You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

128 lines
4.4 KiB

6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
6 years ago
  1. #!/usr/bin/env sh
  2. # Here is the script to deploy the cert to G-Core CDN service (https://gcorelabs.com/ru/) using the G-Core Labs API (https://docs.gcorelabs.com/cdn/).
  3. # Uses command line curl for send requests and jq for parse responses.
  4. # Returns 0 when success.
  5. #
  6. # Written by temoffey <temofffey@gmail.com>
  7. # Public domain, 2019
  8. #export DEPLOY_GCORE_CDN_USERNAME=myusername
  9. #export DEPLOY_GCORE_CDN_PASSWORD=mypassword
  10. ######## Public functions #####################
  11. #domain keyfile certfile cafile fullchain
  12. gcore_cdn_deploy() {
  13. _cdomain="$1"
  14. _ckey="$2"
  15. _ccert="$3"
  16. _cca="$4"
  17. _cfullchain="$5"
  18. _debug _cdomain "$_cdomain"
  19. _debug _ckey "$_ckey"
  20. _debug _ccert "$_ccert"
  21. _debug _cca "$_cca"
  22. _debug _cfullchain "$_cfullchain"
  23. _fullchain=$(awk 1 ORS='\\n' "$_cfullchain")
  24. _key=$(awk 1 ORS='\\n' "$_ckey")
  25. _debug _fullchain "$_fullchain"
  26. _debug _key "$_key"
  27. if [ -z "$DEPLOY_GCORE_CDN_USERNAME" ]; then
  28. if [ -z "$Le_Deploy_gcore_cdn_username" ]; then
  29. _err "Please define the target username: export DEPLOY_GCORE_CDN_USERNAME=username"
  30. return 1
  31. fi
  32. else
  33. Le_Deploy_gcore_cdn_username="$DEPLOY_GCORE_CDN_USERNAME"
  34. _savedomainconf Le_Deploy_gcore_cdn_username "$Le_Deploy_gcore_cdn_username"
  35. fi
  36. if [ -z "$DEPLOY_GCORE_CDN_PASSWORD" ]; then
  37. if [ -z "$Le_Deploy_gcore_cdn_password" ]; then
  38. _err "Please define the target password: export DEPLOY_GCORE_CDN_PASSWORD=password"
  39. return 1
  40. fi
  41. else
  42. Le_Deploy_gcore_cdn_password="$DEPLOY_GCORE_CDN_PASSWORD"
  43. _savedomainconf Le_Deploy_gcore_cdn_password "$Le_Deploy_gcore_cdn_password"
  44. fi
  45. if ! [ -x "$(command -v jq)" ]; then
  46. _err "Please install the package jq: sudo apt-get install jq"
  47. return 1
  48. fi
  49. _info "Get authorization token"
  50. _request="{ \"username\": \"$Le_Deploy_gcore_cdn_username\", \"password\": \"$Le_Deploy_gcore_cdn_password\" }"
  51. _debug _request "$_request"
  52. _response=$(curl -s -X POST https://api.gcdn.co/auth/signin -H "Content-Type:application/json" -d "$_request")
  53. _debug _response "$_response"
  54. _token=$(echo "$_response" | jq -r '.token')
  55. _debug _token "$_token"
  56. if [ "$_token" = "null" ]; then
  57. _err "Error G-Core Labs API authorization"
  58. return 1
  59. fi
  60. _info "Find CDN resource with cname $_cdomain"
  61. _response=$(curl -s -X GET https://api.gcdn.co/resources -H "Authorization:Token $_token")
  62. _debug _response "$_response"
  63. _resource=$(echo "$_response" | jq -r ".[] | select(.cname == \"$_cdomain\")")
  64. _debug _resource "$_resource"
  65. _resourceId=$(echo "$_resource" | jq -r '.id')
  66. _sslDataOld=$(echo "$_resource" | jq -r '.sslData')
  67. _originGroup=$(echo "$_resource" | jq -r '.originGroup')
  68. _debug _resourceId "$_resourceId"
  69. _debug _sslDataOld "$_sslDataOld"
  70. _debug _originGroup "$_originGroup"
  71. if [ -z "$_resourceId" ] || [ "$_resourceId" = "null" ] || [ -z "$_originGroup" ] || [ "$_originGroup" = "null" ]; then
  72. _err "Not found CDN resource with cname $_cdomain"
  73. return 1
  74. fi
  75. _info "Add new SSL certificate"
  76. _date=$(date "+%d.%m.%Y %H:%M:%S")
  77. _request="{ \"name\": \"$_cdomain ($_date)\", \"sslCertificate\": \"$_fullchain\n\", \"sslPrivateKey\": \"$_key\n\" }"
  78. _debug _request "$_request"
  79. _response=$(curl -s -X POST https://api.gcdn.co/sslData -H "Content-Type:application/json" -H "Authorization:Token $_token" -d "$_request")
  80. _debug _response "$_response"
  81. _sslDataAdd=$(echo "$_response" | jq -r '.id')
  82. _debug _sslDataAdd "$_sslDataAdd"
  83. if [ "$_sslDataAdd" == "null" ]; then
  84. _err "Error new SSL certificate add"
  85. return 1
  86. fi
  87. _info "Update CDN resource"
  88. _request="{ \"originGroup\": $_originGroup, \"sslData\": $_sslDataAdd }"
  89. _debug _request "$_request"
  90. _response=$(curl -s -X PUT "https://api.gcdn.co/resources/$_resourceId" -H "Content-Type:application/json" -H "Authorization:Token $_token" -d "$_request")
  91. _debug _response "$_response"
  92. _sslDataNew=$(echo "$_response" | jq -r '.sslData')
  93. _debug _sslDataNew "$_sslDataNew"
  94. if [ "$_sslDataNew" != "$_sslDataAdd" ]; then
  95. _err "Error CDN resource update"
  96. return 1
  97. fi
  98. if [ -z "$_sslDataOld" ] || [ "$_sslDataOld" = "null" ]; then
  99. _info "Not found old SSL certificate"
  100. else
  101. _info "Delete old SSL certificate"
  102. _response=$(curl -s -X DELETE "https://api.gcdn.co/sslData/$_sslDataOld" -H "Authorization:Token $_token")
  103. _debug _response "$_response"
  104. fi
  105. _info "Certificate successfully deployed"
  106. return 0
  107. }