Browse Source
Merge pull request #1584 from dwatrous/patch-1
Add HAProxy deploy implementation and documentation
master
neil
7 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with
54 additions and
2 deletions
deploy/README.md
deploy/haproxy.sh
@ -255,3 +255,23 @@ acme.sh --deploy -d fritzbox.example.com --deploy-hook fritzbox
```sh
```sh
acme.sh --deploy -d ftp.example.com --deploy-hook strongswan
acme.sh --deploy -d ftp.example.com --deploy-hook strongswan
```
```
## 10. Deploy the cert to HAProxy
You must specify the path where you want the concatenated key and certificate chain written.
```sh
export DEPLOY_HAPROXY_PEM_PATH=/etc/haproxy
```
You may optionally define the command to reload HAProxy. The value shown below will be used as the default if you don't set this environment variable.
```sh
export DEPLOY_HAPROXY_RELOAD="/usr/sbin/service haproxy restart"
```
You can then deploy the certificate as follows
```sh
acme.sh --deploy -d haproxy.example.com --deploy-hook haproxy
```
The path for the PEM file will be stored with the domain configuration and will be available when renewing, so that deploy will happen automatically when renewed.
@ -20,7 +20,39 @@ haproxy_deploy() {
_debug _cca " $_cca "
_debug _cca " $_cca "
_debug _cfullchain " $_cfullchain "
_debug _cfullchain " $_cfullchain "
_err "deploy cert to haproxy server, Not implemented yet"
return 1
# handle reload preference
DEFAULT_HAPROXY_RELOAD = "/usr/sbin/service haproxy restart"
if [ -z " ${ DEPLOY_HAPROXY_RELOAD } " ] ; then
_reload = " ${ DEFAULT_HAPROXY_RELOAD } "
_cleardomainconf DEPLOY_HAPROXY_RELOAD
else
_reload = " ${ DEPLOY_HAPROXY_RELOAD } "
_savedomainconf DEPLOY_HAPROXY_RELOAD " $DEPLOY_HAPROXY_RELOAD "
fi
_savedomainconf DEPLOY_HAPROXY_PEM_PATH " $DEPLOY_HAPROXY_PEM_PATH "
# work out the path where the PEM file should go
_pem_path = " ${ DEPLOY_HAPROXY_PEM_PATH } "
if [ -z " $_pem_path " ] ; then
_err "Path to save PEM file not found. Please define DEPLOY_HAPROXY_PEM_PATH."
return 1
fi
_pem_full_path = " $_pem_path / $_cdomain .pem "
_info " Full path to PEM $_pem_full_path "
# combine the key and fullchain into a single pem and install
cat " $_cfullchain " " $_ckey " >" $_pem_full_path "
chmod 600 " $_pem_full_path "
_info "Certificate successfully deployed"
# restart HAProxy
_info " Run reload: $_reload "
if eval " $_reload " ; then
_info "Reload success!"
return 0
else
_err "Reload error"
return 1
fi
}
}