우리 회사에는 SSL(certbot/crt-list.txt)과 작동하는 HaProxy 설정이 있습니다. crt-list.txt 파일을 읽고 도메인 이름을 변수로 추출하려면 자동화된 작업이 필요합니다. 이 변수로 무엇을 할 것인가? 이 변수는 자동 인증서 갱신을 요청하는 데 필요합니다. HaProxy는 이를 위해 특정 PEM 파일이 필요하므로 certbot의 자동 갱신을 사용할 수 없습니다.
텍스트 파일은 다음 형식입니다.
/etc/haproxy/certs/domainname.pem www.domainname.de
/etc/haproxy/certs/domainname2.pem domainname2.de
/etc/haproxy/certs/domainname3.pem www.domainname3.com
여러 줄이 있습니다.
스크립트는 각 줄을 읽고 두 번째 열에서 도메인 이름을 추출하고 $Domain이라는 변수를 생성해야 합니다. 이 $Domain 변수는 자동 업데이트 기능에 사용되므로 crt-list.txt의 알려진 각 도메인에 대한 인증서를 한 줄씩 업데이트합니다.
저는 쉘 프로그래밍이 처음인데 어떻게 이를 달성할 수 있습니까? 인증서 요청 및 .pem 파일 변환을 위한 스크립트를 만들었습니다. 매우 간단하지만 이 스크립트는 변수 등에 익숙하지 않기 때문에 약간 복잡합니다.
원본 스크립트는 다음과 같습니다.
#!/bin/bash
#Script for Certificate Creation & Renewal v1.2
#Written by Nicolay Braetter - VRS Media
#Frage nach dem Domainnamen
clear
echo "======================================================================================================================================"
echo "=== CERTBOT - SSL ZERTIFIKATSERSTELLUNG MITTELS LETSENCRYPT ==="
echo "======================================================================================================================================"
echo "======================================================================================================================================"
echo "=== ERSTELLT VON NICOLAY BRAETTER - VRS - MEDIA GMBH & CO. KG ==="
echo "======================================================================================================================================"
echo "======================================================================================================================================"
echo -e "\033[31m=== Z E R T S T A R T . S H === V 1 . 2 === N O S Y N C T O S L A V E ===\033[0m"
echo "======================================================================================================================================"
echo " "
echo " "
read -p "Wie lautet der Domain Name ? " dom
sleep 1
#Lösche alle vorhandenen Domain Daten
echo " "
echo " "
echo -e "\033[31mLoesche eventuell vorhandene Zertifikats Daten !!!\033[0m"
echo "=================================================="
echo " "
echo " "
sleep 1
rm /etc/haproxy/certs/$dom.pem
rm -r /etc/letsencrypt/archive/$dom
rm -r /etc/letsencrypt/live/$dom
rm /etc/letsencrypt/renewal/$dom.conf
echo " "
echo " "
echo " "
echo " "
#Starte den Zertifikatsabruf
/etc/haproxy/plugins/certbot-auto certonly --account ea8c0fffa25109ed61530312a8bb5384 --text --webroot --webroot-path /var/lib/haproxy -d $dom --renew-by-default --agree-tos --email [email protected]
#Schreibe das Zertifikat ins /etc/haproxy/certs Verzeichnis
cat /etc/letsencrypt/live/$dom/privkey.pem /etc/letsencrypt/live/$dom/fullchain.pem | tee /etc/haproxy/certs/$dom.pem >/dev/null
echo " "
echo " "
echo -e "\033[31m=== E I N E N K L E I N E N A U G E N B L I C K B I T T E !!! ===\033[0m"
echo "========================================================================="
sleep 2
#Prüft ob die Zertifikatsdatei vorhanden ist und mindestens 1 byte grösse besitzt
if [ -s /etc/haproxy/certs/$dom.pem ] ; then
echo " "
echo " "
echo "=== P R U E F E O B E R S T E L L T E S Z E R T I F I K A T F U N K T I O N A L I S T !!! ==="
echo "========================================================================================================="
sleep 2
#AUSGABE ZERTIFIKAT OK MIT EINTRAG IN /ETC/HAPROXY/CRT-LIST.TXT
clear
echo " "
echo " "
echo "Das Zertifikat für die Domain" $dom "wurde erstellt"
echo "======================================================================================================================================"
echo "Der Eintrag für die Domain" $dom "wird in der Datei /etc/haproxy/crt-list.txt angelegt !!!"
echo " "
echo "======================================================================================================================================"
echo " "
echo " "
echo "EINTRAG WIRD IN CRT-LIST.TXT GESUCHT UND ENTFERNT !!!"
