diff options
-rwxr-xr-x | generate-and-upload-self-signed-keys.in | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/generate-and-upload-self-signed-keys.in b/generate-and-upload-self-signed-keys.in index 76331d9..619a923 100755 --- a/generate-and-upload-self-signed-keys.in +++ b/generate-and-upload-self-signed-keys.in @@ -4,8 +4,12 @@ if [ -r '#ETCDIR#/generate-and-upload-self-signed-keys.conf' ]; then . '#ETCDIR#/generate-and-upload-self-signed-keys.conf' fi +key_dir='#ETCDIR#/nginx/keys' + hosts=$( - find '#ETCDIR#/nginx/' -name sites-available -prune , \ + find '#ETCDIR#/nginx/' \ + -name keys -prune , \ + -name sites-available -prune , \ \( -type f -o -type l \) \ -exec sed -n ' s/^\s*// @@ -35,17 +39,13 @@ host_key_files=$( | cut -d' ' -f1 ) -host_key_files=$( - printf '#ETCDIR#/nginx/keys/%s\n' ${host_key_files} -) - if [ "$(whoami)" = 'root' ]; then updated_something=false for host_key_file in ${host_key_files}; do - if [ -f "${host_key_file}.key.pem.new" ] \ - && [ -f "${host_key_file}.cert.pem.new" ]; then - mv "${host_key_file}.key.pem"{.new,} - mv "${host_key_file}.cert.pem"{.new,} + if [ -f "${keydir}/${host_key_file}.key.pem.new" ] \ + && [ -f "${keydir}/${host_key_file}.cert.pem.new" ]; then + mv "${keydir}/${host_key_file}.key.pem"{.new,} + mv "${keydir}/${host_key_file}.cert.pem"{.new,} updated_something=true fi done @@ -63,8 +63,8 @@ fi printf '%s\n' "${hosts}" \ | while read -r host other_hosts; do openssl req -x509 -newkey rsa:4096 \ - -keyout "#ETCDIR#/nginx/keys/${host}.key.pem.new" \ - -out "#ETCDIR#/nginx/keys/${host}.cert.pem.new" \ + -keyout "${keydir}/${host}.key.pem.new" \ + -out "${keydir}/${host}.cert.pem.new" \ -days 365 -nodes -subj '/C=DE/ST=Thuringia/L=Jena/O=Eckner/OU=Net/CN='"${host}" -sha256 \ -config <( cat '#ETCDIR#/ssl/openssl.cnf' @@ -80,13 +80,13 @@ done rsync --ignore-missing-args \ $( - printf '#ETCDIR#/nginx/keys/%s.cert.pem\n' ${host_key_files} - printf '#ETCDIR#/nginx/keys/%s.cert.pem.new\n' ${host_key_files} + printf -- "${keydir}"'/%s.cert.pem\n' ${host_key_files} + printf -- "${keydir}"'/%s.cert.pem.new\n' ${host_key_files} ) \ "${remote_host}:${remote_dir}/" ( - cd '#ETCDIR#/nginx/keys' + cd "${keydir}" { printf '%s.cert.pem\n' ${host_key_files} printf '%s.cert.pem.new\n' ${host_key_files} |