support Standalone server

2024-11-09 16:01:46 +00:00 · 2016-01-05 21:54:38 +08:00 · 2016-01-05 21:54:38 +08:00 · 67afa94047
commit 67afa94047
parent 7d076cfcea
1 changed files with 70 additions and 22 deletions
--- a/le.sh
+++ b/le.sh
@ -1,17 +1,12 @@
 #!/bin/bash


-WORKING_DIR=~/.le
-
-CURL_HEADER=""
-HEADER=""
-HEADERPLACE=""
-ACCOUNT_EMAIL=""

 DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
+DEFAULT_AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"

-API=$DEFAULT_CA
-
+API="$DEFAULT_CA"
+AGREEMENT="$DEFAULT_AGREEMENT"

 _debug() {

@ -213,8 +208,35 @@ _setopt() {
  _debug "$(grep -H -n "^$__opt$__sep" $__conf)"
 }

+_startserver() {
+  content="$1"
+  while true ; do
+    if [ -z "$DEBUG" ] ; then
+      echo -e -n "HTTP/1.1 200 OK\r\n\r\n$content" | nc -q 1 -l -p 80 > /dev/null
+    else
+      echo -e -n "HTTP/1.1 200 OK\r\n\r\n$content" | nc -q 1 -l -p 80
+    fi
+  done
+}
+
+_stopserver() {
+  pid="$1"
+  if [ "$pid" ] ; then
+    if [ -z "$DEBUG" ] ; then
+      kill -s 9 $pid 2>&1
+      killall -s 9  nc 2>&1
+    else
+      kill -s 9 $pid 2>&1 > /dev/null
+      killall -s 9  nc 2>&1 > /dev/null
+    fi
+  fi
+}
+
 _initpath() {
-  WORKING_DIR=~/.le
+  if [ -z "$WORKING_DIR" ]; then
+    WORKING_DIR=~/.le
+  fi
+  
  domain=$1
  mkdir -p $WORKING_DIR
  ACCOUNT_KEY_PATH=$WORKING_DIR/account.acc
@ -260,9 +282,23 @@ issue() {
    fi
  fi
  
-  if [ -z "$Le_Webroot" ] ; then
-    echo Usage: $0 webroot a.com [b.com,c.com]  [key-length]
-    return 1
+  if [ "$Le_Webroot" == "no" ] ; then
+    _info "Standalone mode."
+    if ! command -v "nc" > /dev/null ; then
+      _err "Please install netcat(nc) tools first."
+      return 1
+    fi
+    if ! command -v "netstat" > /dev/null ; then
+      _err "Please install netstat first."
+      return 1
+    fi
+    netprc="$(netstat -antpl | grep ':80 ')"
+    if [ "$netprc" ] ; then
+      _err "$netprc"
+      _err "tcp port 80 is already used by $(echo "$netprc" | cut -d '/' -f 2)"
+      _err "Please stop it first"
+      return 1
+    fi
  fi

  createAccountKey $Le_Domain $Le_Keylength
@ -294,9 +330,9 @@ issue() {
  
  
  _info "Registering account"
-  regjson='{"resource": "new-reg", "agreement": "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}'
+  regjson='{"resource": "new-reg", "agreement": "'$AGREEMENT'"}'
  if [ "$ACCOUNT_EMAIL" ] ; then
-    regjson='{"resource": "new-reg", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"}'
+    regjson='{"resource": "new-reg", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "'$AGREEMENT'"}'
  fi  
  _send_signed_request   "$API/acme/new-reg"  "$regjson"
  
@ -337,13 +373,20 @@ issue() {
    keyauthorization="$token.$thumbprint"
    _debug keyauthorization "$keyauthorization"
    
-    wellknown_path="$Le_Webroot/.well-known/acme-challenge"
-    _debug wellknown_path "$wellknown_path"
-    
-    mkdir -p "$wellknown_path"
-    wellknown_path="$wellknown_path/$token"
-    echo -n "$keyauthorization" > $wellknown_path
-    
+    if [ "$Le_Webroot" == "no" ] ; then
+      _info "Standalone mode server"
+      _startserver "$keyauthorization" & 2>&1 >/dev/null
+      serverproc="$!"
+      sleep 2
+      _debug serverproc $serverproc
+    else
+      wellknown_path="$Le_Webroot/.well-known/acme-challenge"
+      _debug wellknown_path "$wellknown_path"
+      
+      mkdir -p "$wellknown_path"
+      wellknown_path="$wellknown_path/$token"
+      echo -n "$keyauthorization" > $wellknown_path
+    fi
    wellknown_url="http://$d/.well-known/acme-challenge/$token"
    _debug wellknown_url "$wellknown_url"
    
@ -352,6 +395,7 @@ issue() {
    
    if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
      _err "challenge error: $d"
+      _stopserver $serverproc
      return 1
    fi
    
@ -362,6 +406,7 @@ issue() {
      
      if ! _get $uri ; then
        _err "Verify error:$resource"
+        _stopserver $serverproc
        return 1
      fi
      
@ -374,6 +419,7 @@ issue() {
      if [ "$status" == "invalid" ] ; then
         error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
        _err "Verify error:$error"
+        _stopserver $serverproc
        return 1;
      fi
      
@ -381,10 +427,12 @@ issue() {
        _info "Verify pending:$d"
      else
        _err "Verify error:$response" 
+        _stopserver $serverproc
        return 1
      fi
      
-    done    
+    done
+    _stopserver $serverproc
  done 
  
  _info "Verify finished, start to sign."