Work_Archive/VPS-scripts_Web-V2
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases 11 Wiki Activity

Added failed-ssl fallback

Browse Source
This commit is contained in:
Bram Prieshof
2020-10-08 12:39:19 +02:00
parent 921cf142b8
commit 89456991df
8 changed files with 49 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
AppendCMS.sh
View File

@@ -219,9 +219,18 @@ msg " Setting up SSL"
site_ext=ssl site_ext=ssl
if [ $domainwww = 1 ]; then if [ $domainwww = 1 ]; then
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain" -d "www.$domain" /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain" -d "www.$domain"
certsatus=$?
elif [ $domainwww = 0 ]; then elif [ $domainwww = 0 ]; then
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain" /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain"
certsatus=$?
fi fi
if test $certsatus -eq 0
then
site_ext="ssl"
else
site_ext="nossl"
fi
unset certsatus
if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh) source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
fi fi

2
CMS/Backend/apache-conf.sh
View File

@@ -1,4 +1,4 @@
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/apache-siteBackend-unconfigured -o /tmp/apache-siteconf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/apache-siteBackend-unconfigured -o /tmp/apache-siteconf
sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/apache-siteconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/apache-siteconf
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/Backend_"$site_ext".conf sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/apache-siteconf' -e '/#ConfHere/c\' /etc/apache2/sites-available/Backend_"$siteBackend_ext".conf
systemctl reload apache2 systemctl reload apache2

2
CMS/Backend/nginx-conf.sh
View File

@@ -1,4 +1,4 @@
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/nginx-siteBackend-unconfigured -o /tmp/nginx-backendconf curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CMS/Backend/nginx-siteBackend-unconfigured -o /tmp/nginx-backendconf
sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/nginx-backendconf sed -i -e 's/PHPver/'$phpver'/g' -e 's/DOMAINname/'$hostname'/g' /tmp/nginx-backendconf
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-backendconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/Backend_"$site_ext" sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e '/#ConfHere1/ r /tmp/nginx-backendconf' -e '/#ConfHere/c\' /etc/nginx/sites-available/Backend_"$siteBackend_ext"
systemctl reload nginx systemctl reload nginx

4
CoreModules/apache/ssl-handler.sh
View File

@@ -1,9 +1,9 @@
rm /etc/apache2/sites-enabled/010-"$sitename".conf rm /etc/apache2/sites-enabled/010-"$sitename".conf
ln -s /etc/apache2/sites-available/"$sitename"_ssl.conf /etc/apache2/sites-enabled/010-"$sitename".conf ln -s /etc/apache2/sites-available/"$sitename"_"$site_ext".conf /etc/apache2/sites-enabled/010-"$sitename".conf
if [ -n "$sslfr" ]; then if [ -n "$sslfr" ]; then
rm /etc/apache2/sites-enabled/010-Backend.conf rm /etc/apache2/sites-enabled/010-Backend.conf
ln -s /etc/apache2/sites-available/Backend_ssl.conf /etc/apache2/sites-enabled/010-Backend.conf ln -s /etc/apache2/sites-available/Backend_"$siteBackend_ext".conf /etc/apache2/sites-enabled/010-Backend.conf
fi fi
systemctl reload apache2 systemctl reload apache2

6
CoreModules/nginx/ssl-handler.sh
View File

@@ -1,9 +1,9 @@
rm /etc/nginx/sites-enabled/"$sitename" rm /etc/nginx/sites-enabled/"$sitename"
ln -s /etc/nginx/sites-available/"$sitename"_ssl /etc/nginx/sites-enabled/"$sitename" ln -s /etc/nginx/sites-available/"$sitename"_"$site_ext" /etc/nginx/sites-enabled/"$sitename"
if [ -n "$sslfr" ]; then if [ -n "$sslfr" ]; then
rm /etc/nginx/sites-enabled/Backend rm /etc/nginx/sites-enabled/Backend
ln -s /etc/nginx/sites-available/Backend_ssl /etc/nginx/sites-enabled/Backend ln -s /etc/nginx/sites-available/Backend_"$siteBackend_ext" /etc/nginx/sites-enabled/Backend
fi fi
systemctl reload nginx systemctl reload nginx

