Martin Arndt
1 year ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 546 additions and 168 deletions
-
24acme.sh
-
149deploy/synology_dsm.sh
-
150dnsapi/dns_1984hosting.sh
-
59dnsapi/dns_artfiles.sh
-
89dnsapi/dns_bookmyname.sh
-
2dnsapi/dns_loopia.sh
-
225notify/aws_ses.sh
@ -0,0 +1,89 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Here is a sample custom api script. |
|||
#This file name is "dns_bookmyname.sh" |
|||
#So, here must be a method dns_bookmyname_add() |
|||
#Which will be called by acme.sh to add the txt record to your api system. |
|||
#returns 0 means success, otherwise error. |
|||
# |
|||
#Author: Neilpang |
|||
#Report Bugs here: https://github.com/acmesh-official/acme.sh |
|||
# |
|||
######## Public functions ##################### |
|||
|
|||
# Please Read this guide first: https://github.com/acmesh-official/acme.sh/wiki/DNS-API-Dev-Guide |
|||
|
|||
# BookMyName urls: |
|||
# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=add&value="XXXXXXXX"' |
|||
# https://BOOKMYNAME_USERNAME:BOOKMYNAME_PASSWORD@www.bookmyname.com/dyndns/?hostname=_acme-challenge.domain.tld&type=txt&ttl=300&do=remove&value="XXXXXXXX"' |
|||
|
|||
# Output: |
|||
#good: update done, cid 123456, domain id 456789, type txt, ip XXXXXXXX |
|||
#good: remove done 1, cid 123456, domain id 456789, ttl 300, type txt, ip XXXXXXXX |
|||
|
|||
# Be careful, BMN DNS servers can be slow to pick up changes; using dnssleep is thus advised. |
|||
|
|||
# Usage: |
|||
# export BOOKMYNAME_USERNAME="ABCDE-FREE" |
|||
# export BOOKMYNAME_PASSWORD="MyPassword" |
|||
# /usr/local/ssl/acme.sh/acme.sh --dns dns_bookmyname --dnssleep 600 --issue -d domain.tld |
|||
|
|||
#Usage: dns_bookmyname_add _acme-challenge.www.domain.com "XKrxpRBosdIKFzxW_CT3KLZNf6q0HG9i01zxXp5CPBs" |
|||
dns_bookmyname_add() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using bookmyname" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}" |
|||
BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}" |
|||
|
|||
if [ -z "$BOOKMYNAME_USERNAME" ] || [ -z "$BOOKMYNAME_PASSWORD" ]; then |
|||
BOOKMYNAME_USERNAME="" |
|||
BOOKMYNAME_PASSWORD="" |
|||
_err "You didn't specify BookMyName username and password yet." |
|||
_err "Please specify them and try again." |
|||
return 1 |
|||
fi |
|||
|
|||
#save the credentials to the account conf file. |
|||
_saveaccountconf_mutable BOOKMYNAME_USERNAME "$BOOKMYNAME_USERNAME" |
|||
_saveaccountconf_mutable BOOKMYNAME_PASSWORD "$BOOKMYNAME_PASSWORD" |
|||
|
|||
uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/" |
|||
data="?hostname=${fulldomain}&type=TXT&ttl=300&do=add&value=${txtvalue}" |
|||
result="$(_get "${uri}${data}")" |
|||
_debug "Result: $result" |
|||
|
|||
if ! _startswith "$result" 'good: update done, cid '; then |
|||
_err "Can't add $fulldomain" |
|||
return 1 |
|||
fi |
|||
|
|||
} |
|||
|
|||
#Usage: fulldomain txtvalue |
