58 lines
1.5 KiB

8 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
8 years ago
  1. #!/usr/bin/env sh
  2. #Here is a script to deploy cert to haproxy server.
  3. #returns 0 means success, otherwise error.
  4. ######## Public functions #####################
  5. #domain keyfile certfile cafile fullchain
  6. haproxy_deploy() {
  7. _cdomain="$1"
  8. _ckey="$2"
  9. _ccert="$3"
  10. _cca="$4"
  11. _cfullchain="$5"
  12. _debug _cdomain "$_cdomain"
  13. _debug _ckey "$_ckey"
  14. _debug _ccert "$_ccert"
  15. _debug _cca "$_cca"
  16. _debug _cfullchain "$_cfullchain"
  17. # handle reload preference
  18. DEFAULT_HAPROXY_RELOAD="/usr/sbin/service haproxy restart"
  19. if [ -z "${DEPLOY_HAPROXY_RELOAD}" ]; then
  20. _reload="${DEFAULT_HAPROXY_RELOAD}"
  21. _cleardomainconf DEPLOY_HAPROXY_RELOAD
  22. else
  23. _reload="${DEPLOY_HAPROXY_RELOAD}"
  24. _savedomainconf DEPLOY_HAPROXY_RELOAD "$DEPLOY_HAPROXY_RELOAD"
  25. fi
  26. _savedomainconf DEPLOY_HAPROXY_PEM_PATH "$DEPLOY_HAPROXY_PEM_PATH"
  27. # work out the path where the PEM file should go
  28. _pem_path="${DEPLOY_HAPROXY_PEM_PATH}"
  29. if [ -z "$_pem_path" ]; then
  30. _err "Path to save PEM file not found. Please define DEPLOY_HAPROXY_PEM_PATH."
  31. return 1
  32. fi
  33. _pem_full_path="$_pem_path/$_cdomain.pem"
  34. _info "Full path to PEM $_pem_full_path"
  35. # combine the key and fullchain into a single pem and install
  36. cat "$_cfullchain" "$_ckey" >"$_pem_full_path"
  37. chmod 600 "$_pem_full_path"
  38. _info "Certificate successfully deployed"
  39. # restart HAProxy
  40. _info "Run reload: $_reload"
  41. if eval "$_reload"; then
  42. _info "Reload success!"
  43. return 0
  44. else
  45. _err "Reload error"
  46. return 1
  47. fi
  48. }