2017-02-19 20:40:53 +08:00
|
|
|
#!/usr/bin/env sh
|
|
|
|
|
|
|
|
#Here is a script to deploy cert to haproxy server.
|
|
|
|
|
|
|
|
#returns 0 means success, otherwise error.
|
|
|
|
|
|
|
|
######## Public functions #####################
|
|
|
|
|
|
|
|
#domain keyfile certfile cafile fullchain
|
|
|
|
haproxy_deploy() {
|
|
|
|
_cdomain="$1"
|
|
|
|
_ckey="$2"
|
|
|
|
_ccert="$3"
|
|
|
|
_cca="$4"
|
|
|
|
_cfullchain="$5"
|
|
|
|
|
|
|
|
_debug _cdomain "$_cdomain"
|
|
|
|
_debug _ckey "$_ckey"
|
|
|
|
_debug _ccert "$_ccert"
|
|
|
|
_debug _cca "$_cca"
|
|
|
|
_debug _cfullchain "$_cfullchain"
|
|
|
|
|
2018-05-04 10:14:31 -05:00
|
|
|
# handle reload preference
|
|
|
|
DEFAULT_HAPROXY_RELOAD="/usr/sbin/service haproxy restart"
|
2018-05-04 10:25:54 -05:00
|
|
|
if [ -z "${DEPLOY_HAPROXY_RELOAD}" ]; then
|
2018-05-04 10:14:31 -05:00
|
|
|
_reload="${DEFAULT_HAPROXY_RELOAD}"
|
|
|
|
_cleardomainconf DEPLOY_HAPROXY_RELOAD
|
|
|
|
else
|
|
|
|
_reload="${DEPLOY_HAPROXY_RELOAD}"
|
|
|
|
_savedomainconf DEPLOY_HAPROXY_RELOAD "$DEPLOY_HAPROXY_RELOAD"
|
|
|
|
fi
|
2018-05-03 01:28:56 -05:00
|
|
|
_savedomainconf DEPLOY_HAPROXY_PEM_PATH "$DEPLOY_HAPROXY_PEM_PATH"
|
|
|
|
|
2018-05-04 10:14:31 -05:00
|
|
|
# work out the path where the PEM file should go
|
2018-05-03 10:06:05 -05:00
|
|
|
_pem_path="${DEPLOY_HAPROXY_PEM_PATH}"
|
|
|
|
if [ -z "$_pem_path" ]; then
|
|
|
|
_err "Path to save PEM file not found. Please define DEPLOY_HAPROXY_PEM_PATH."
|
|
|
|
return 1
|
|
|
|
fi
|
|
|
|
_pem_full_path="$_pem_path/$_cdomain.pem"
|
2018-05-03 01:28:56 -05:00
|
|
|
_info "Full path to PEM $_pem_full_path"
|
|
|
|
|
2018-05-04 10:14:31 -05:00
|
|
|
# combine the key and fullchain into a single pem and install
|
2018-05-03 12:17:26 -05:00
|
|
|
cat "$_cfullchain" "$_ckey" >"$_pem_full_path"
|
2018-05-03 01:28:56 -05:00
|
|
|
chmod 600 "$_pem_full_path"
|
|
|
|
_info "Certificate successfully deployed"
|
2018-05-04 10:14:31 -05:00
|
|
|
|
|
|
|
# restart HAProxy
|
|
|
|
_info "Run reload: $_reload"
|
|
|
|
if eval "$_reload"; then
|
|
|
|
_info "Reload success!"
|
|
|
|
return 0
|
|
|
|
else
|
|
|
|
_err "Reload error"
|
|
|
|
return 1
|
|
|
|
fi
|
2017-02-19 20:40:53 +08:00
|
|
|
|
|
|
|
}
|