|||
#Remove the txt record after validation. |
|||
dns_bookmyname_rm() { |
|||
fulldomain=$1 |
|||
txtvalue=$2 |
|||
_info "Using bookmyname" |
|||
_debug fulldomain "$fulldomain" |
|||
_debug txtvalue "$txtvalue" |
|||
|
|||
BOOKMYNAME_USERNAME="${BOOKMYNAME_USERNAME:-$(_readaccountconf_mutable BOOKMYNAME_USERNAME)}" |
|||
BOOKMYNAME_PASSWORD="${BOOKMYNAME_PASSWORD:-$(_readaccountconf_mutable BOOKMYNAME_PASSWORD)}" |
|||
|
|||
uri="https://${BOOKMYNAME_USERNAME}:${BOOKMYNAME_PASSWORD}@www.bookmyname.com/dyndns/" |
|||
data="?hostname=${fulldomain}&type=TXT&ttl=300&do=remove&value=${txtvalue}" |
|||
result="$(_get "${uri}${data}")" |
|||
_debug "Result: $result" |
|||
|
|||
if ! _startswith "$result" 'good: remove done 1, cid '; then |
|||
_info "Can't remove $fulldomain" |
|||
fi |
|||
|
|||
} |
|||
|
|||
#################### Private functions below ################################## |
@ -0,0 +1,225 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# |
|||
#AWS_ACCESS_KEY_ID="sdfsdfsdfljlbjkljlkjsdfoiwje" |
|||
# |
|||
#AWS_SECRET_ACCESS_KEY="xxxxxxx" |
|||
# |
|||
#AWS_SES_REGION="us-east-1" |
|||
# |
|||
#AWS_SES_TO="xxxx@xxx.com" |
|||
# |
|||
#AWS_SES_FROM="xxxx@cccc.com" |
|||
# |
|||
#AWS_SES_FROM_NAME="Something something" |
|||
#This is the Amazon SES api wrapper for acme.sh |
|||
AWS_WIKI="https://docs.aws.amazon.com/ses/latest/dg/send-email-api.html" |
|||
|
|||
aws_ses_send() { |
|||
_subject="$1" |
|||
_content="$2" |
|||
_statusCode="$3" #0: success, 1: error 2($RENEW_SKIP): skipped |
|||
_debug "_statusCode" "$_statusCode" |
|||
|
|||
AWS_ACCESS_KEY_ID="${AWS_ACCESS_KEY_ID:-$(_readaccountconf_mutable AWS_ACCESS_KEY_ID)}" |
|||
AWS_SECRET_ACCESS_KEY="${AWS_SECRET_ACCESS_KEY:-$(_readaccountconf_mutable AWS_SECRET_ACCESS_KEY)}" |
|||
AWS_SES_REGION="${AWS_SES_REGION:-$(_readaccountconf_mutable AWS_SES_REGION)}" |
|||
|
|||
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then |
|||
_use_container_role || _use_instance_role |
|||
fi |
|||
|
|||
if [ -z "$AWS_ACCESS_KEY_ID" ] || [ -z "$AWS_SECRET_ACCESS_KEY" ]; then |
|||
AWS_ACCESS_KEY_ID="" |
|||
AWS_SECRET_ACCESS_KEY="" |
|||
_err "You haven't specified the aws SES api key id and and api key secret yet." |
|||
_err "Please create your key and try again. see $(__green $AWS_WIKI)" |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$AWS_SES_REGION" ]; then |
|||
AWS_SES_REGION="" |
|||
_err "You haven't specified the aws SES api region yet." |
|||
_err "Please specify your region and try again. see https://docs.aws.amazon.com/general/latest/gr/ses.html" |
|||
return 1 |
|||
fi |
|||
|
|||
#save for future use, unless using a role which will be fetched as needed |
|||
if [ -z "$_using_role" ]; then |
|||
_saveaccountconf_mutable AWS_ACCESS_KEY_ID "$AWS_ACCESS_KEY_ID" |
|||
_saveaccountconf_mutable AWS_SECRET_ACCESS_KEY "$AWS_SECRET_ACCESS_KEY" |
|||
fi |
|||
