|
|
@@ -3,18 +3,29 @@
|
|
|
# Uses command line uapi. --user option is needed only if run as root.
|
|
|
# Returns 0 when success.
|
|
|
#
|
|
|
+# Configure DEPLOY_CPANEL_AUTO_<...> options to enable or restrict automatic
|
|
|
+# detection of deployment targets through UAPI (if not set, defaults below are used.)
|
|
|
+# - ENABLED : 'true' for multi-site / wildcard capability; otherwise single-site mode.
|
|
|
+# - NOMATCH : 'true' to allow deployment to sites that do not match the certificate.
|
|
|
+# - INCLUDE : Comma-separated list - sites must match this field.
|
|
|
+# - EXCLUDE : Comma-separated list - sites must NOT match this field.
|
|
|
+# INCLUDE/EXCLUDE both support non-lexical, glob-style matches using '*'
|
|
|
+#
|
|
|
# Please note that I am no longer using Github. If you want to report an issue
|
|
|
# or contact me, visit https://forum.webseodesigners.com/web-design-seo-and-hosting-f16/
|
|
|
#
|
|
|
# Written by Santeri Kannisto <[email protected]>
|
|
|
# Public domain, 2017-2018
|
|
|
-
|
|
|
-#export DEPLOY_CPANEL_USER=myusername
|
|
|
+#
|
|
|
+# export DEPLOY_CPANEL_USER=myusername
|
|
|
+# export DEPLOY_CPANEL_AUTO_ENABLED='true'
|
|
|
+# export DEPLOY_CPANEL_AUTO_NOMATCH='false'
|
|
|
+# export DEPLOY_CPANEL_AUTO_INCLUDE='*'
|
|
|
+# export DEPLOY_CPANEL_AUTO_EXCLUDE=''
|
|
|
|
|
|
######## Public functions #####################
|
|
|
|
|
|
#domain keyfile certfile cafile fullchain
|
|
|
-
|
|
|
cpanel_uapi_deploy() {
|
|
|
_cdomain="$1"
|
|
|
_ckey="$2"
|
|
|
@@ -22,6 +33,9 @@ cpanel_uapi_deploy() {
|
|
|
_cca="$4"
|
|
|
_cfullchain="$5"
|
|
|
|
|
|
+ # re-declare vars inherited from acme.sh but not passed to make ShellCheck happy
|
|
|
+ : "${Le_Alt:=""}"
|
|
|
+
|
|
|
_debug _cdomain "$_cdomain"
|
|
|
_debug _ckey "$_ckey"
|
|
|
_debug _ccert "$_ccert"
|
|
|
@@ -32,31 +46,166 @@ cpanel_uapi_deploy() {
|
|
|
_err "The command uapi is not found."
|
|
|
return 1
|
|
|
fi
|
|
|
+
|
|
|
+ # declare useful constants
|
|
|
+ uapi_error_response='status: 0'
|
|
|
+
|
|
|
# read cert and key files and urlencode both
|
|
|
_cert=$(_url_encode <"$_ccert")
|
|
|
_key=$(_url_encode <"$_ckey")
|
|
|
|
|
|
- _debug _cert "$_cert"
|
|
|
- _debug _key "$_key"
|
|
|
+ _debug2 _cert "$_cert"
|
|
|
+ _debug2 _key "$_key"
|
|
|
|
|
|
if [ "$(id -u)" = 0 ]; then
|
|
|
- if [ -z "$DEPLOY_CPANEL_USER" ]; then
|
|
|
+ _getdeployconf DEPLOY_CPANEL_USER
|
|
|
+ # fallback to _readdomainconf for old installs
|
|
|
+ if [ -z "${DEPLOY_CPANEL_USER:=$(_readdomainconf DEPLOY_CPANEL_USER)}" ]; then
|
|
|
_err "It seems that you are root, please define the target user name: export DEPLOY_CPANEL_USER=username"
|
|
|
return 1
|
|
|
fi
|
|
|
- _savedomainconf DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER"
|
|
|
- _response=$(uapi --user="$DEPLOY_CPANEL_USER" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
|
|
|
- else
|
|
|
- _response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
|
|
|
+ _debug DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER"
|
|
|
