Commit Graph

382 Commits

Author SHA1 Message Date
neil
6fb8c0ec4c
Merge pull request #3989 from abiessmann/deploy_routeros_handle_remote_errors
deploy/routeros: handle errors
2022-03-20 13:30:58 +08:00
neil
499ea07934
Merge pull request #3993 from imgrant/deploy-truenas-s3-feature
feat: Configure TrueNAS S3 certificate
2022-03-20 12:34:58 +08:00
Ian Grant
afa06267a2 style: Neaten up some of the info & error messages, fix some typos 2022-03-19 20:39:48 +00:00
Ian Grant
d4a6d9c076 fix: Adjust the sed extraction of certificate ID from JSON response
Prior to this, an error in the regex didn't match. Resolves #3992 (TrueNAS deploy hook fails to set certificate for FTP or WebDAV)
2022-03-19 20:38:47 +00:00
Ian Grant
c3f6112443 feat: Configure certificate for TrueNAS S3 service (MinIO) 2022-03-19 20:36:11 +00:00
Andreas Bießmann
3411b736dd deploy/routeros: add error handling for scp
In order to stop processing on failure to copy certificate
to remote side, fail on error of scp command.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-03-18 09:10:12 +01:00
Andreas Bießmann
c603b9c40b deploy/routeros: add error handling for ssh
In order to detect errorneous scripts on remote side, catch return code
and handle it respectively.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
Reviewed-by: Ross Shen @sjtuross
2022-03-18 09:07:59 +01:00
Andreas Bießmann
9d6d96adf3 deploy/routeros.sh: fix routeros script
Commit c46ceb06b4 introduced an error in
routeros script.

Fix it!

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-03-17 12:24:42 +01:00
Andreas Bießmann
c46ceb06b4 deploy/routeros.sh: change DEPLOY_SCRIPT_CMD
This set the owner of script to ssh user, have the comment line in script
as real comment and removes policy since this is set from current user,
at least for RouterOS 7.x.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-02-19 14:13:01 +01:00
Andreas Bießmann
92e4ecce3b deploy/routeros.sh: remove all certificates
As the script is applying the fullchain which includes three certificates,
delete all of them before applying updated certificate.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-02-19 14:13:01 +01:00
Andreas Bießmann
8a2f673903 deploy/routeros.sh: make ssh/scp configurable
In order to modify ssh/scp commands make them configurable via
environment variables.

Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
2022-02-19 14:12:59 +01:00
Mac_Zhou
205e95a246 Add environment variables ROUTER_OS_PORT 2022-02-10 11:29:09 +08:00
John Elliott
3a99a77104 Update return statement 2022-02-07 21:55:12 -08:00
John Elliott
5ce8050e46 Update missing oathtool check 2022-02-07 11:58:14 -08:00
John Elliott
5ae3a020bd Add err log for missing oathtool in Synology
Alerts the user that the oathtool is missing and the TOTP can't be
generated.
2022-02-07 11:53:24 -08:00
Ross Shen
67c990e8cf omv deploy hook: add usage comments 2022-01-20 17:46:47 +08:00
Ross Shen
0292e20c86 omv deploy hook: support both local and remote deployment 2022-01-20 17:27:11 +08:00
Ross Shen
a78a4e6716 omv deploy hook: shellcheck disable=SC2029 2022-01-19 21:42:17 +08:00
Ross Shen
6bbf927f57 omv deploy hook: separate DEPLOY_OMV_WEBUI_ADMIN and DEPLOY_OMV_SSH_USER 2022-01-19 21:13:02 +08:00
Ross Shen
dca9def42c add remote deploy hook for openmediavault 5
based on #3757
2022-01-19 12:36:54 +08:00
Ross Shen
edee7ea284 routeros deploy hook: store the env vars within the domainconf
related to #2344 and #2413
2022-01-16 20:46:09 +08:00
neil
658d09ed84
Merge pull request #3396 from F-Plass/master
deploy scipt for TrueNAS Server using REST API
2022-01-16 08:17:49 +08:00
Sergey Pashinin
7e7291ace9
Support Vault KV v2 (#3502) 2022-01-09 11:01:38 +08:00
neil
c959d64099
Merge pull request #3807 from dacrystal/topic/synology_dsm-otp_code
Add SYNO_TOTP_SECRET for user with two-factor authentication enabled
2022-01-08 20:03:13 +08:00
Frank Wall
6aa1ec0802 deploy/fritzbox: allow hook to be used with multiple fritzboxes
Previously the deploy hook config was stored in the account config.
This seems odd and adds unnecessary limitations to the hook.
Now we're using the correct _*deployconf() functions to read and
write the deploy hook config.
2022-01-06 16:20:43 +01:00
F-Plass
b203f2abaa
Merge branch 'acmesh-official:master' into master 2021-12-03 17:18:44 +01:00
Nasser Alansari
4635dacf7f Add SYNO_TOTP_SECRET for user with two-factor authentication 2021-11-13 13:01:38 +03:00
F-Plass
3bcb91f6ae Update truenas.sh
solved the problem of UI-Restart after 12.0-U3
2021-11-11 23:03:00 +01:00
Miguel Angelo
a31ed4a723 Notify user about a possible problem when using synology_dsm.sh with 2fa enabled user account 2021-11-01 01:40:14 -03:00
neil
fba6de76b1
Merge pull request #3687 from gstrauss/use-getdeployconf
use _getdeployconf instead of sourcing DOMAIN_CONF
2021-10-01 12:41:12 +08:00
Glenn Strauss
8419b42e83 use ${ACME_OPENSSL_BIN:-openssl} instead of openssl
(requested by @Neilpang in #3687)
2021-09-30 19:00:39 -04:00
Nookery
2447fccf1e
name="snis" => name="snis[]"
kong 2.5.x,snis参数是一个数组
2021-09-04 16:59:50 +08:00
Glenn Strauss
c43c711f72 use _getdeployconf instead of sourcing DOMAIN_CONF
(requested by @Neilpang in #3394)

