Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

store the env vars within the domainconf 

The enviroment variables are stored inside the domain configuration file, so that it is not necessary to provide them each time
also the option ROUTER_OS_WEB_SERVICE was added for the ability to disable updating the certificate for the www-ssl service, useful for example when a special certificate only for the hotspot server is needed
pull/2413/head
herbetom 6 years ago
parent
55dea4ee9d
commit
d05ac212e5
1 changed files with 86 additions and 29 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 115
      deploy/routeros.sh

115
deploy/routeros.sh
View File

@ -18,7 +18,8 @@
# the files on the router. # the files on the router.
# #
# Then you need to set the environment variables for the # Then you need to set the environment variables for the
# deploy script to work.
# deploy script to work. It will store those in the domainconf.
# So there is no need to set them every time.
# #
# ```sh # ```sh
# export ROUTER_OS_USERNAME=certuser # export ROUTER_OS_USERNAME=certuser
@ -38,13 +39,22 @@
# #
# At the end of the script, the services that use those certificates # At the end of the script, the services that use those certificates
# could be updated. Currently only the www-ssl service is beeing # could be updated. Currently only the www-ssl service is beeing
# updated, but more services could be added.
# updated. You can prevent this by setting the following enviroment
# variable: `export ROUTER_OS_WEB_SERVICE="no"`.
# You can add more services to
#, but more services could be added.
# #
# For instance: # For instance:
# ```sh # ```sh
# export ROUTER_OS_ADDITIONAL_SERVICES="/ip service set api-ssl certificate=$_cdomain.cer_0" # export ROUTER_OS_ADDITIONAL_SERVICES="/ip service set api-ssl certificate=$_cdomain.cer_0"
# ``` # ```
# #
# To set the ssl-certificate for a hotspot profile the following command
# is useful:
# ```sh
# /ip hotspot profile set [find dns-name=hs.example.com] ssl-certificate=hs.example.com.cer_0
# ```
# One optional thing to do as well is to create a script that updates # One optional thing to do as well is to create a script that updates
# all the required services and run that script in a single command. # all the required services and run that script in a single command.
# #
@ -66,46 +76,93 @@ routeros_deploy() {
_debug _cca "$_cca" _debug _cca "$_cca"
_debug _cfullchain "$_cfullchain" _debug _cfullchain "$_cfullchain"
if [ -z "$ROUTER_OS_HOST" ]; then
# ROUTER_OS_USERNAME is required to login to remote host.
if [ -z "$ROUTER_OS_USERNAME" ]; then
if [ -z "$Le_router_os_username" ]; then
_err "Need to set the env variable ROUTER_OS_USERNAME"
return 1
fi
else
_info "saving ROUTER_OS_USERNAME in the domainconf"
Le_router_os_username="$ROUTER_OS_USERNAME"
_savedomainconf Le_router_os_username "$Le_router_os_username"
fi
# ROUTER_OS_HOST is optional. If not provided then use _cdomain
if [ -n "$ROUTER_OS_HOST" ]; then
_info "saving ROUTER_OS_HOST in the domainconf"
Le_router_os_host="$ROUTER_OS_HOST"
_savedomainconf Le_router_os_host "$Le_router_os_host"
elif [ -z "$Le_router_os_host" ]; then
_debug "Using _cdomain as ROUTER_OS_HOST, please set if not correct." _debug "Using _cdomain as ROUTER_OS_HOST, please set if not correct."
ROUTER_OS_HOST="$_cdomain"
Le_router_os_host="$_cdomain"
fi fi
if [ -z "$ROUTER_OS_USERNAME" ]; then
_err "Need to set the env variable ROUTER_OS_USERNAME"
return 1
# ROUTER_OS_ADDITIONAL_SERVICES is optional.
if [ -n "$ROUTER_OS_ADDITIONAL_SERVICES" ]; then
_info "saving ROUTER_OS_ADDITIONAL_SERVICES in the domainconf"
Le_router_os_additional_services="$ROUTER_OS_ADDITIONAL_SERVICES"
_savedomainconf Le_router_os_additional_services "$Le_router_os_additional_services"