+ _savedeployconf DEPLOY_CPANEL_USER "$DEPLOY_CPANEL_USER"
|
|
|
+
|
|
|
+ _uapi_user="$DEPLOY_CPANEL_USER"
|
|
|
fi
|
|
|
- error_response="status: 0"
|
|
|
- if test "${_response#*$error_response}" != "$_response"; then
|
|
|
- _err "Error in deploying certificate:"
|
|
|
- _err "$_response"
|
|
|
- return 1
|
|
|
+
|
|
|
+ # Load all AUTO envars and set defaults - see above for usage
|
|
|
+ __cpanel_initautoparam ENABLED 'true'
|
|
|
+ __cpanel_initautoparam NOMATCH 'false'
|
|
|
+ __cpanel_initautoparam INCLUDE '*'
|
|
|
+ __cpanel_initautoparam EXCLUDE ''
|
|
|
+
|
|
|
+ # Auto mode
|
|
|
+ if [ "$DEPLOY_CPANEL_AUTO_ENABLED" = "true" ]; then
|
|
|
+ # call API for site config
|
|
|
+ _response=$(uapi DomainInfo list_domains)
|
|
|
+ # exit if error in response
|
|
|
+ if [ -z "$_response" ] || [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
|
|
|
+ _err "Error in deploying certificate - cannot retrieve sitelist:"
|
|
|
+ _err "\n$_response"
|
|
|
+ return 1
|
|
|
+ fi
|
|
|
+
|
|
|
+ # parse response to create site list
|
|
|
+ sitelist=$(__cpanel_parse_response "$_response")
|
|
|
+ _debug "UAPI sites found: $sitelist"
|
|
|
+
|
|
|
+ # filter sitelist using configured domains
|
|
|
+ # skip if NOMATCH is "true"
|
|
|
+ if [ "$DEPLOY_CPANEL_AUTO_NOMATCH" = "true" ]; then
|
|
|
+ _debug "DEPLOY_CPANEL_AUTO_NOMATCH is true"
|
|
|
+ _info "UAPI nomatch mode is enabled - Will not validate sites are valid for the certificate"
|
|
|
+ else
|
|
|
+ _debug "DEPLOY_CPANEL_AUTO_NOMATCH is false"
|
|
|
+ d="$(echo "${Le_Alt}," | sed -e "s/^$_cdomain,//" -e "s/,$_cdomain,/,/")"
|
|
|
+ d="$(echo "$_cdomain,$d" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\[\^\.\]\*/g')"
|
|
|
+ sitelist="$(echo "$sitelist" | grep -ix "$d")"
|
|
|
+ _debug2 "Matched UAPI sites: $sitelist"
|
|
|
+ fi
|
|
|
+
|
|
|
+ # filter sites that do not match $DEPLOY_CPANEL_AUTO_INCLUDE
|
|
|
+ _info "Applying sitelist filter DEPLOY_CPANEL_AUTO_INCLUDE: $DEPLOY_CPANEL_AUTO_INCLUDE"
|
|
|
+ sitelist="$(echo "$sitelist" | grep -ix "$(echo "$DEPLOY_CPANEL_AUTO_INCLUDE" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")"
|
|
|
+ _debug2 "Remaining sites: $sitelist"
|
|
|
+
|
|
|
+ # filter sites that match $DEPLOY_CPANEL_AUTO_EXCLUDE
|
|
|
+ _info "Applying sitelist filter DEPLOY_CPANEL_AUTO_EXCLUDE: $DEPLOY_CPANEL_AUTO_EXCLUDE"
|
|
|
+ sitelist="$(echo "$sitelist" | grep -vix "$(echo "$DEPLOY_CPANEL_AUTO_EXCLUDE" | tr ',' '\n' | sed -e 's/\./\\./g' -e 's/\*/\.\*/g')")"
|
|
|
+ _debug2 "Remaining sites: $sitelist"
|
|
|
+
|
|
|
+ # counter for success / failure check
|
|
|
+ successes=0
|
|
|
+ if [ -n "$sitelist" ]; then
|
|
|
+ sitetotal="$(echo "$sitelist" | wc -l)"
|
|
|
+ _debug "$sitetotal sites to deploy"
|
|
|
+ else
|
|
|
+ sitetotal=0
|
|
|
+ _debug "No sites to deploy"
|
|
|
+ fi
|
|
|
+
|
|
|
+ # for each site: call uapi to publish cert and log result. Only return failure if all fail
|
|
|
+ for site in $sitelist; do
|
|
|
+ # call uapi to publish cert, check response for errors and log them.
