KayJay7
3 weeks ago
committed by
GitHub
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 134 additions and 0 deletions
-
134deploy/sftp.sh
@ -0,0 +1,134 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
|
||||
|
# Script to deploy certificates to remote server by SFTP |
||||
|
# Note that SFTP must be able to login to remote host without a password... |
||||
|
# SSH Keys must have been exchanged with the remote host. Validate and |
||||
|
# test that you can login to USER@SERVER from the host running acme.sh before |
||||
|
# using this script. |
||||
|
# |
||||
|
# The following variables exported from environment will be used. |
||||
|
# If not set then values previously saved in <domain>.conf file are used. |
||||
|
# |
||||
|
# Only a host is required. All others are optional. |
||||
|
# |
||||
|
# export DEPLOY_SFTP_HOSTS="192.168.0.1:22 admin@ssh.server.somewhere localhost" # required, multiple hosts allowed |
||||
|
# export DEPLOY_SFTP_KEYFILE="/etc/stunnel/stunnel.pem" # defaults to ~/acme_sftp_deploy/<domain>/<domain>.key |
||||
|
# export DEPLOY_SFTP_CERTFILE="/etc/stunnel/stunnel.pem" ~/acme_sftp_deploy/<domain>/<domain>.cer |
||||
|
# export DEPLOY_SFTP_CAFILE="/etc/stunnel/uca.pem" ~/acme_sftp_deploy/<domain>/ca.cer |
||||
|
# export DEPLOY_SFTP_FULLCHAIN="" ~/acme_sftp_deploy/<domain>/fullchain.cer |
||||
|
|
||||
|
######## Public functions ##################### |
||||
|
|
||||
|
#domain keyfile certfile cafile fullchain |
||||
|
sftp_deploy() { |
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
_debug _ccert "$_ccert" |
||||
|
_debug _cca "$_cca" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
|
||||
|
# HOSTS is required to login by sftp to remote host. |
||||
|
_getdeployconf DEPLOY_SFTP_HOSTS |
||||
|
_debug2 DEPLOY_SFTP_HOSTS "$DEPLOY_SFTP_HOSTS" |
||||
|
if [ -z "$DEPLOY_SFTP_HOSTS" ]; then |
||||
|
_err "DEPLOY_SFTP_HOSTS not defined." |
||||
|
return 1 |
||||
|
fi |
||||
|
_savedeployconf DEPLOY_SFTP_HOSTS "$DEPLOY_SFTP_HOSTS" |
||||
|
|
||||
|
# KEYFILE is optional. |
||||
|
# If provided then private key will be copied to provided filename. |
||||
|
_getdeployconf DEPLOY_SFTP_KEYFILE |
||||
|
_debug2 DEPLOY_SFTP_KEYFILE "$DEPLOY_SFTP_KEYFILE" |
||||
|
if [ -n "$DEPLOY_SFTP_KEYFILE" ]; then |
||||
|
_savedeployconf DEPLOY_SFTP_KEYFILE "$DEPLOY_SFTP_KEYFILE" |
||||
|
fi |
||||
|
|
||||
|
# CERTFILE is optional. |
||||
|
# If provided then certificate will be copied or appended to provided filename. |
||||
|
_getdeployconf DEPLOY_SFTP_CERTFILE |
||||
|
_debug2 DEPLOY_SFTP_CERTFILE "$DEPLOY_SFTP_CERTFILE" |
||||
|
if [ -n "$DEPLOY_SFTP_CERTFILE" ]; then |
||||
|
_savedeployconf DEPLOY_SFTP_CERTFILE "$DEPLOY_SFTP_CERTFILE" |
||||
|
fi |
||||
|
|
||||
|
# CAFILE is optional. |
||||
|
# If provided then CA intermediate certificate will be copied or appended to provided filename. |
||||