2
CoreModules/nginx_nonphp/ssl-handler.sh
View File

@@ -1,4 +1,4 @@
rm /etc/nginx/sites-enabled/"$sitename" rm /etc/nginx/sites-enabled/"$sitename"
ln -s /etc/nginx/sites-available/"$sitename"_ssl /etc/nginx/sites-enabled/"$sitename" ln -s /etc/nginx/sites-available/"$sitename"_"$site_ext" /etc/nginx/sites-enabled/"$sitename"
systemctl reload nginx systemctl reload nginx

17
Scripts/EnableSSL.sh
View File

@@ -4,7 +4,6 @@ source /etc/ICTM/mainvar.list
sitename=CONFname sitename=CONFname
domain=DOMAINname domain=DOMAINname
domainwww=DomainWWW domainwww=DomainWWW
email=Email
webserv=WebServer webserv=WebServer
webservice=WebServer webservice=WebServer
@@ -27,13 +26,23 @@ systemctl reload $webservice
#Enabling SSL #Enabling SSL
if [ $domainwww = 1 ]; then if [ $domainwww = 1 ]; then
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$webservice" --ocsp --keylength 'ec-384' -d "$domain" -d "www.$domain" /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$webserv" --ocsp --keylength 'ec-384' -d "$domain" -d "www.$domain"
certsatus=$?
elif [ $domainwww = 0 ]; then elif [ $domainwww = 0 ]; then
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$webservice" --ocsp --keylength 'ec-384' -d "$domain" /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$webserv" --ocsp --keylength 'ec-384' -d "$domain"
certsatus=$?
fi fi
if test $certsatus -eq 0
then
site_ext="ssl"
else
site_ext="nossl"
fi
unset certsatus
#Restoring config #Restoring config
sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e "/#ConfHere1/ r /tmp/"$sitename"-config" -e '/#ConfHere/c\' /etc/"$webservice"/sites-available/"$sitename"_ssl"$ext" sed -i -e "0,/^#ConfHere/s/\(^#Conf.*\)/#ConfHere1 /" -e "/#ConfHere1/ r /tmp/"$sitename"-config" -e '/#ConfHere/c\' /etc/"$webservice"/sites-available/"$sitename"_"$site_ext""$ext"
source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh) source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
#Remove script #Remove script

19
installer.sh
View File

@@ -629,18 +629,35 @@ if [ $sslenable = 1 ]; then
else else
certwebserv=$webserv certwebserv=$webserv
fi fi
site_ext=ssl
if [ $domainwww = 1 ]; then if [ $domainwww = 1 ]; then
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain" -d "www.$domain" /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain" -d "www.$domain"
certsatus=$?
elif [ $domainwww = 0 ]; then elif [ $domainwww = 0 ]; then
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain" /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$domain"
certsatus=$?
fi fi
if test $certsatus -eq 0
then
site_ext="ssl"
else
site_ext="nossl"
fi
unset certsatus
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$hostname" /opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --issue --"$certwebserv" --ocsp --keylength 'ec-384' -d "$hostname"
certsatusBackend=$?
if test $certsatusBackend -eq 0
then
siteBackend_ext="ssl"
else
siteBackend_ext="nossl"
fi
if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then if curl --retry 2 --retry-delay 1 --output /dev/null --silent --head --fail "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh; then
sslfr=1 source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh) sslfr=1 source <(curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/CoreModules/"$webserv"/ssl-handler.sh)
fi fi
elif [ $sslenable = 0 ]; then elif [ $sslenable = 0 ]; then
site_ext=nossl site_ext=nossl
siteBackend_ext="nossl"
fi fi
curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/EnableSSL.sh -o ~/activateSSL-$domain.sh curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/EnableSSL.sh -o ~/activateSSL-$domain.sh