|
|||
AWS_SES_TO="${AWS_SES_TO:-$(_readaccountconf_mutable AWS_SES_TO)}" |
|||
if [ -z "$AWS_SES_TO" ]; then |
|||
AWS_SES_TO="" |
|||
_err "You didn't specify an email to AWS_SES_TO receive messages." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable AWS_SES_TO "$AWS_SES_TO" |
|||
|
|||
AWS_SES_FROM="${AWS_SES_FROM:-$(_readaccountconf_mutable AWS_SES_FROM)}" |
|||
if [ -z "$AWS_SES_FROM" ]; then |
|||
AWS_SES_FROM="" |
|||
_err "You didn't specify an email to AWS_SES_FROM receive messages." |
|||
return 1 |
|||
fi |
|||
_saveaccountconf_mutable AWS_SES_FROM "$AWS_SES_FROM" |
|||
|
|||
AWS_SES_FROM_NAME="${AWS_SES_FROM_NAME:-$(_readaccountconf_mutable AWS_SES_FROM_NAME)}" |
|||
_saveaccountconf_mutable AWS_SES_FROM_NAME "$AWS_SES_FROM_NAME" |
|||
|
|||
AWS_SES_SENDFROM="$AWS_SES_FROM_NAME <$AWS_SES_FROM>" |
|||
|
|||
AWS_SES_ACTION="Action=SendEmail" |
|||
AWS_SES_SOURCE="Source=$AWS_SES_SENDFROM" |
|||
AWS_SES_TO="Destination.ToAddresses.member.1=$AWS_SES_TO" |
|||
AWS_SES_SUBJECT="Message.Subject.Data=$_subject" |
|||
AWS_SES_MESSAGE="Message.Body.Text.Data=$_content" |
|||
|
|||
_data="${AWS_SES_ACTION}&${AWS_SES_SOURCE}&${AWS_SES_TO}&${AWS_SES_SUBJECT}&${AWS_SES_MESSAGE}" |
|||
|
|||
response="$(aws_rest POST "" "" "$_data")" |
|||
} |
|||
|
|||
_use_metadata() { |
|||
_aws_creds="$( |
|||
_get "$1" "" 1 | |
|||
_normalizeJson | |
|||
tr '{,}' '\n' | |
|||
while read -r _line; do |
|||
_key="$(echo "${_line%%:*}" | tr -d '"')" |
|||
_value="${_line#*:}" |
|||
_debug3 "_key" "$_key" |
|||
_secure_debug3 "_value" "$_value" |
|||
case "$_key" in |
|||
AccessKeyId) echo "AWS_ACCESS_KEY_ID=$_value" ;; |
|||
SecretAccessKey) echo "AWS_SECRET_ACCESS_KEY=$_value" ;; |
|||
Token) echo "AWS_SESSION_TOKEN=$_value" ;; |
|||
esac |
|||
done | |
|||
paste -sd' ' - |
|||
)" |
|||
_secure_debug "_aws_creds" "$_aws_creds" |
|||
|
|||
if [ -z "$_aws_creds" ]; then |
|||
return 1 |
|||
fi |
|||
|
|||
eval "$_aws_creds" |
|||
_using_role=true |
|||
} |
|||
|
|||
#method uri qstr data |
|||
aws_rest() { |
|||
mtd="$1" |
|||
ep="$2" |
|||
qsr="$3" |
|||
data="$4" |
|||
|
|||
_debug mtd "$mtd" |
|||
_debug ep "$ep" |
|||
_debug qsr "$qsr" |
|||
_debug data "$data" |
|||
|
|||
CanonicalURI="/$ep" |
|||
_debug2 CanonicalURI "$CanonicalURI" |
|||
|
|||
CanonicalQueryString="$qsr" |
|||
_debug2 CanonicalQueryString "$CanonicalQueryString" |
|||
|
|||
RequestDate="$(date -u +"%Y%m%dT%H%M%SZ")" |
|||
_debug2 RequestDate "$RequestDate" |
|||
|
|||
#RequestDate="20161120T141056Z" ############## |
|||
|
|||
export _H1="x-amz-date: $RequestDate" |
|||
|
|||
aws_host="email.$AWS_SES_REGION.amazonaws.com" |
|||
CanonicalHeaders="host:$aws_host\nx-amz-date:$RequestDate\n" |
|||
SignedHeaders="host;x-amz-date" |
|||
if [ -n "$AWS_SESSION_TOKEN" ]; then |
|||
export _H3="x-amz-security-token: $AWS_SESSION_TOKEN" |
|||
CanonicalHeaders="${CanonicalHeaders}x-amz-security-token:$AWS_SESSION_TOKEN\n" |