|
_getdeployconf DEPLOY_SFTP_CAFILE |
||||
|
_debug2 DEPLOY_SFTP_CAFILE "$DEPLOY_SFTP_CAFILE" |
||||
|
if [ -n "$DEPLOY_SFTP_CAFILE" ]; then |
||||
|
_savedeployconf DEPLOY_SFTP_CAFILE "$DEPLOY_SFTP_CAFILE" |
||||
|
fi |
||||
|
|
||||
|
# FULLCHAIN is optional. |
||||
|
# If provided then fullchain certificate will be copied or appended to provided filename. |
||||
|
_getdeployconf DEPLOY_SFTP_FULLCHAIN |
||||
|
_debug2 DEPLOY_SFTP_FULLCHAIN "$DEPLOY_SFTP_FULLCHAIN" |
||||
|
if [ -n "$DEPLOY_SFTP_FULLCHAIN" ]; then |
||||
|
_savedeployconf DEPLOY_SFTP_FULLCHAIN "$DEPLOY_SFTP_FULLCHAIN" |
||||
|
fi |
||||
|
|
||||
|
# Remote key file location, default ~/acme_sftp_deploy/domain/domain.key |
||||
|
_ckey_path=".acme_sftp_deploy/$_cdomain/$_cdomain.key" |
||||
|
if [ -n "$DEPLOY_SFTP_KEYFILE" ]; then |
||||
|
_ckey_path="$DEPLOY_SFTP_KEYFILE" |
||||
|
fi |
||||
|
_debug _ckey_path "$_ckey_path" |
||||
|
|
||||
|
# Remote cert file location, default ~/acme_sftp_deploy/domain/domain.cer |
||||
|
_ccert_path=".acme_sftp_deploy/$_cdomain/$_cdomain.cer" |
||||
|
if [ -n "$DEPLOY_SFTP_CERTFILE" ]; then |
||||
|
_ccert_path="$DEPLOY_SFTP_CERTFILE" |
||||
|
fi |
||||
|
_debug _ccert_path "$_ccert_path" |
||||
|
|
||||
|
# Remote intermediate CA file location, default ~/acme_sftp_deploy/domain/ca.cer |
||||
|
_cca_path=".acme_sftp_deploy/$_cdomain/ca.cer" |
||||
|
if [ -n "$DEPLOY_SFTP_CAFILE" ]; then |
||||
|
_cca_path="$DEPLOY_SFTP_CAFILE" |
||||
|
fi |
||||
|
_debug _cca_path "$_cca_path" |
||||
|
|
||||
|
# Remote key file location, default ~/acme_sftp_deploy/domain/fullchain.cer |
||||
|
_cfullchain_path=".acme_sftp_deploy/$_cdomain/fullchain.cer" |
||||
|
if [ -n "$DEPLOY_SFTP_FULLCHAIN" ]; then |
||||
|
_cfullchain_path="$DEPLOY_SFTP_FULLCHAIN" |
||||
|
fi |
||||
|
_debug _cfullchain_path "$_cfullchain_path" |
||||
|
|
||||
|
# Remote host, required non-empty but already checked before |
||||
|
_sftp_hosts=$DEPLOY_SFTP_HOSTS |
||||
|
_debug _sftp_hosts "$_sftp_hosts" |
||||
|
|
||||
|
# Initialize return value at 0 |
||||
|
_error_code=0 |
||||
|
|
||||
|
# Always loop at least once |
||||
|
for _sftp_host in $_sftp_hosts ; do |
||||
|
sftp "$_sftp_host"\ |
||||
|
<<EOF |
||||
|
put "$_ckey" "$_ckey_path" |
||||
|
put "$_ccert" "$_ccert_path" |
||||
|
put "$_cca" "$_cca_path" |
||||
|
put "$_cfullchain" "$_cfullchain_path" |
||||
|
EOF |
||||
|
_sftp_error="$?" |
||||
|
|
||||
|
# Print error code in case of error |
||||
|
if [ "$_sftp_error" -ne 0 ]; then |
||||
|
_err "Error code $_sftp_error returned from sftp at host $_sftp_host" |
||||
|
fi |
||||
|
|
||||
|
# Update global return value |
||||
|
_error_code=$((_error_code || _sftp_error)) |
||||
|
done |
||||
|
|
||||
|
# Return 1 if any upload failed |
||||
|
return "$_error_code" |
||||
|
} |
||||
Write
Preview
Loading…
Cancel
Save
Reference in new issue