Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
UnixMaster at Central-IT
idp-tools
Commits
12414522
Commit
12414522
authored
Nov 22, 2017
by
Cédric BRINER
Committed by
Cédric BRINER
Nov 22, 2017
Browse files
Let's encrypt
parent
ec3422de
Changes
1
Hide whitespace changes
Inline
Side-by-side
idp-tools
View file @
12414522
...
...
@@ -1257,22 +1257,61 @@ EOF
| ssh root@
${
h
}
"cat - > /etc/apache2/sites-available/
${
lb_service_name
}
.unige.ch.conf ;"
fi
# copy ssl key
echo
-e
"
\e
[34m-rsync key
\e
[0m"
rsync
-av
/etc/ssl/private/idp
{
-lab
,-test,
}
.
*
root@
${
h
}
:/etc/ssl/private/ | indent 5
echo
-e
"
\e
[34m-rsync cert
\e
[0m"
rsync
-av
/etc/ssl/certs/idp
{
-lab
,-test,
}
.
*
root@
${
h
}
:/etc/ssl/certs/ | indent 5
ssl_pub_path
=
"/etc/ssl/certs/
${
lb_service_name
}
.unige.ch.pem"
ssl_priv_path
=
"/etc/ssl/private/
${
lb_service_name
}
.unige.ch.key"
if
test
"
${
lb_service_name
}
"
=
"idp"
;
then
echo
-e
"
\e
[34m- public key
\e
[0m"
if
ssh root@
${
h
}
"test ! -f '
${
ssl_pub_path
}
'"
;
then
echo
-e
"
\e
[31m- The ssl public key file (
${
ssl_pub_path
}
) is mising.
\e
[0m"
echo
-e
"
\e
[34m Use the following command to create this file
\e
[0m"
echo
-e
"
\e
[34m chiffreca generate-certbot-cmd
${
lb_service_name
}
.unige.ch
\e
[0m"
echo
-e
"
\e
[34mExit.
\e
[0m"
exit
1
fi
if
ssh root@
${
h
}
"test ! -f '
${
ssl_priv_path
}
'"
;
then
echo
-e
"
\e
[31m- The ssl public key file (
${
ssl_priv_path
}
) is mising.
\e
[0m"
echo
-e
"
\e
[34m Use the following command to create this file
\e
[0m"
echo
-e
"
\e
[34m chiffreca generate-certbot-cmd
${
lb_service_name
}
.unige.ch
\e
[0m"
echo
-e
"
\e
[34Eexit.
\e
[0m"
exit
1
fi
else
letsencrypt_pub_path
=
"/etc/letsencrypt/live/
${
lb_service_name
}
.unige.ch/fullchain.pem"
letsencrypt_priv_path
=
"/etc/letsencrypt/live/
${
lb_service_name
}
.unige.ch/privkey.pem"
echo
-e
"
\e
[34m- public key
\e
[0m"
if
ssh root@
${
h
}
"test ! -f '
${
letsencrypt_pub_path
}
'"
;
then
echo
-e
"
\e
[31m- The letsencrypt public key file (
${
letsencrypt_pub_path
}
) is mising.
\e
[0m"
echo
-e
"
\e
[34m Use the following command to create this file
\e
[0m"
echo
-e
"
\e
[34m chiffreca generate-certbot-cmd
${
lb_service_name
}
.unige.ch
\e
[0m"
echo
-e
"
\e
[34mExit.
\e
[0m"
exit
1
fi
make_distant_link
$h
${
letsencrypt_pub_path
}
${
ssl_pub_path
}
#
echo
-e
"
\e
[34m- private key
\e
[0m"
if
ssh root@
${
h
}
"test ! -f '
${
letsencrypt_priv_path
}
'"
;
then
echo
-e
"
\e
[31m- The letsencrypt private key file (
${
letsencrypt_priv_path
}
) is mising.
\e
[0m"
echo
-e
"
\e
[34m Use the following command to create this file
\e
[0m"
echo
-e
"
\e
[34m chiffreca generate-certbot-cmd
${
lb_service_name
}
.unige.ch
\e
[0m"
echo
-e
"
\e
[34mexit.
\e
[0m"
exit
1
fi
make_distant_link
$h
${
letsencrypt_priv_path
}
${
ssl_priv_path
}
fi
# check that the key are present in the apache config
something_todo
=
"False"
t
=
$(
mktemp
--suffix
.idp-sync
)
if
test
"
${
is_on_same_group
}
"
=
"True"
then
for
f
in
$(
grep
-P
"SSLCertificate
\S
*File"
/etc/apache2/sites-enabled/
${
lb_service_name
}
.unige.ch.conf |
awk
'{print $2'
}
)
do
sscp
"apache SSLCertificate
$f
"
$f
root@
${
h
}
:
${
f
}
done
if
test
"
${
lb_service_name
}
"
=
"idp"
;
then
for
f
in
$(
grep
-P
"SSLCertificate
\S
*File"
/etc/apache2/sites-enabled/
${
lb_service_name
}
.unige.ch.conf |
awk
'{print $2'
}
)
do
sscp
"apache SSLCertificate
$f
"
$f
root@
${
h
}
:
${
f
}
done
fi
else
for
f
in
$(
ssh root@
${
h
}
"cat /etc/apache2/sites-enabled/
${
lb_service_name
}
.unige.ch.conf"
\
|grep
-P
"SSLCertificate
\S
*File"
\
|grep
-P
"SSLCertificate
\S
*File"
|
grep
-P
-v
"
\s
*#"
\
|
awk
'{print $2'
}
)
do
if
ssh root@
${
h
}
"test ! -f
${
f
}
"
...
...
@@ -1346,7 +1385,6 @@ EOF
else
echo
-e
"
\e
[34mapache2 will not be restarted as the flag (RESTART_OTHER_DAEMON) is set false
\e
[0m"
fi
#
# TOMCAT
#
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment