Commit Graph

329 Commits (3d7375be8b1aee9593ba16ccb47b55753f996b9d)

Author SHA1 Message Date
kref 0deea53931
fix octal escapes for printf %b format
Stop it from misinterpreting a following digit as part of the escape sequence
2020-05-19 13:27:00 +08:00
Brian Hartvigsen 694194be2f
Shellcheck fix
SYNO_Certificate gets set by _getdeployconf, so this may be an empty string but that's fine
2020-05-16 02:25:53 -06:00
Brian Hartvigsen c7f61f8b80
Allow rotating the default certificate which has no description
This means, by default, we will rotate the default certificate that comes with the DSM
2020-05-16 02:02:23 -06:00
Brian Hartvigsen 3a7c7fe4e8
Fix shellcheck issues 2020-05-16 00:19:18 -06:00
Brian Hartvigsen 668967a719
If SYNO_Create is not set here, print the nice message 2020-05-16 00:05:35 -06:00
Brian Hartvigsen d15c14ab93
Fix support for wget
I'm actually not entirely sure why/how this worked with curl but not wget, but it did.  The short answer is that using a GET does not result in the HTTP_HEADER file being written, instead you must pass in the http_headers param ($2) which will return the HTTP headers as a string.  Luckily, the Token is in both the body and the header.  We need it and the id (and smid if 2fa) cookie to proceed.  So now we parrse the response for that instead of the HTTP_HEADER file.

Interesting side note: wget is fine if the URL contains a \r or \n, but curl will barf on it.  So we need to make sure those are stripped from the token as it will be passed in the URL later.
2020-05-15 23:53:00 -06:00
Brian Hartvigsen 52b81608a1
need to _url_encode anything sent in GET requests
Fixes issue raised by @tatablack
2020-05-15 23:48:50 -06:00
Felix Bünemann cf5952f508
fix haproxy deploy hook ocsp update
fixes ocsp reponse update failing with `Responder Error: unauthorized (6)`
by removing `-no_nonce` switch from `openssl oscp` command .
2020-05-02 22:14:21 +02:00
neil b6fbb012ad
Merge pull request #2749 from dkerr64/ssh-deploy
Updates to ssh_deploy hook
2020-04-12 13:58:44 +08:00
ucando 6132af8ecb enable qiniu to deploy more than one domain 2020-03-26 14:59:23 +08:00
Brian Torres-Gil 0453d656d6 fix(deploy/panos): data format improvements
It was discovered in testing that PAN-OS < 9.0 has slightly different
requirements for the multipart/form-data format and requires the `type`
parameter to be passed in the URL. These corrections should work for all
PAN-OS versions.
2020-03-24 20:01:51 -07:00
dkerr64 f38df4df11 Make remote backup directory path user configurable. 2020-03-14 21:51:21 -04:00
dkerr64 554e083f3d For MULTI_CALL default to undefined, deleting entry in config file if set to "no" 2020-03-11 10:58:36 -04:00
Markus Lippert fd64c20807 store device ID 2020-03-08 20:22:31 +01:00
Markus Lippert 80f1034dd6 add OTP support 2020-03-08 19:49:46 +01:00
dkerr64 8ba573d196 Change variable name to MULTI_CALL so default can be "no" 2020-03-03 13:40:33 -05:00
dkerr64 f73a494407 Remove spaces on blank line to fix travis error 2020-02-22 22:09:28 -05:00
dkerr64 46ee74ed16 Remove variable from info/error printout that could potentially expose login credentials. 2020-02-22 22:05:06 -05:00
dkerr64 806b746fc0 Fix bug where backup and batch_mode yes/no values could not be changed.
Once set to "no" then they could never be set back to "yes"
2020-02-22 21:23:59 -05:00
dkerr64 cc820e97c6 Add support for DEPLOY_SSH_BATCH_MODE with default of yes.
Before this update all remote commands were bunched together and
sent to the remote host in a single SSH command.  This could result
in a very long sequence of commands that might be rejected by a
remote host (example is VMware ESXi that uses busybox sh).
With this update you can set DEPLOY_SSH_BATCH_MODE="no" and
each remote command is sent as a separate SSH call so now we
do not have big long sequence of commands.  Defaults to same
behaviour as before this update.
2020-02-22 21:10:42 -05:00
dkerr64 283b04df73 Move cleanup of backup directory to first step in the function. 2020-02-22 20:43:28 -05:00
dkerr64 6420d1239f Move call to remote system into separate function 2020-02-22 20:31:52 -05:00
dkerr64 3d9608faa0 Move -T parameter into default ssh command variable 2020-02-22 20:09:24 -05:00
xpac1985 e184a1b9e6
haproxy deploy script now compatible with OpenSSL v1.1+
haproxy deploy script now compatible with OpenSSL v1.1+

