Commit Graph

328 Commits

Author SHA1 Message Date
Brian Hartvigsen
74a4a788b1
Make certificate descriptions sed safe
This escapes special characters used in POSIX sed to prevent mismatches.
e.g. `SYNO_Certficiate=*.example.com` would not match a description of
"*.example.com" and would look to match any number of double quotes (the
last character in the sed regex prior to certificate description),
followed by any single character, followed by "example", followed by any
character, followed by "com".

After this change, it will properly match `*.example.com` and not
`""zexamplefcom`.

Additionally we now store the certificate description as base64 encoded
to prevent issues with single quotes.

Tested on DSM 7.0-41222 (VDSM) and DSM 6.2.4-25556 (DS1515+).
2021-05-26 15:25:58 -06:00
Brian Hartvigsen
5ab9ca1c0d
Better fix for Synology DSM setting wrong default
As noted by @buxm, previous fix didn't work for all versions of DSM 6.
The better fix appears to be simply not outputting the "as_default"
parameter unless we are doing something with the default certificate.
2021-05-19 13:21:34 -06:00
neil
8c14150536
Merge pull request #3350 from temoffey/deploy-gcore_cdn
Deploy gcore_cdn fix
2021-05-05 23:48:37 +08:00
Brian Hartvigsen
1a4a180e8c
FIX: Synology sets "default" on wrong certificate
For some DSM installs, it appears that setting the "default" flag to the
string "false" actually sets it to true.  This causes Synology to set
the last updated certificate to be the default certificate.  Using an
empty string appears to still be accepted as a false-y value for DSMs
where this isn't happening and corrects the behavior in the cases that
it was.

Credit to @Run-King for identifying the fix and @buxm for reporting.
2021-05-02 13:37:59 -06:00
neil
e71238571a
Merge pull request #3464 from jpbede/cleverreach-deploy-sublient
CleverReach Deploy Hook: Allow deploy to agency subaccounts
2021-04-04 19:03:33 +08:00
Jan-Philipp Benecke
2867ec509e
Make CI happy 2021-03-30 09:18:33 +02:00
Jan-Philipp Benecke
d853a9ebbe
Make uploading cert to subaccount possible 2021-03-30 09:13:32 +02:00
Christophe Le Guern
cc90f83463
Use 'vault kv put' instead of 'vault write'
When using vault_cli with a kv2 path, it isn't working. I have the following error:
```
WARNING! The following warnings were returned from Vault:                                                                                                                                                                                     
                                                                                                                                                                                                                                              
  * Invalid path for a versioned K/V secrets engine. See the API docs for the                                                                                                                                                                 
  appropriate API endpoints to use. If using the Vault CLI, use 'vault kv put'                                                                                                                                                                
  for this operation.                                                                                                                                                                                                                         
```
The new way to write data  is to use `vault kv put`, it is compatible with kv1 and kv2.
Ref: https://www.vaultproject.io/docs/commands#reading-and-writing-data
```
The original version of K/V used the common read and write operations. A more advanced K/V Version 2 engine was released in Vault 0.10 and introduced the kv get and kv put commands.
```
2021-03-29 15:10:14 +02:00
Jan-Philipp Benecke
1530abbd1a
Make uploading cert to subaccount possible 2021-03-26 15:37:12 +01:00
Mike Edmunds
bf8c33703c
Fix: Unifi deploy hook support Unifi Cloud Key (#3327)
* fix: unifi deploy hook also update Cloud Key nginx certs

When running on a Unifi Cloud Key device, also deploy to
/etc/ssl/private/cloudkey.{crt,key} and reload nginx. This
makes the new cert available for the Cloud Key management
app running via nginx on port 443 (as well as the port 8443
Unifi Controller app the deploy hook already supported).

Fixes #3326

* Improve settings documentation comments

* Improve Cloud Key pre-flight error messaging

* Fix typo

* Add support for UnifiOS (Cloud Key Gen2)

Since UnifiOS does not use the Java keystore (like a Unifi
Controller or Cloud Key Gen1 deploy), this also reworks
the settings validation and error messaging somewhat.

* PR review fixes

* Detect unsupported Cloud Key java keystore location

* Don't try to restart inactive services

(and remove extra spaces from reload command)

* Clean up error messages and internal variables

* Change to _getdeployconf/_savedeployconf

* Switch from cp to cat to preserve file permissions
2021-02-15 15:01:21 +08:00
neil
62c776d90c
Merge pull request #3343 from markchalloner/master
Add Peplink deploy hook
2021-01-16 13:26:43 +08:00
Mark Challoner
61549b4a74 Add Peplink deploy hook 2021-01-13 20:37:05 +00:00
tyahin
7ed7a57d92 deploy gcore_cdn fix syntax 2021-01-10 12:44:56 +03:00
tyahin
1eaf7c89b7 deploy gcore_cdn fix api 2021-01-10 12:39:20 +03:00
tyahin
1fff8dd306 deploy gcore_cdn fix auth 2021-01-10 12:39:12 +03:00
neil
54195b16ad
Merge pull request #3299 from tresni/synology_dsm
Add DSM7 support to synology_dsm deployhook
2020-12-22 22:45:22 +08:00
neil
15fb47cb3d fix https://github.com/acmesh-official/acme.sh/issues/3300 2020-12-10 20:22:14 +08:00
Brian Hartvigsen
2635dfef96
Shellcheck linting
Also removed unused code
2020-12-09 21:01:44 -07:00
Brian Hartvigsen
7d7789ae96
Support DSM 6 and 7
Small changes for DSM 6:

