mirror of
https://github.com/plantroon/acme.sh.git
synced 2025-01-26 13:31:49 +00:00
Merge pull request #809 from thecantero/patch-1
Update to support Kong-v0.10.x
This commit is contained in:
commit
c97c79ab2f
@ -21,8 +21,11 @@ acme.sh --deploy -d example.com --deploy-hook cpanel
|
|||||||
## 2. Deploy ssl cert on kong proxy engine based on api.
|
## 2. Deploy ssl cert on kong proxy engine based on api.
|
||||||
|
|
||||||
Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
|
Before you can deploy your cert, you must [issue the cert first](https://github.com/Neilpang/acme.sh/wiki/How-to-issue-a-cert).
|
||||||
|
Currently supports Kong-v0.10.x.
|
||||||
|
|
||||||
(TODO)
|
```sh
|
||||||
|
acme.sh --deploy -d ftp.example.com --deploy-hook kong
|
||||||
|
```
|
||||||
|
|
||||||
## 3. Deploy the cert to remote server through SSH access.
|
## 3. Deploy the cert to remote server through SSH access.
|
||||||
|
|
||||||
|
@ -1,13 +1,7 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
# If certificate already exist it will update only cert and key not touching other parameter
|
||||||
# This deploy hook will deploy ssl cert on kong proxy engine based on api request_host parameter.
|
# If certificate doesn't exist it will only upload cert and key and not set other parameter
|
||||||
# Note that ssl plugin should be available on Kong instance
|
# Note that we deploy full chain
|
||||||
# The hook will match cdomain to request_host, in case of multiple domain it will always take the first
|
|
||||||
# one (acme.sh behaviour).
|
|
||||||
# If ssl config already exist it will update only cert and key not touching other parameter
|
|
||||||
# If ssl config doesn't exist it will only upload cert and key and not set other parameter
|
|
||||||
# Not that we deploy full chain
|
|
||||||
# See https://getkong.org/plugins/dynamic-ssl/ for other options
|
|
||||||
# Written by Geoffroi Genot <ggenot@voxbone.com>
|
# Written by Geoffroi Genot <ggenot@voxbone.com>
|
||||||
|
|
||||||
######## Public functions #####################
|
######## Public functions #####################
|
||||||
@ -31,14 +25,15 @@ kong_deploy() {
|
|||||||
_debug _cca "$_cca"
|
_debug _cca "$_cca"
|
||||||
_debug _cfullchain "$_cfullchain"
|
_debug _cfullchain "$_cfullchain"
|
||||||
|
|
||||||
#Get uuid linked to the domain
|
#Get ssl_uuid linked to the domain
|
||||||
uuid=$(_get "$KONG_URL/apis?request_host=$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
|
ssl_uuid=$(_get "$KONG_URL/certificates/$_cdomain" | _normalizeJson | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
|
||||||
if [ -z "$uuid" ]; then
|
if [ -z "$ssl_uuid" ]; then
|
||||||
_err "Unable to get Kong uuid for domain $_cdomain"
|
_debug "Unable to get Kong ssl_uuid for domain $_cdomain"
|
||||||
_err "Make sure that KONG_URL is correctly configured"
|
_debug "Make sure that KONG_URL is correctly configured"
|
||||||
_err "Make sure that a Kong api request_host match the domain"
|
_debug "Make sure that a Kong certificate match the sni"
|
||||||
_err "Kong url: $KONG_URL"
|
_debug "Kong url: $KONG_URL"
|
||||||
return 1
|
_info "No existing certificate, creating..."
|
||||||
|
#return 1
|
||||||
fi
|
fi
|
||||||
#Save kong url if it's succesful (First run case)
|
#Save kong url if it's succesful (First run case)
|
||||||
_saveaccountconf KONG_URL "$KONG_URL"
|
_saveaccountconf KONG_URL "$KONG_URL"
|
||||||
@ -48,12 +43,14 @@ kong_deploy() {
|
|||||||
#Set Header
|
#Set Header
|
||||||
_H1="Content-Type: multipart/form-data; boundary=$delim"
|
_H1="Content-Type: multipart/form-data; boundary=$delim"
|
||||||
#Generate data for request (Multipart/form-data with mixed content)
|
#Generate data for request (Multipart/form-data with mixed content)
|
||||||
#set name to ssl
|
if [ -z "$ssl_uuid" ]; then
|
||||||
content="--$delim${nl}Content-Disposition: form-data; name=\"name\"${nl}${nl}ssl"
|
#set sni to domain
|
||||||
|
content="--$delim${nl}Content-Disposition: form-data; name=\"snis\"${nl}${nl}$_cdomain"
|
||||||
|
fi
|
||||||
#add key
|
#add key
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"key\"; filename=\"$(basename "$_ckey")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_ckey")"
|
||||||
#Add cert
|
#Add cert
|
||||||
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"config.cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
|
content="$content${nl}--$delim${nl}Content-Disposition: form-data; name=\"cert\"; filename=\"$(basename "$_cfullchain")\"${nl}Content-Type: application/octet-stream${nl}${nl}$(cat "$_cfullchain")"
|
||||||
#Close multipart
|
#Close multipart
|
||||||
content="$content${nl}--$delim--${nl}"
|
content="$content${nl}--$delim--${nl}"
|
||||||
#Convert CRLF
|
#Convert CRLF
|
||||||
@ -61,17 +58,16 @@ kong_deploy() {
|
|||||||
#DEBUG
|
#DEBUG
|
||||||
_debug header "$_H1"
|
_debug header "$_H1"
|
||||||
_debug content "$content"
|
_debug content "$content"
|
||||||
#Check if ssl plugins is aready enabled (if not => POST else => PATCH)
|
#Check if sslcreated (if not => POST else => PATCH)
|
||||||
ssl_uuid=$(_get "$KONG_URL/apis/$uuid/plugins" | _egrep_o '"id":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}"[a-zA-Z0-9\-\,\"_\:]*"name":"ssl"' | _egrep_o '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}')
|
|
||||||
_debug ssl_uuid "$ssl_uuid"
|
|
||||||
if [ -z "$ssl_uuid" ]; then
|
if [ -z "$ssl_uuid" ]; then
|
||||||
#Post certificate to Kong
|
#Post certificate to Kong
|
||||||
response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins" "" "POST")
|
response=$(_post "$content" "$KONG_URL/certificates" "" "POST")
|
||||||
else
|
else
|
||||||
#patch
|
#patch
|
||||||
response=$(_post "$content" "$KONG_URL/apis/$uuid/plugins/$ssl_uuid" "" "PATCH")
|
response=$(_post "$content" "$KONG_URL/certificates/$ssl_uuid" "" "PATCH")
|
||||||
fi
|
fi
|
||||||
if ! [ "$(echo "$response" | _egrep_o "ssl")" = "ssl" ]; then
|
if ! [ "$(echo "$response" | _egrep_o "created_at")" = "created_at" ]; then
|
||||||
_err "An error occurred with cert upload. Check response:"
|
_err "An error occurred with cert upload. Check response:"
|
||||||
_err "$response"
|
_err "$response"
|
||||||
return 1
|
return 1
|
||||||
|
Loading…
x
Reference in New Issue
Block a user