The OpenSSL OCSP request for haproxy deployment breaks from OpenSSL v1.1.0 on.
The format of the `-header` option has been changed and does now contain a `=` instead of a whitespace.
Other projects have hit the same issue:
https://github.com/nghttp2/nghttp2/issues/742

This commit determines the OpenSSL/LibreSSL version and then adjusts the request accordingly.
Also removed the duplicate command line and added some more debug output.
2020-02-20 23:28:55 +01:00
neil 754f7a7891
Merge pull request #2614 from PaloAltoNetworks/deploy-panos
Adding abillity to deploy cert to Palo Alto Networks Firewall via API.
2020-02-15 20:46:59 +08:00
Paul Nguyen 21450a08c2 Fixed 6 character requirement. 2020-02-13 18:01:27 -08:00
Paul Nguyen c355b25bb1 Fixed line formatting 2020-02-12 15:00:23 -08:00
Paul Nguyen 1fe3d80838 Updated to use saveconf function and base64encode. 2020-02-12 14:57:31 -08:00
Paul Nguyen 930e16b64a fix gitdiff 2020-02-11 22:50:05 -08:00
Paul Nguyen 2077a70d03 Fixing gitdiff 2020-02-11 22:44:51 -08:00
Paul Nguyen cbdb8bd9b9 Fixing gitdiff 2020-02-11 22:34:55 -08:00
Paul Nguyen 5dcb417676 ShellCheck fixes 2020-02-11 22:26:48 -08:00
Paul Nguyen 71bc993e3d Fixed Shellchecks 2020-02-11 22:23:10 -08:00
Paul Nguyen c2812896f8 Update deployer 2020-02-11 18:15:10 -08:00
Brian Hartvigsen 1b475cf9f3
Remove -q from greps 2020-02-10 21:02:27 -07:00
Brian Hartvigsen d07172a528
Replace disabled linter with variable substituion 2020-02-09 12:06:13 -08:00
Brian Hartvigsen 79637097ba
Use _utc_date 2020-02-09 11:50:50 -08:00
Brian Hartvigsen 1259341095
Use deployconf properly 2020-02-09 03:10:11 -08:00
Brian Hartvigsen 5d3bc95ac5
Fix some debug output 2020-02-09 02:50:29 -08:00
Brian Hartvigsen de25232a73
Allow creating new certificates when certificate is not found 2020-02-09 02:26:55 -08:00
Brian Hartvigsen 95769de464
Fix shfmt/shellcheck issues 2020-02-09 02:01:26 -08:00
Brian Hartvigsen 52a168b961
Stop using jq/curl directly
This is a lot more fragile then the previous code due to treating JSON as just a string
2020-02-09 01:49:20 -08:00
Brian Hartvigsen b3b00b6700
Using domainconf instead of account 2020-02-09 01:49:20 -08:00
Brian Hartvigsen 8e8cda132c
Remove boilerplate from what I used for template 2020-02-09 01:49:20 -08:00
Brian Hartvigsen 6459ccb185
Cleanup shfmt warnings 2020-02-09 01:49:20 -08:00
Brian Hartvigsen 548f83c3ad
Cleanup shellcheck errors 2020-02-09 01:49:19 -08:00
Brian Hartvigsen 555e0de9e4
Initial support for Synology DSM
This allows you to update a key on a Synology DSM using the existing API.
Handles restarting the necessary services the certificate is attached to and all other internal stuff (copying the certificate around, etc.)