elif [ -z "$Le_router_os_additional_services" ]; then
_info "saving ROUTER_OS_ADDITIONAL_SERVICES in the domainconf"
Le_router_os_additional_services=""
_savedomainconf Le_router_os_additional_services "$Le_router_os_additional_services"
fi
# ROUTER_OS_WEB_SERVICE is optional. Default is yes
if [ "$ROUTER_OS_WEB_SERVICE" = "no" ]; then
_debug "don't set the certificate for www-ssl service, saving this in the domainconf."
Le_router_os_web_service="no"
_savedomainconf Le_router_os_web_service "$Le_router_os_web_service"
elif [ "$ROUTER_OS_WEB_SERVICE" = "yes" ] || [ -z "$Le_router_os_web_service" ]; then
_debug "setting the certificate for www-ssl service, saving this in the domainconf."
Le_router_os_web_service="yes"
_savedomainconf Le_router_os_web_service "$Le_router_os_web_service"
fi fi
router_os_services=""
if [ -z "$ROUTER_OS_ADDITIONAL_SERVICES" ]; then
_debug "Not enabling additional services"
ROUTER_OS_ADDITIONAL_SERVICES=""
if [ "$Le_router_os_web_service" = "yes" ]; then
router_os_services="$router_os_services \r\n /ip service set www-ssl certificate=$_cdomain.cer_0"
fi
if [ ! -z "$Le_router_os_additional_services" ]; then
router_os_services="$router_os_services \r\n $Le_router_os_additional_services"
fi fi
_info "Trying to push key '$_ckey' to router" _info "Trying to push key '$_ckey' to router"
scp "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key"
scp "$_ckey" "$Le_router_os_username@$Le_router_os_host:$_cdomain.key"
if [ $? -ne 0 ]; then
_err "pushing key '$_ckey' wasn't successull. Stopping here"
return 1
fi
_info "Trying to push cert '$_cfullchain' to router" _info "Trying to push cert '$_cfullchain' to router"
scp "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer"
scp "$_cfullchain" "$Le_router_os_username@$Le_router_os_host:$_cdomain.cer"
if [ $? -ne 0 ]; then
_err "pushing key '$_ckey' wasn't successull. Stopping here"
return 1
fi
DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=admin policy=ftp,read,write,password,sensitive DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=admin policy=ftp,read,write,password,sensitive
source=\"## generated by routeros deploy script in acme.sh
\n/certificate remove [ find name=$_cdomain.cer_0 ]
\n/certificate remove [ find name=$_cdomain.cer_1 ]
\ndelay 1
\n/certificate import file-name=$_cdomain.cer passphrase=\\\"\\\"
\n/certificate import file-name=$_cdomain.key passphrase=\\\"\\\"
\ndelay 1
\n/file remove $_cdomain.cer
\n/file remove $_cdomain.key
\ndelay 2
\n/ip service set www-ssl certificate=$_cdomain.cer_0
\n$ROUTER_OS_ADDITIONAL_SERVICES
\n\"
"
source=\"## generated by routeros deploy script in acme.sh\r\n
\r\n /certificate remove [ find name=$_cdomain.cer_0 ]
\r\n /certificate remove [ find name=$_cdomain.cer_1 ]
\r\n delay 1
\r\n /certificate import file-name=$_cdomain.cer passphrase=\\\"\\\"
\r\n /certificate import file-name=$_cdomain.key passphrase=\\\"\\\"
\r\n delay 1
\r\n /file remove $_cdomain.cer
\r\n /file remove $_cdomain.key
\r\n delay 2
$router_os_services\""
# shellcheck disable=SC2029 # shellcheck disable=SC2029
ssh "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "$DEPLOY_SCRIPT_CMD"
ssh "$Le_router_os_username@$Le_router_os_host" $DEPLOY_SCRIPT_CMD
# shellcheck disable=SC2029 # shellcheck disable=SC2029
ssh "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script run \"LE Cert Deploy - $_cdomain\""
ssh "$Le_router_os_username@$Le_router_os_host" "/system script run \"LE Cert Deploy - $_cdomain\""
# shellcheck disable=SC2029 # shellcheck disable=SC2029
ssh "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script remove \"LE Cert Deploy - $_cdomain\""
ssh "$Le_router_os_username@$Le_router_os_host" "/system script remove \"LE Cert Deploy - $_cdomain\""
return 0 return 0
} }
Write Preview
Loading…
Cancel
Save