|||
SignedHeaders="${SignedHeaders};x-amz-security-token" |
|||
fi |
|||
_debug2 CanonicalHeaders "$CanonicalHeaders" |
|||
_debug2 SignedHeaders "$SignedHeaders" |
|||
|
|||
RequestPayload="$data" |
|||
_debug2 RequestPayload "$RequestPayload" |
|||
|
|||
Hash="sha256" |
|||
|
|||
CanonicalRequest="$mtd\n$CanonicalURI\n$CanonicalQueryString\n$CanonicalHeaders\n$SignedHeaders\n$(printf "%s" "$RequestPayload" | _digest "$Hash" hex)" |
|||
_debug2 CanonicalRequest "$CanonicalRequest" |
|||
|
|||
HashedCanonicalRequest="$(printf "$CanonicalRequest%s" | _digest "$Hash" hex)" |
|||
_debug2 HashedCanonicalRequest "$HashedCanonicalRequest" |
|||
|
|||
Algorithm="AWS4-HMAC-SHA256" |
|||
_debug2 Algorithm "$Algorithm" |
|||
|
|||
RequestDateOnly="$(echo "$RequestDate" | cut -c 1-8)" |
|||
_debug2 RequestDateOnly "$RequestDateOnly" |
|||
|
|||
Region="$AWS_SES_REGION" |
|||
Service="ses" |
|||
|
|||
CredentialScope="$RequestDateOnly/$Region/$Service/aws4_request" |
|||
_debug2 CredentialScope "$CredentialScope" |
|||
|
|||
StringToSign="$Algorithm\n$RequestDate\n$CredentialScope\n$HashedCanonicalRequest" |
|||
|
|||
_debug2 StringToSign "$StringToSign" |
|||
|
|||
kSecret="AWS4$AWS_SECRET_ACCESS_KEY" |
|||
|
|||
#kSecret="wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY" ############################ |
|||
|
|||
_secure_debug2 kSecret "$kSecret" |
|||
|
|||
kSecretH="$(printf "%s" "$kSecret" | _hex_dump | tr -d " ")" |
|||
_secure_debug2 kSecretH "$kSecretH" |
|||
|
|||
kDateH="$(printf "$RequestDateOnly%s" | _hmac "$Hash" "$kSecretH" hex)" |
|||
_debug2 kDateH "$kDateH" |
|||
|
|||
kRegionH="$(printf "$Region%s" | _hmac "$Hash" "$kDateH" hex)" |
|||
_debug2 kRegionH "$kRegionH" |
|||
|
|||
kServiceH="$(printf "$Service%s" | _hmac "$Hash" "$kRegionH" hex)" |
|||
_debug2 kServiceH "$kServiceH" |
|||
|
|||
kSigningH="$(printf "%s" "aws4_request" | _hmac "$Hash" "$kServiceH" hex)" |
|||
_debug2 kSigningH "$kSigningH" |
|||
|
|||
signature="$(printf "$StringToSign%s" | _hmac "$Hash" "$kSigningH" hex)" |
|||
_debug2 signature "$signature" |
|||
|
|||
Authorization="$Algorithm Credential=$AWS_ACCESS_KEY_ID/$CredentialScope, SignedHeaders=$SignedHeaders, Signature=$signature" |
|||
_debug2 Authorization "$Authorization" |
|||
|
|||
_H2="Authorization: $Authorization" |
|||
_debug _H2 "$_H2" |
|||
|
|||
url="https://$aws_host/$ep" |
|||
if [ "$qsr" ]; then |
|||
url="https://$aws_host/$ep?$qsr" |
|||
fi |
|||
|
|||
if [ "$mtd" = "GET" ]; then |
|||
response="$(_get "$url")" |
|||
else |
|||
response="$(_post "$data" "$url")" |
|||
fi |
|||
|
|||
_ret="$?" |
|||
_debug2 response "$response" |
|||
if [ "$_ret" = "0" ]; then |
|||
if _contains "$response" "<ErrorResponse"; then |
|||
_err "Response error:$response" |
|||
return 1 |
|||
fi |
|||
fi |
|||
} |
Write
Preview
Loading…
Cancel
Save
Reference in new issue