From c87b59ecb233a3c3136049ff89dfa9c639c15dfc Mon Sep 17 00:00:00 2001 From: Neilpang Date: Mon, 22 Jun 2015 22:39:35 +0800 Subject: [PATCH 1/2] a space is needed a space is needed --- bin/v-add-firewall-rule | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-add-firewall-rule b/bin/v-add-firewall-rule index 126f62b4..56a6fcf4 100755 --- a/bin/v-add-firewall-rule +++ b/bin/v-add-firewall-rule @@ -52,7 +52,7 @@ is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM' get_next_fw_rule validate_format 'rule' is_object_new '../../data/firewall/rules' 'RULE' "$rule" -if [ ! -z "$comment"]; then +if [ ! -z "$comment" ]; then validate_format 'comment' fi From 50b304464f5ab7f533bdc17007fed731d94c3884 Mon Sep 17 00:00:00 2001 From: neil Date: Tue, 29 Dec 2015 14:02:53 +0800 Subject: [PATCH 2/2] add new command v-update-web-domain-ssl, to update the ssl certificate when the certificate is renewed. --- bin/v-update-web-domain-ssl | 91 +++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 bin/v-update-web-domain-ssl diff --git a/bin/v-update-web-domain-ssl b/bin/v-update-web-domain-ssl new file mode 100644 index 00000000..6dffc281 --- /dev/null +++ b/bin/v-update-web-domain-ssl @@ -0,0 +1,91 @@ +#!/bin/bash +# info: updating ssl certificate for domain +# options: USER DOMAIN SSL_DIR [RESTART] +# +# The function updates the SSL certificate for a domain. Parameter ssl_dir is a path +# to directory where 2 or 3 ssl files can be found. Certificate file +# domain.tld.crt and its key domain.tld.key are mandatory. Certificate +# authority domain.tld.ca file is optional. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 +domain=$(idn -t --quiet -u "$2" ) +domain_idn=$(idn -t --quiet -a "$domain") +ssl_dir=$3 +restart="$4" + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/domain.sh +source $VESTA/func/ip.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '3' "$#" 'USER DOMAIN SSL_DIR [RESTART]' +validate_format 'user' 'domain' 'ssl_dir' +is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' +is_system_enabled "$WEB_SSL" 'SSL_SUPPORT' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +is_object_valid 'web' 'DOMAIN' "$domain" +is_object_unsuspended 'web' 'DOMAIN' "$domain" +is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL' +is_web_domain_cert_valid + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Adding certificate to user data directory +cp -f $ssl_dir/$domain.crt $USER_DATA/ssl/$domain.crt +cp -f $ssl_dir/$domain.key $USER_DATA/ssl/$domain.key +cp -f $ssl_dir/$domain.crt $USER_DATA/ssl/$domain.pem +if [ -e "$ssl_dir/$domain.ca" ]; then + cp -f $ssl_dir/$domain.ca $USER_DATA/ssl/$domain.ca + echo >> $USER_DATA/ssl/$domain.pem + cat $USER_DATA/ssl/$domain.ca >> $USER_DATA/ssl/$domain.pem +fi +chmod 660 $USER_DATA/ssl/$domain.* + + + +# Adding certificate to user dir +cp -f $USER_DATA/ssl/$domain.crt $HOMEDIR/$user/conf/web/ssl.$domain.crt +cp -f $USER_DATA/ssl/$domain.key $HOMEDIR/$user/conf/web/ssl.$domain.key +cp -f $USER_DATA/ssl/$domain.pem $HOMEDIR/$user/conf/web/ssl.$domain.pem +if [ -e "$USER_DATA/ssl/$domain.ca" ]; then + cp -f $USER_DATA/ssl/$domain.ca $HOMEDIR/$user/conf/web/ssl.$domain.ca +fi + + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Restarting web server +if [ "$restart" != 'no' ]; then + $BIN/v-restart-web + check_result $? "Web restart failed" >/dev/null + + if [ ! -z "$PROXY_SYSTEM" ]; then + $BIN/v-restart-proxy + check_result $? "Proxy restart failed" >/dev/null + fi +fi + +# Logging +log_history "update ssl certificate for $domain" +log_event "$OK" "$EVENT" + +exit