All fields (except enable_syno_token as explained below) must either be in the GET params or the POST params, you can't mix GET and POST params
enable_syno_token=yes must be in both the GET and POST params.
If enable_syno_token=yes is only in the POST fields, then DSM6 returns a synotoken of --------. If enable_syno_token=yes is only in the GET params, then it returns no synotoken at all. It must be in both to work.
Need to use /webapi/auth.cgi instead of /webapi/entry.cgi
Verified with DSM 6.2.3-25426 Update 2 and DSM 7.0-40850
2020-12-09 20:35:50 -07:00
Thijn
cc69285420
Fix synology_dsm deployhook for DSM 7 2020-12-09 19:47:31 -07:00
Brian Hartvigsen
99d3a283ef
Use POST for login
This allows us to get the cookie and the token (as it appears to be only in the body in DSM 7.)  HTTP_HEADERS is only guarenteed to be output with POST for both wget and curl.
2020-12-09 19:44:14 -07:00
neil
8440d013f8 fix 2020-12-07 22:01:30 +08:00
neil
174c87a192 fix 2020-12-07 21:42:31 +08:00
neil
32b62d6d4f fix 2020-12-07 21:41:08 +08:00
Christian Burmeister
2bc627970e
Update mailcow.sh
I have modified the following things:

    Originally, "/data/assets/ssl/" is always appended to the varialbe ${_mailcow_path}. Since I use acme.sh as docker container, I only want to include the mailcow-ssl directory in the acem.sh container and not the complete mailcow directory. So now it is checked if the file generate_config.sh is in the directory (then it is the mailcow root directory, see https://github.com/mailcow/mailcow-dockerized) and only then "/data/assets/ssl/" is appended, in all other cases the passed variable is taken over unchanged.

    Because of the RP mailcow/mailcow-dockerized#2443 I have extended the script with ECC certificates.

    I adapted the reboot commands as described in the mailcow manual (https://mailcow.github.io/mailcow-dockerized-docs/firststeps-ssl/#how-to-use-your-own-certificate).
2020-12-01 20:30:56 +01:00
neil
be067466fe
Merge pull request #3132 from jpbede/deploy-cleverreach
Add CleverReach Deploy API
2020-11-29 21:47:05 +08:00
Moritz H
ed01fd4edf uconv as fallback for iconv 2020-11-28 15:22:14 +01:00
neil
7530266330 remove dependency to md5 and awk 2020-11-09 20:14:22 +08:00
neil
97b87d4ce4
Merge pull request #3111 from pashinin/master
Vault deploy hook (using curl)
2020-11-02 22:37:43 +08:00
Sergey Pashinin
e203e98375
Use _savedeployconf 2020-11-02 16:46:09 +03:00
Sergey Pashinin
9fcd104065
Use _getdeployconf for env vars 2020-11-02 13:35:12 +03:00
Jan-Philipp Benecke
1db963361c
Rework based on review from Neilpang 2020-10-28 13:50:40 +01:00
Jan-Philipp Benecke
f7e12b629f
Update CleverReach REST Endpoint 2020-10-01 11:26:29 +02:00
Jan-Philipp Benecke
2a9c56d9e3
Formatting for CI 2020-08-28 11:30:23 +02:00
Jan-Philipp Benecke
39a5688464
Make CI happy 2020-08-28 11:28:06 +02:00
Jan-Philipp Benecke
e4e6173eff
CleverReach Deploy API 2020-08-28 11:21:20 +02:00
Sergey Pashinin
f511a52705
Using _post function 2020-08-24 00:05:21 +03:00
Sergey Pashinin
de692d3dcc
Vault deploy hook 2020-08-18 13:14:00 +03:00
neil
19c4345162 fix shfmt 2020-08-17 22:18:20 +08:00
Brian Hartvigsen
5f5096e1d4
Addressing issues found in DS218+ DSM
DS218+ appears to have a slighly different DSM that sends back headers in lowercase.

Reported by @BartSiwek in #2727
2020-07-25 21:56:18 -06:00
neil
7f33ae3bee
Merge pull request #3059 from andybotting/dev
Fix CI test failure for deploy/openstack.sh
2020-07-16 13:44:40 +08:00
neil
645135bf56
Merge pull request #3051 from szepeviktor/patch-2
Upgrade Travis image
2020-07-16 13:44:02 +08:00
Viktor Szépe
61613bee98
Fix SC2230 2020-07-16 06:13:15 +02:00
Andy Botting
3ce967d8e5 Fix CI test failure for deploy/openstack.sh 2020-07-16 13:53:21 +10:00
Andy Botting
9b23cd6d19 Add OpenStack Barbican deploy support
This provider relies on the the python-openstackclient and
python-designateclient tools be installed and working, with
either password or application credentials loaded in your env.
2020-07-16 09:59:40 +10:00
andrewheberle
01ebb6576d
Use base64 for reload
Ensure that reload command is encoded with base64 so special characters in command do not wreck config on renewals
2020-07-13 09:31:47 +08:00
Tony Gravagno
eca57beec1
Issue #2850 : grammar corrections for "exists" and "exist". 2020-06-29 11:29:10 -07:00
PM Extra
a78a09f594 Support multiple servers for SSH deployment. 2020-05-22 18:15:38 +08:00
neil
341f000b9c
Merge pull request #2947 from kref/patch-1
fix octal escapes for printf %b format
2020-05-19 13:45:42 +08:00
kref
0deea53931
fix octal escapes for printf %b format
Stop it from misinterpreting a following digit as part of the escape sequence
2020-05-19 13:27:00 +08:00