This is way less error prone than most articles I've found on how to update a Synology DSM certificate.
2020-02-09 01:49:19 -08:00
Paul Nguyen d9a9695fe0 Deploy certificates to Palo Alto Network Firewalls 2020-02-05 14:29:01 -08:00
neilpang d795fac37a update repo name 2020-01-30 12:06:39 +08:00
Charlie Garrison 84b0f29d87
Merge branch 'dev' into master 2019-11-26 20:44:48 +11:00
Charlie Garrison b23e05dbc5 Added trailing slash to end of each line of DEPLOY_SCRIPT_CMD 2019-11-26 20:39:08 +11:00
neil 7ad3ddef2a
Merge pull request #2539 from temoffey/gcore_cdn
Gcore cdn
2019-10-10 10:35:22 +08:00
temoffey 252a21e2ae fixed json parse regex for support api gcore_cdn 2019-10-10 00:36:34 +03:00
Peter Dave Hello ac9f6e3a41 Remove trailing spaces in text files
This issue in the shell scripts will also be detected in the stable
version of shfmt(we are currently using an ancient pre-release of shfmt)
2019-10-05 21:09:24 +08:00
neil ee38cccad8
sync (#2436)
* fix https://github.com/Neilpang/acme.sh/issues/2409 (#2430)

* Add variable exports for Successful Post Hook and Renew Hook calls (#2431)

* fixed json parse regex for support api gcore_cdn (#2381)
2019-08-11 11:56:59 +08:00
Тимур Яхин f82ff90f06 fixed json parse regex for support api gcore_cdn (#2381) 2019-08-11 11:41:57 +08:00
neil 55dea4ee9d
sync (#2404)
* support jdcloud.com

* fix format

* ttl 3000

* Escape slashes (#2375)

* Change 1.1.1.1 to 1.0.0.1 to probe compatibility (#2330)

As we can see, 1.1.1.1 is not routed or routed to an Intranet devices due to historical reason. Change 1.1.1.1 to 1.0.0.1 will have a better compatibility. I found this problem on my Tencent Cloud server.

* check empty id

* fix error

* Add dnsapi for Vultr (#2370)

* Add Vultr dns api

* PushOver notifications (#2325)

* PushOver notifications, using AppToken, UserKey, and optional sounds

* fix errors

* added dns api support for hexonet (#1776)

* update

* minor

* support new Cloudflare Token format
fix https://github.com/Neilpang/acme.sh/issues/2398

* fix wildcard domain name

* add more info

* fix https://github.com/Neilpang/acme.sh/issues/2377

* fix format

* fix format
2019-07-27 11:48:29 +08:00
neilpang 45e8bb03e4 add more info 2019-07-23 21:43:00 +08:00
neilpang 54e189616c fix wildcard domain name 2019-07-23 21:36:42 +08:00
neil 06f860c8ea
Merge pull request #2292 from cngarrison/master
change to routeros native script rather than bash multiline commands
2019-06-19 21:27:32 +08:00
neilpang 951bd3a517 minor, check for mkdir 2019-06-03 21:03:03 +08:00
neilpang 2e3ddd3a61 trim quotation marks 2019-06-03 20:55:22 +08:00
Charlie Garrison c42dbbfec8 reformatted RouterOS script for shfmt checks 2019-06-03 11:38:39 +10:00
neilpang aec6636205 add _getdeployconf 2019-06-02 19:36:11 +08:00
neilpang a18c3ff07d use `sh -c` 2019-06-02 15:21:08 +08:00
neilpang 64928b28bc trim quotation marks 2019-06-02 11:11:34 +08:00
neilpang 0bbaa51945 fix format 2019-06-02 10:05:24 +08:00
neilpang 561803c0a7 add deploy hook to docker containers 2019-06-01 22:30:25 +08:00
Charlie Garrison 03a407d4df Added additional `shellcheck` ignores for client-side evaluation warning
Should pass CI tests now
2019-05-29 14:05:20 +10:00
Charlie Garrison 0cddc8a154 change to routeros native script rather than bash multiline commands 2019-05-26 01:32:13 +10:00
neilpang 1a126b700f fix https://github.com/Neilpang/acme.sh/issues/2252 2019-05-08 22:13:33 +08:00
neil b28835a604
Update haproxy deploy hook (#1591)
* implement basic haproxy deploy

HAProxy requires the certificate chain and key to be concatenated and placed somewhere (can be anywhere). This script expects a single environment variable with the path where the concatenated PEM file should be written

* add docs for HAProxy deployment

* Add conditional check to ensure path is provided

* remove whitespace

* remove more whitespace (trying to get TravisCI working)

* add reload

* update for POSIX compliance

* add documentation for reload command

* Update haproxy deploy hook

Add functionality to add OCSP stapling info (.ocsp file), issuer (.issuer file) and multi-cert bundles (suffix on pem file based on key type).

This also corrects the order of key, certificate and intermediate in the PEM file, which although HAProxy does not seem to care, was incorrect in the prior version.