github: closes #3394
2021-09-01 16:37:10 -04:00
Michael Weber
f354e6de69 lighttpd deploy hook
* verbatim copy from haproxy.sh, s/haproxy/lighttpd
* enable issuer
2021-09-01 16:33:24 -04:00
neil
f41f93af3a
Merge pull request #3491 from bgarret/consul-deploy-hook
Consul deploy hooks
2021-06-24 20:25:01 +08:00
Brian Hartvigsen
dcb51683c5
shellcheck cleanup
shellcheck sees '\\' as trying to escape the trailing quote (see
koalaman/shellcheck#1548 ).
2021-05-26 15:25:58 -06:00
Brian Hartvigsen
74a4a788b1
Make certificate descriptions sed safe
This escapes special characters used in POSIX sed to prevent mismatches.
e.g. `SYNO_Certficiate=*.example.com` would not match a description of
"*.example.com" and would look to match any number of double quotes (the
last character in the sed regex prior to certificate description),
followed by any single character, followed by "example", followed by any
character, followed by "com".

After this change, it will properly match `*.example.com` and not
`""zexamplefcom`.

Additionally we now store the certificate description as base64 encoded
to prevent issues with single quotes.

Tested on DSM 7.0-41222 (VDSM) and DSM 6.2.4-25556 (DS1515+).
2021-05-26 15:25:58 -06:00
Brian Hartvigsen
5ab9ca1c0d
Better fix for Synology DSM setting wrong default
As noted by @buxm, previous fix didn't work for all versions of DSM 6.
The better fix appears to be simply not outputting the "as_default"
parameter unless we are doing something with the default certificate.
2021-05-19 13:21:34 -06:00
Benoit Garret
07afc4953a Fix the shfmt check 2021-05-07 12:12:30 +02:00
neil
8c14150536
Merge pull request #3350 from temoffey/deploy-gcore_cdn
Deploy gcore_cdn fix
2021-05-05 23:48:37 +08:00
Benoit Garret
c127903127 Add Consul deploy hook 2021-05-05 10:01:09 +02:00
Brian Hartvigsen
1a4a180e8c
FIX: Synology sets "default" on wrong certificate
For some DSM installs, it appears that setting the "default" flag to the
string "false" actually sets it to true.  This causes Synology to set
the last updated certificate to be the default certificate.  Using an
empty string appears to still be accepted as a false-y value for DSMs
where this isn't happening and corrects the behavior in the cases that
it was.

Credit to @Run-King for identifying the fix and @buxm for reporting.
2021-05-02 13:37:59 -06:00
neil
e71238571a
Merge pull request #3464 from jpbede/cleverreach-deploy-sublient
CleverReach Deploy Hook: Allow deploy to agency subaccounts
2021-04-04 19:03:33 +08:00
Jan-Philipp Benecke
2867ec509e
Make CI happy 2021-03-30 09:18:33 +02:00
Jan-Philipp Benecke
d853a9ebbe
Make uploading cert to subaccount possible 2021-03-30 09:13:32 +02:00
Christophe Le Guern
cc90f83463
Use 'vault kv put' instead of 'vault write'
When using vault_cli with a kv2 path, it isn't working. I have the following error:
```
WARNING! The following warnings were returned from Vault:                                                                                                                                                                                     
                                                                                                                                                                                                                                              
  * Invalid path for a versioned K/V secrets engine. See the API docs for the                                                                                                                                                                 
  appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put'                                                                                                                                                                
  for this operation.                                                                                                                                                                                                                         
```
The new way to write data  is to use `vault kv put`, it is compatible with kv1 and kv2.
Ref: https://www.vaultproject.io/docs/commands#reading-and-writing-data
```
The original version of K/V used the common read and write operations. A more advanced K/V Version 2 engine was released in Vault 0.10 and introduced the kv get and kv put commands.
```
2021-03-29 15:10:14 +02:00
Jan-Philipp Benecke
1530abbd1a
Make uploading cert to subaccount possible 2021-03-26 15:37:12 +01:00
F-Plass
4bb8e3a121 Update truenas.sh
-error handling
2021-02-21 22:48:31 +01:00
F-Plass
eacc00f786 Update truenas.sh
- check if curl exists
- check if wget exist, then errortext and exit scipt
- _get command "restartUI"  wirh info about curl error 52
2021-02-21 22:42:24 +01:00
Mike Edmunds
bf8c33703c
Fix: Unifi deploy hook support Unifi Cloud Key (#3327)
* fix: unifi deploy hook also update Cloud Key nginx certs

When running on a Unifi Cloud Key device, also deploy to
/etc/ssl/private/cloudkey.{crt,key} and reload nginx. This
makes the new cert available for the Cloud Key management
app running via nginx on port 443 (as well as the port 8443
Unifi Controller app the deploy hook already supported).

Fixes #3326

* Improve settings documentation comments

* Improve Cloud Key pre-flight error messaging

* Fix typo

* Add support for UnifiOS (Cloud Key Gen2)

Since UnifiOS does not use the Java keystore (like a Unifi
Controller or Cloud Key Gen1 deploy), this also reworks
the settings validation and error messaging somewhat.

* PR review fixes

* Detect unsupported Cloud Key java keystore location

* Don't try to restart inactive services

(and remove extra spaces from reload command)

* Clean up error messages and internal variables

* Change to _getdeployconf/_savedeployconf

* Switch from cp to cat to preserve file permissions
2021-02-15 15:01:21 +08:00