Work_Archive/VPS-scripts_Web-V2
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases 11 Wiki Activity

Added failed-ssl fallback

Browse Source
This commit is contained in:
Bram Prieshof
2020-10-08 12:39:19 +02:00
parent 921cf142b8
commit 89456991df
8 changed files with 49 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
AppendCMS.sh
View File

@@ -219,9 +219,18 @@ msg " Setting up SSL"
site_ext=ssl
if [ $domainwww = 1 ]; then
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain" -d "www.$domain"
certsatus=$?
elif [ $domainwww = 0 ]; then
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain"
certsatus=$?
fi
if test $certsatus -eq 0
then
site_ext="ssl"
else
site_ext="nossl"
fi
unset certsatus
if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
fi

2
CMS/Backend/apache-conf.sh
View File

@@ -1,4 +1,4 @@
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/apache-siteBackend-unconfigured -o /tmp/apache-siteconf
sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/apache-siteconf
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/Backend_"$site_ext".conf
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/Backend_"$siteBackend_ext".conf
systemctl reload apache2

2
CMS/Backend/nginx-conf.sh
View File

@@ -1,4 +1,4 @@
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/nginx-siteBackend-unconfigured -o /tmp/nginx-backendconf
sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/nginx-backendconf
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-backendconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/Backend_"$site_ext"
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-backendconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/Backend_"$siteBackend_ext"
systemctl reload nginx

4
CoreModules/apache/ssl-handler.sh
View File

@@ -1,9 +1,9 @@
rm /etc/apache2/sites-enabled/010-"$sitename".conf
ln -s /etc/apache2/sites-available/"$sitename"_ssl.conf /etc/apache2/sites-enabled/010-"$sitename".conf
ln -s /etc/apache2/sites-available/"$sitename"_"$site_ext".conf /etc/apache2/sites-enabled/010-"$sitename".conf
if [ -n "$sslfr" ]; then
rm /etc/apache2/sites-enabled/010-Backend.conf
ln -s /etc/apache2/sites-available/Backend_ssl.conf /etc/apache2/sites-enabled/010-Backend.conf
ln -s /etc/apache2/sites-available/Backend_"$siteBackend_ext".conf /etc/apache2/sites-enabled/010-Backend.conf
fi
systemctl reload apache2

6
CoreModules/nginx/ssl-handler.sh
View File

@@ -1,9 +1,9 @@
rm /etc/nginx/sites-enabled/"$sitename"
ln -s /etc/nginx/sites-available/"$sitename"_ssl /etc/nginx/sites-enabled/"$sitename"
ln -s /etc/nginx/sites-available/"$sitename"_"$site_ext" /etc/nginx/sites-enabled/"$sitename"
if [ -n "$sslfr" ]; then
rm /etc/nginx/sites-enabled/Backend
ln -s /etc/nginx/sites-available/Backend_ssl /etc/nginx/sites-enabled/Backend
rm /etc/nginx/sites-enabled/Backend
ln -s /etc/nginx/sites-available/Backend_"$siteBackend_ext" /etc/nginx/sites-enabled/Backend
fi
systemctl reload nginx

2
CoreModules/nginx_nonphp/ssl-handler.sh
View File

@@ -1,4 +1,4 @@
rm /etc/nginx/sites-enabled/"$sitename"
ln -s /etc/nginx/sites-available/"$sitename"_ssl /etc/nginx/sites-enabled/"$sitename"
ln -s /etc/nginx/sites-available/"$sitename"_"$site_ext" /etc/nginx/sites-enabled/"$sitename"
systemctl reload nginx

19
Scripts/EnableSSL.sh
View File

@@ -4,7 +4,6 @@ source /etc/ICTM/mainvar.list
sitename=CONFname
domain=DOMAINname
domainwww=DomainWWW
email=Email
webserv=WebServer
webservice=WebServer
@@ -27,13 +26,23 @@ systemctl reload $webservice
#Enabling SSL
if [ $domainwww = 1 ]; then
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$webservice" --ocsp --keylength 'ec-384' -d "$domain" -d "www.$domain"
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$webserv" --ocsp --keylength 'ec-384' -d "$domain" -d "www.$domain"
certsatus=$?
elif [ $domainwww = 0 ]; then
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$webservice" --ocsp --keylength 'ec-384' -d "$domain"
fi
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$webserv" --ocsp --keylength 'ec-384' -d "$domain"
certsatus=$?
fi
if test $certsatus -eq 0
then
site_ext="ssl"
else
site_ext="nossl"
fi
unset certsatus
#Restoring config
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e "/#ConfHere1/ r /tmp/"$sitename"-config" -e '/#ConfHere/c\' /etc/"$webservice"/sites-available/"$sitename"_ssl"$ext"
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e "/#ConfHere1/ r /tmp/"$sitename"-config" -e '/#ConfHere/c\' /etc/"$webservice"/sites-available/"$sitename"_"$site_ext""$ext"
source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
#Remove script

19
installer.sh
View File

@@ -629,18 +629,35 @@ if [ $sslenable = 1 ]; then
else
certwebserv=$webserv
fi
site_ext=ssl
if [ $domainwww = 1 ]; then
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain" -d "www.$domain"
certsatus=$?
elif [ $domainwww = 0 ]; then
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain"
certsatus=$?
fi
if test $certsatus -eq 0
then
site_ext="ssl"
else
site_ext="nossl"
fi
unset certsatus
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$hostname"
certsatusBackend=$?
if test $certsatusBackend -eq 0
then
siteBackend_ext="ssl"
else
siteBackend_ext="nossl"
fi
if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
sslfr=1 source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
fi
elif [ $sslenable = 0 ]; then
site_ext=nossl
siteBackend_ext="nossl"
fi
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/EnableSSL.sh -o ~/activateSSL-$domain.sh