|
|
|
+ if [ -n "$_uapi_user" ]; then
|
|
|
+ _response=$(uapi --user="$_uapi_user" SSL install_ssl domain="$site" cert="$_cert" key="$_key")
|
|
|
+ else
|
|
|
+ _response=$(uapi SSL install_ssl domain="$site" cert="$_cert" key="$_key")
|
|
|
+ fi
|
|
|
+ if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
|
|
|
+ _err "Error in deploying certificate to $site:"
|
|
|
+ _err "$_response"
|
|
|
+ else
|
|
|
+ successes=$((successes + 1))
|
|
|
+ _debug "$_response"
|
|
|
+ _info "Succcessfully deployed to $site"
|
|
|
+ fi
|
|
|
+ done
|
|
|
+
|
|
|
+ # Raise error if all updates fail
|
|
|
+ if [ "$sitetotal" -gt 0 ] && [ "$successes" -eq 0 ]; then
|
|
|
+ _err "Could not deploy to any of $sitetotal sites via UAPI"
|
|
|
+ _debug "successes: $successes, sitetotal: $sitetotal"
|
|
|
+ return 1
|
|
|
+ fi
|
|
|
+
|
|
|
+ _info "Successfully deployed certificate to $successes of $sitetotal sites via UAPI"
|
|
|
+ return 0
|
|
|
+ else
|
|
|
+ # "classic" mode - will only try to deploy to the primary domain; will not check UAPI first
|
|
|
+ if [ -n "$_uapi_user" ]; then
|
|
|
+ _response=$(uapi --user="$_uapi_user" SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
|
|
|
+ else
|
|
|
+ _response=$(uapi SSL install_ssl domain="$_cdomain" cert="$_cert" key="$_key")
|
|
|
+ fi
|
|
|
+
|
|
|
+ if [ "${_response#*"$uapi_error_response"}" != "$_response" ]; then
|
|
|
+ _err "Error in deploying certificate:"
|
|
|
+ _err "$_response"
|
|
|
+ return 1
|
|
|
+ fi
|
|
|
+
|
|
|
+ _debug response "$_response"
|
|
|
+ _info "Certificate successfully deployed"
|
|
|
+ return 0
|
|
|
fi
|
|
|
+}
|
|
|
+
|
|
|
+######## Private functions #####################
|
|
|
+
|
|
|
+# Internal utility to process YML from UAPI - only looks at main_domain and sub_domains
|
|
|
+#[response]
|
|
|
+__cpanel_parse_response() {
|
|
|
+ if [ $# -gt 0 ]; then resp="$*"; else resp="$(cat)"; fi
|
|
|
+
|
|
|
+ echo "$resp" |
|
|
|
+ sed -En \
|
|
|
+ -e 's/\r$//' \
|
|
|
+ -e 's/^( *)([_.[:alnum:]]+) *: *(.*)/\1,\2,\3/p' \
|
|
|
+ -e 's/^( *)- (.*)/\1,-,\2/p' |
|
|
|
+ awk -F, '{
|
|
|
+ level = length($1)/2;
|
|
|
+ section[level] = $2;
|
|
|
+ for (i in section) {if (i > level) {delete section[i]}}
|
|
|
+ if (length($3) > 0) {
|
|
|
+ prefix="";
|
|
|
+ for (i=0; i < level; i++)
|
|
|
+ { prefix = (prefix)(section[i])("/") }
|
|
|
+ printf("%s%s=%s\n", prefix, $2, $3);
|
|
|
+ }
|
|
|
+ }' |
|
|
|
+ sed -En -e 's/^result\/data\/(main_domain|sub_domains\/-)=(.*)$/\2/p'
|
|
|
+}
|
|
|
+
|
|
|
+# Load parameter by prefix+name - fallback to default if not set, and save to config
|
|
|
+#pname pdefault
|
|
|
+__cpanel_initautoparam() {
|
|
|
+ pname="$1"
|
|
|
+ pdefault="$2"
|
|
|
+ pkey="DEPLOY_CPANEL_AUTO_$pname"
|
|
|
|
|
|
- _debug response "$_response"
|
|
|
- _info "Certificate successfully deployed"
|
|
|
- return 0
|
|
|
+ _getdeployconf "$pkey"
|
|
|
+ [ -n "$(eval echo "\"\$$pkey\"")" ] || eval "$pkey=\"$pdefault\""
|
|
|
+ _debug2 "$pkey" "$(eval echo "\"\$$pkey\"")"
|
|
|
+ _savedeployconf "$pkey" "$(eval echo "\"\$$pkey\"")"
|
|
|
}
|
Danny Tix