Initial support for stunnel.

7 years ago · b22810a5a0
1 changed files with 56 additions and 0 deletions
--- a/deploy/stunnel.sh
+++ b/deploy/stunnel.sh
@ -0,0 +1,56 @@
+#!/usr/bin/env sh
+
+#Here is a sample custom api script.
+#This file name is "stunnel.sh"
+#So, here must be a method   stunnel_deploy()
+#Which will be called by acme.sh to deploy the cert
+#returns 0 means success, otherwise error.
+
+########  Public functions #####################
+
+#domain keyfile certfile cafile fullchain
+stunnel_deploy() {
+  _cdomain="$1"
+  _ckey="$2"
+  _ccert="$3"
+  _cca="$4"
+  _cfullchain="$5"
+
+  _debug _cdomain "$_cdomain"
+  _debug _ckey "$_ckey"
+  _debug _ccert "$_ccert"
+  _debug _cca "$_cca"
+  _debug _cfullchain "$_cfullchain"
+
+  ST_DIR="/etc/stunnel"
+  _debug STUNNEL "$ST_DIR"
+  _debug STUNNEL_CRT "$ST_DIR/stunnel.crt"
+  _debug STUNNEL_KEY "$ST_DIR/stunnel.key"
+
+  if [ ! -d "$ST_DIR" ]
+  then
+    _info "Creating the stunnel directory..."
+    mkdir -p "$ST_DIR" || return 1
+  fi
+
+  if [ ! -f "$ST_DIR/stunnel.dh" ]
+  then
+    _info "Generating the Diffie-Hellman key..."
+    openssl gendh 2048 > "$ST_DIR/stunnel.dh"
+  fi
+  
+  _info "Saving the certificate..."
+  cat "$_cfullchain" "$ST_DIR/stunnel.dh" > "$ST_DIR/stunnel.crt"
+
+  if [ ! -f "$ST_DIR/stunnel.key" ]
+  then
+    _info "Saving the key..."
+    cat "$_ckey" > "$ST_DIR/stunnel.key"
+  fi
+
+  _info "Setting file permissions..."
+  chmod 600 "$ST_DIR/stunnel.crt" "$ST_DIR/stunnel.key" "$ST_DIR/stunnel.dh"
+  chown nobody:root "$ST_DIR/stunnel.crt" "$ST_DIR/stunnel.key" "$ST_DIR/stunnel.dh"
+
+  return 0
+}