |
||||
|
_info "feishu webhooks event fired success." |
||||
|
return 0 |
||||
|
fi |
||||
|
|
||||
|
_err "feishu webhooks event fired error." |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
} |
@ -0,0 +1,44 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
#Support for pushbullet.com's api. Push notification, notification sync and message platform for multiple platforms |
||||
|
#PUSHBULLET_TOKEN="" Required, pushbullet application token |
||||
|
#PUSHBULLET_DEVICE="" Optional, Specific device, ignore to send to all devices |
||||
|
|
||||
|
PUSHBULLET_URI="https://api.pushbullet.com/v2/pushes" |
||||
|
pushbullet_send() { |
||||
|
_subject="$1" |
||||
|
_content="$2" |
||||
|
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
||||
|
_debug "_statusCode" "$_statusCode" |
||||
|
|
||||
|
PUSHBULLET_TOKEN="${PUSHBULLET_TOKEN:-$(_readaccountconf_mutable PUSHBULLET_TOKEN)}" |
||||
|
if [ -z "$PUSHBULLET_TOKEN" ]; then |
||||
|
PUSHBULLET_TOKEN="" |
||||
|
_err "You didn't specify a Pushbullet application token yet." |
||||
|
return 1 |
||||
|
fi |
||||
|
_saveaccountconf_mutable PUSHBULLET_TOKEN "$PUSHBULLET_TOKEN" |
||||
|
|
||||
|
PUSHBULLET_DEVICE="${PUSHBULLET_DEVICE:-$(_readaccountconf_mutable PUSHBULLET_DEVICE)}" |
||||
|
if [ -z "$PUSHBULLET_DEVICE" ]; then |
||||
|
_clearaccountconf_mutable PUSHBULLET_DEVICE |
||||
|
else |
||||
|
_saveaccountconf_mutable PUSHBULLET_DEVICE "$PUSHBULLET_DEVICE" |
||||
|
fi |
||||
|
|
||||
|
export _H1="Content-Type: application/json" |
||||
|
export _H2="Access-Token: ${PUSHBULLET_TOKEN}" |
||||
|
_content="$(printf "*%s*\n" "$_content" | _json_encode)" |
||||
|
_subject="$(printf "*%s*\n" "$_subject" | _json_encode)" |
||||
|
_data="{\"type\": \"note\",\"title\": \"${_subject}\",\"body\": \"${_content}\",\"device_iden\": \"${PUSHBULLET_DEVICE}\"}" |
||||
|
response="$(_post "$_data" "$PUSHBULLET_URI")" |
||||
|
|
||||
|
if [ "$?" != "0" ] || _contains "$response" "\"error_code\""; then |
||||
|
_err "PUSHBULLET send error." |
||||
|
_err "$response" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "PUSHBULLET send success." |
||||
|
return 0 |
||||
|
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue