Merge e481be1097 into 206be3c161

8 years ago · f77ee316ea
3 changed files with 76 additions and 5 deletions
--- a/deploy/README.md
+++ b/deploy/README.md
@ -255,3 +255,23 @@ acme.sh --deploy -d fritzbox.example.com --deploy-hook fritzbox
 ```sh
 acme.sh --deploy -d ftp.example.com --deploy-hook strongswan
 ```
+
+## 10. Deploy the cert to HAProxy
+
+You must specify the path where you want the concatenated key and certificate chain written.
+```sh
+export DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy
+```
+
+You may optionally define the command to reload HAProxy. The value shown below will be used as the default if you don't set this environment variable.
+
+```sh
+export DEPLOY_HAPROXY_RELOAD="/usr/sbin/service haproxy restart"
+```
+
+You can then deploy the certificate as follows
+```sh
+acme.sh --deploy -d haproxy.example.com --deploy-hook haproxy
+```
+
+The path for the PEM file will be stored with the domain configuration and will be available when renewing, so that deploy will happen automatically when renewed.
--- a/deploy/cpanel_uapi.sh
+++ b/deploy/cpanel_uapi.sh
@ -2,11 +2,30 @@
 # Here is the script to deploy the cert to your cpanel using the cpanel API.
 # Uses command line uapi.  --user option is needed only if run as root.
 # Returns 0 when success.
-# Written by Santeri Kannisto <santeri.kannisto@2globalnomads.info>
+# Written by Santeri Kannisto <santeri.kannisto@webseodesigners.com>
 # Public domain, 2017

 #export DEPLOY_CPANEL_USER=myusername

+########  Private functions #####################
+
+__urlencode() {
+  local string="${1}"
+  local strlen=${#string}
+  local encoded=""
+  local pos c o
+
+  for (( pos=0 ; pos<strlen ; pos++ )); do
+     c=${string:$pos:1}
+     case "$c" in
+        [-_.~a-zA-Z0-9] ) o="${c}" ;;
+        *) printf -v o '%%%02x' "'$c"
+     esac
+     encoded+="${o}"
+  done
+  echo "${encoded}"
+}
+
 ########  Public functions #####################

 #domain keyfile certfile cafile fullchain
@ -35,8 +54,8 @@ cpanel_uapi_deploy() {
  # read cert and key files and urlencode both
  _certstr=$(cat "$_ccert")
  _keystr=$(cat "$_ckey")
-  _cert=$(php -r "echo urlencode(\"$_certstr\");")
-  _key=$(php -r "echo urlencode(\"$_keystr\");")
+  _cert=$(__urlencode "$_certstr")
+  _key=$(__urlencode "$_keystr")

  _debug _cert "$_cert"
  _debug _key "$_key"
--- a/deploy/haproxy.sh
+++ b/deploy/haproxy.sh
@ -20,7 +20,39 @@ haproxy_deploy() {
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"

-  _err "deploy cert to haproxy server, Not implemented yet"
-  return 1
+  # handle reload preference
+  DEFAULT_HAPROXY_RELOAD="/usr/sbin/service haproxy restart"
+  if [ -z "${DEPLOY_HAPROXY_RELOAD}" ]; then
+    _reload="${DEFAULT_HAPROXY_RELOAD}"
+    _cleardomainconf DEPLOY_HAPROXY_RELOAD
+  else
+    _reload="${DEPLOY_HAPROXY_RELOAD}"
+    _savedomainconf DEPLOY_HAPROXY_RELOAD "$DEPLOY_HAPROXY_RELOAD"
+  fi
+  _savedomainconf DEPLOY_HAPROXY_PEM_PATH "$DEPLOY_HAPROXY_PEM_PATH"
+
+  # work out the path where the PEM file should go
+  _pem_path="${DEPLOY_HAPROXY_PEM_PATH}"
+  if [ -z "$_pem_path" ]; then
+    _err "Path to save PEM file not found. Please define DEPLOY_HAPROXY_PEM_PATH."
+    return 1
+  fi
+  _pem_full_path="$_pem_path/$_cdomain.pem"
+  _info "Full path to PEM $_pem_full_path"
+
+  # combine the key and fullchain into a single pem and install
+  cat "$_cfullchain" "$_ckey" >"$_pem_full_path"
+  chmod 600 "$_pem_full_path"
+  _info "Certificate successfully deployed"
+
+  # restart HAProxy
+  _info "Run reload: $_reload"
+  if eval "$_reload"; then
+    _info "Reload success!"
+    return 0
+  else
+    _err "Reload error"
+    return 1
+  fi

 }