* Document updated haproxy deploy hook

* Fix variable name

* whitespace fixes

* Support HAPROXY_DEPLOY_PEM_PATH

Adds compatibility to original haproxy deploy hook while still allowing custom PEM file name (via HAPROXY_DEPLOY_PEM_NAME)

* update for new haproxy deploy vars

* Fix return from reload

* Fix Le_Keylength case

* Update cert suffix for bundles .ocsp generation

* Whitepspace

* Change default for reload

* Readme update

* Actually set reload default

* Fix README.md confict
2019-05-01 15:13:42 +08:00
Тимур Яхин 6340704173 fixed line breaks for support api gcore_cdn (#2237) 2019-05-01 15:11:39 +08:00
andrewheberle 37ef0a0cb6
Fix README.md confict 2019-04-30 15:32:36 +08:00
neil d1f39e6217
Merge pull request #706 from palhaland/dev
Shell script for deploying changes to a routeros server.
2019-04-10 20:49:05 +08:00
neil 297859c5bc
Merge pull request #2191 from temoffey/gcore_cdn_deploy
fix gcore_cdn_deploy
2019-03-23 21:46:40 +08:00
temoffey bea52aa743 remove use grep -E 2019-03-23 16:29:33 +03:00
neil a4cc9ef2cc
Merge pull request #2178 from temoffey/gcore_cdn_deploy
Gcore cdn deploy
2019-03-23 11:06:16 +08:00
temoffey df9174577a remove check jq 2019-03-22 23:00:47 +03:00
temoffey bd1bb7a71b fix syntax 2019-03-22 20:08:35 +03:00
temoffey 4b6e7e6c37 remove use while, [[ ]], array 2019-03-22 20:02:59 +03:00
temoffey 8896642e25 fix syntax 2019-03-22 20:01:39 +03:00
temoffey 0ecb5a3fec fix syntax 2019-03-22 04:31:58 +03:00
temoffey d289b0b450 fix syntax 2019-03-22 04:21:41 +03:00
temoffey b8489464b3 remove use awk, jq, curl 2019-03-22 03:41:26 +03:00
Pål Håland ebaa3f39e4 Merge remote-tracking branch 'origin/dev' into dev 2019-03-21 15:54:02 +01:00
Pål Håland e19753dcde Moved documentation from deploy/README.md to deploy/routeros.sh 2019-03-21 15:53:11 +01:00
temoffey 16b0704acc remove readme 2019-03-20 18:10:53 +03:00
neilpang 61bcd67a5d move to wiki 2019-03-20 23:03:49 +08:00
temoffey 89989adcad fix syntax 2019-03-20 14:05:18 +03:00
temoffey 95cdb4b2bc fix syntax 2019-03-20 14:02:11 +03:00
temoffey 228c835466 gcore_cdn_deploy 2019-03-20 03:03:10 +03:00
Valentin Brandl d604166194
Fix formatting 2019-03-19 19:15:31 +01:00
Valentin Brandl d643a2ff13
Check if mailcow path is set and fix directory check 2019-03-19 19:09:25 +01:00
Valentin Brandl b581a171f0
Add documentation for mailcow deploy hook 2019-03-19 18:43:07 +01:00
Valentin Brandl 307336cfc4
Add deploy hook for mailcow
This hook will copy the key and certificate chain to the specified
mailcow installation (as described in
https://mailcow.github.io/mailcow-dockerized-docs/firststeps-ssl/#use-own-certificates)
and restarts the containers, that are using the certificates.

The hook has 2 parameters:

* `DEPLOY_MAILCOW_PATH`: The path to the mailcow installation (required)
* `DEPLOY_MAILCOW_RELOAD`: The reload command, defaults to `docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow`
2019-03-19 18:42:47 +01:00
Pål Håland 86fbb5952e Use env sh 2019-03-02 16:39:41 +01:00
neil 2a52603b7e
Merge pull request #2128 from the729/fix-qiniu-base64
fix deploy/qiniu.sh base64
2019-03-01 22:44:23 +08:00
tianji 22e7b4c911 fix doc of qiniu deploy script
A leading dot should be included when updating wildcard domains.
2019-02-28 23:51:43 +08:00
tianji af5f7a7779 fix deploy/qiniu.sh base64
According to the doc (https://developer.qiniu.com/kodo/manual/1231/appendix#1), we should use URL-safe base64 instead of plain base64 for token calculation.
2019-02-28 23:43:58 +08:00