summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore2
-rw-r--r--Makefile60
-rw-r--r--generate-and-upload-self-signed-key.conf8
-rwxr-xr-xgenerate-and-upload-self-signed-key.in (renamed from generate-and-upload-self-signed-key)30
-rw-r--r--generate-and-upload-self-signed-key.service.in (renamed from generate-and-upload-self-signed-key.service)2
5 files changed, 89 insertions, 13 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..baefafb
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+generate-and-manage-self-signed-keys
+generate-and-manage-self-signed-keys.service
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..6c70825
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,60 @@
+#
+# generate-and-upload-self-signed-key - script to handle self signed keys
+#
+# Copyright (c) 2019 Erich Eckner <opensource at eckner dot net>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+# USA.
+#
+
+DESTDIR =
+ETCDIR = /etc
+BINDIR = /usr/bin
+LIBDIR = /usr/lib
+MANDIR = /usr/share/man
+
+VERSION = 0.0
+
+all: generate-and-upload-self-signed-key generate-and-upload-self-signed-key.service
+
+%: %.in
+ sed " \
+ s/#VERSION#/$(VERSION)/; \
+ s@#BINDIR#@$(BINDIR)@; \
+ s@#ETCDIR#@$(ETCDIR)@; \
+ s@#HELPTEXT#\(\s\+\)#@ --help \1display this help and exit\n --version\1display version and exit@; \
+ " $< > $@
+ [ "$@" = "update-ddns" ] && chmod +x "$@" || true
+
+.PHONY: install dist clean
+
+install:
+ install -D -m0755 generate-and-upload-self-signed-key $(DESTDIR)$(BINDIR)/generate-and-upload-self-signed-key
+ install -D -m0644 generate-and-upload-self-signed-key.conf $(DESTDIR)$(ETCDIR)/generate-and-upload-self-signed-key.conf
+ install -D -m0644 -t $(DESTDIR)$(LIBDIR)/systemd/system generate-and-upload-self-signed-key.service generate-and-upload-self-signed-key.timer
+
+clean:
+ ls -A | \
+ grep "^\($(shell sed 's|\.|\\.|; s|\*|.*|; s|$$|\\|' .gitignore | tr '\n' '\|')\)\$$" | \
+ xargs -r rm
+
+dist: clean
+ git status --porcelain 2> /dev/null | grep -q "\S" && (git add .; git commit -m"neue Version: $(VERSION)") || true
+ ! git tag -d v$(VERSION) 2> /dev/null
+ git tag v$(VERSION)
+ git push
+ git push --tags
+
+# End of file
diff --git a/generate-and-upload-self-signed-key.conf b/generate-and-upload-self-signed-key.conf
new file mode 100644
index 0000000..a83ab66
--- /dev/null
+++ b/generate-and-upload-self-signed-key.conf
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# ignore these hosts
+ignore_hosts=('localhost')
+
+# where should the certificates be published?
+remote_host='user@example.com'
+remote_dir='httpdocs/certs'
diff --git a/generate-and-upload-self-signed-key b/generate-and-upload-self-signed-key.in
index c4f9869..fd903d3 100755
--- a/generate-and-upload-self-signed-key
+++ b/generate-and-upload-self-signed-key.in
@@ -1,7 +1,11 @@
#!/bin/bash
+if [ -r '#ETCDIR#/generate-and-manage-self-signed-keys.conf' ]; then
+ . '#ETCDIR#/generate-and-manage-self-signed-keys.conf'
+fi
+
hosts=$(
- find /etc/nginx/ -name sites-available -prune , \
+ find '#ETCDIR#/nginx/' -name sites-available -prune , \
\( -type f -o -type l \) \
-exec sed -n '
s/^\s*//
@@ -12,7 +16,9 @@ hosts=$(
| sed '
s/\s\+/ /g
s/;\s*/;\n/g
- s/\slocalhost\(;\|\s\)//
+ '"$(
+ printf 's/\\s%s\\(;\\|\\s\)//\n' "${ignore_hosts[@]}"
+ )"'
' \
| sed -n '
s/^server_name //
@@ -30,7 +36,7 @@ host_key_files=$(
)
host_key_files=$(
- printf '/etc/nginx/keys/%s\n' ${host_key_files}
+ printf '#ETCDIR#/nginx/keys/%s\n' ${host_key_files}
)
if [ "$(whoami)" = 'root' ]; then
@@ -57,11 +63,11 @@ fi
printf '%s\n' "${hosts}" \
| while read -r host other_hosts; do
openssl req -x509 -newkey rsa:4096 \
- -keyout "/etc/nginx/keys/${host}.key.pem.new" \
- -out "/etc/nginx/keys/${host}.cert.pem.new" \
+ -keyout "#ETCDIR#/nginx/keys/${host}.key.pem.new" \
+ -out "#ETCDIR#/nginx/keys/${host}.cert.pem.new" \
-days 365 -nodes -subj '/C=DE/ST=Thuringia/L=Jena/O=Eckner/OU=Net/CN='"${host}" -sha256 \
-config <(
- cat /etc/ssl/openssl.cnf
+ cat '#ETCDIR#/ssl/openssl.cnf'
if [ -n "${other_hosts}" ]; then
printf '\n[SAN]\nsubjectAltName'
printf ',DNS:%s' \
@@ -74,13 +80,13 @@ done
rsync --ignore-missing-args \
$(
- printf '/etc/nginx/keys/%s.cert.pem\n' ${host_key_files}
- printf '/etc/nginx/keys/%s.cert.pem.new\n' ${host_key_files}
+ printf '#ETCDIR#/nginx/keys/%s.cert.pem\n' ${host_key_files}
+ printf '#ETCDIR#/nginx/keys/%s.cert.pem.new\n' ${host_key_files}
) \
- ecknernet@eckner.net:httpdocs/certs/
+ "${remote_host}:${remote_dir}/"
(
- cd /etc/nginx/keys
+ cd '#ETCDIR#/nginx/keys'
{
printf '%s.cert.pem\n' ${host_key_files}
printf '%s.cert.pem.new\n' ${host_key_files}
@@ -96,8 +102,8 @@ rsync --ignore-missing-args \
)"
done
) \
-| ssh ecknernet@eckner.net '
- cd httpdocs/certs
+| ssh "${remote_host}" '
+ cd "'"${remote_dir}"'"
while read -r time sum file; do
rm -f ????-??-??T??\:??\:??".${file}"
mv "${file}" "${time}.${file}"
diff --git a/generate-and-upload-self-signed-key.service b/generate-and-upload-self-signed-key.service.in
index 59c2570..086e5cd 100644
--- a/generate-and-upload-self-signed-key.service
+++ b/generate-and-upload-self-signed-key.service.in
@@ -3,4 +3,4 @@ Description=generate and manage a self-signed key
[Service]
Type=oneshot
-ExecStart=/usr/bin/generate-and-manage-self-signed-key
+ExecStart=#BINDIR#/generate-and-manage-self-signed-key
generated by cgit v1.2.3-70-g09d2 (git 2.47.0) at 2024-11-22 01:51:30 +0000