support vsftpd hook
This commit is contained in:
parent
044da37c95
commit
6dfc8fe0ea
@ -26,5 +26,25 @@ Before you can deploy your cert, you must [issue the cert first](https://github.
|
||||
|
||||
(TODO)
|
||||
|
||||
## 4. Deploy the cert to local vsftpd server.
|
||||
|
||||
```sh
|
||||
acme.sh --deploy -d ftp.example.com --deploy-hook vsftpd
|
||||
```
|
||||
|
||||
The default vsftpd conf file is `/etc/vsftpd.conf`, if your vsftpd conf is not in the default location, you can specify one:
|
||||
|
||||
```sh
|
||||
export DEPLOY_VSFTPD_CONF="/etc/vsftpd.conf"
|
||||
|
||||
acme.sh --deploy -d ftp.example.com --deploy-hook vsftpd
|
||||
```
|
||||
|
||||
The default command to restart vsftpd server is `service vsftpd restart`, if it doesn't work, you can specify one:
|
||||
|
||||
```sh
|
||||
export DEPLOY_VSFTPD_RELOAD="/etc/init.d/vsftpd restart"
|
||||
|
||||
acme.sh --deploy -d ftp.example.com --deploy-hook vsftpd
|
||||
```
|
||||
|
||||
|
@ -4,6 +4,9 @@
|
||||
|
||||
#returns 0 means success, otherwise error.
|
||||
|
||||
#DEPLOY_VSFTPD_CONF="/etc/vsftpd.conf"
|
||||
#DEPLOY_VSFTPD_RELOAD="service vsftpd restart"
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
#domain keyfile certfile cafile fullchain
|
||||
@ -20,7 +23,75 @@ vsftpd_deploy() {
|
||||
_debug _cca "$_cca"
|
||||
_debug _cfullchain "$_cfullchain"
|
||||
|
||||
_err "deploy cert to vsftpd server, Not implemented yet"
|
||||
return 1
|
||||
_ssl_path="/etc/acme.sh/vsftpd"
|
||||
if ! mkdir -p "$_ssl_path"; then
|
||||
_err "Can not create folder:$_ssl_path"
|
||||
return 1
|
||||
fi
|
||||
|
||||
DEFAULT_VSFTPD_CONF="/etc/vsftpd.conf"
|
||||
_vsftpd_conf="${DEPLOY_VSFTPD_CONF:-$DEFAULT_VSFTPD_CONF}"
|
||||
|
||||
if [ ! -f "$_vsftpd_conf" ]; then
|
||||
if [ -z "$DEPLOY_VSFTPD_CONF" ]; then
|
||||
_err "vsftpd conf is not found, please define DEPLOY_VSFTPD_CONF"
|
||||
return 1
|
||||
else
|
||||
_err "It seems that the specified vsftpd conf is not valid, please check."
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -w "$_vsftpd_conf" ]; then
|
||||
_err "The file $_vsftpd_conf is not writable, please change the permission."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_backup_conf="$DOMAIN_BACKUP_PATH/vsftpd.conf.bak"
|
||||
_info "Backup $_vsftpd_conf to $_backup_conf"
|
||||
cp "$_vsftpd_conf" "$_backup_conf"
|
||||
|
||||
_info "Copying key and cert"
|
||||
_real_key="$_ssl_path/vsftpd.key"
|
||||
if ! cat "$_ckey" >"$_real_key"; then
|
||||
_err "Error: write key file to: $_real_key"
|
||||
return 1
|
||||
fi
|
||||
_real_fullchain="$_ssl_path/vsftpd.chain.pem"
|
||||
if ! cat "$_cfullchain" >"$_real_fullchain"; then
|
||||
_err "Error: write key file to: $_real_fullchain"
|
||||
return 1
|
||||
fi
|
||||
_info "Modify vsftpd conf: $_vsftpd_conf"
|
||||
|
||||
DEFAULT_VSFTPD_RELOAD="service vsftpd restart"
|
||||
_reload="${DEPLOY_VSFTPD_RELOAD:-$DEFAULT_VSFTPD_RELOAD}"
|
||||
if _setopt "$_vsftpd_conf" "rsa_cert_file" "=" "$_real_fullchain" \
|
||||
&& _setopt "$_vsftpd_conf" "rsa_private_key_file" "=" "$_real_key" \
|
||||
&& _setopt "$_vsftpd_conf" "ssl_enable" "=" "YES" \
|
||||
&& eval "$_reload"; then
|
||||
_info "Deploy success!"
|
||||
if [ "$DEPLOY_VSFTPD_CONF" ]; then
|
||||
_savedomainconf DEPLOY_VSFTPD_CONF "$DEPLOY_VSFTPD_CONF"
|
||||
else
|
||||
_cleardomainconf DEPLOY_VSFTPD_CONF
|
||||
fi
|
||||
if [ "$DEPLOY_VSFTPD_RELOAD" ]; then
|
||||
_savedomainconf DEPLOY_VSFTPD_RELOAD "$DEPLOY_VSFTPD_RELOAD"
|
||||
else
|
||||
_cleardomainconf DEPLOY_VSFTPD_RELOAD
|
||||
fi
|
||||
return 0
|
||||
else
|
||||
_err "Config vsftpd server error, please report bug to us."
|
||||
_info "Restoring vsftpd conf"
|
||||
if cat "$_backup_conf" >"$_vsftpd_conf"; then
|
||||
_info "Restore conf success"
|
||||
eval "$_reload"
|
||||
else
|
||||
_err "Opps, error restore vsftpd conf, please report bug to us."
|
||||
fi
|
||||
return 1
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user