#Umschreiben der crt-list.txt Datei
grep -v "/etc/haproxy/certs/$dom.pem $dom" /etc/haproxy/crt-list.txt > /etc/haproxy/crt_list_read.txt
sleep 1
cp /etc/haproxy/crt_list_read.txt /etc/haproxy/crt-list.txt
sleep 1
#Löschen der Temporären crt-list_read.txt
rm /etc/haproxy/crt_list_read.txt
#Anlegen des Domaineintrags in crt-list.txt
echo " "
echo " "
echo "DOMAINEINTRAG WIRD ANGELEGT !!!"
echo "/etc/haproxy/certs/$dom.pem" $dom >> /etc/haproxy/crt-list.txt
echo " "
echo " "
sleep 1
echo "======================================================================================================================================"
echo "Die Domain" $dom "wurde der Datei /etc/haproxy/crt-list.txt hinzugefuegt !!!"
echo "Zeilencode: /etc/haproxy/certs/$dom.pem $dom"
echo " "
echo "Bitte Ueberpruefen sie dies noch einmal manuell und entfernen evtl. Dubletten aus der .txt Datei"
echo ". . . . . ."
echo "Vielen Dank fuer das erstellen des Zertifikates !"
echo " "
echo " "
echo "Ein neustart von HaProxy ist zwingend erforderlich !!! >> service haproxy restart"
sleep 1
echo " "
echo "======================================================================================================================================"
echo "===== D I E S E R W I R D J E T Z T D U R C H G E F U E H R T ! ! !"
echo "======================================================================================================================================"
sleep 1
#Neustart des HaProxy
service haproxy reload
echo " "
echo " "
echo -e " \033[31mH a P r o x y w u r d e n e u g e s t a r t e t ! ! !\033[0m "
echo " "
echo "======================================================================================================================================"
echo "===== ALLES NOTWENDIGE FUER DIE ERSTELLUNG DES ZERTIFIKATES IST ABGESCHLOSSEN ====="
echo "======================================================================================================================================"
#Synchronisation zum Slave PROXY
sleep 2
echo "===== VERZEICHNISSE WERDEN JETZT ZUM SLAVE PROXY UEBERTRAGEN ! ! !"
echo "======================================================================================================================================"
echo " "
#rsync --delete --stats -arpve "ssh -i /home/admin/.ssh/id_rsa -p 2255" /etc/letsencrypt [email protected]:/etc
#rsync --delete --stats -arpve "ssh -i /home/admin/.ssh/id_rsa -p 2255" /etc/haproxy [email protected]:/etc
#bash /root/scripts/sync_lencrypt.sh &
bash /root/scripts/sync_proxy.sh &
sleep 2
echo " "
echo "===== DIE UEBERTRAGUNG IST ABGESCHLOSSEN - DER SLAVE PROXY MUSS NUN NOCH EINEN RESTART ERHALTEN !!!"
echo "======================================================================================================================================"
else
#AUSGABE ZERTIFIKAT NICHT OK
clear
echo -e "\033[31m=====================================================================================================================================\033[0m"
echo -e "\033[31m=== F E H L E R === F E H L E R === F E H L E R === F E H L E R === F E H L E R === F E H L E R === F E H L E R === F E H L E R ===\033[0m"
echo -e "\033[31m=====================================================================================================================================\033[0m"
echo " "
echo " "
echo "====================================================================================================================================="
echo "Das abrufen des Zertifikates fuer die Domain" $dom "ist f e h l g e s c h l a g e n ! ! !"
echo " "
echo "Versuchen Sie es erneut, und Ueberpruefen Sie ob die Domain" $dom "auch auf den Loadbalancer geroutet ist !!!"
echo " "
echo " "
echo -e "\033[31mE s w u r d e n k e i n e D a t e i e n v e r a e n d e r t ! ! !\033[0m"
echo
"===============================================================================
======================================================"
fi
답변1
while read X Domain
do
echo $Domain | gencertreq
done < crt-list.txt
gencertreq가 스크립트입니다.