[packages/dehydrated.git] / hook.sh

#!/bin/sh

# concat file atomic way
atomic_concat() {
	local file=$1; shift
	> $file.new
	chmod 600 $file.new
	cat "$@" > $file.new
	cp -f $file $file.dehydrated~
	mv -f $file.new $file
}

lighttpd_reload() {
	if [ ! -x /usr/sbin/lighttpd ] || [ ! -f /etc/lighttpd/server.pem ]; then
		return
	fi

	echo " + Hook: Overwritting /etc/lighttpd/server.pem and reloading lighttpd..."
	atomic_concat /etc/lighttpd/server.pem "$FULLCHAINCERT" "$PRIVKEY"
	/sbin/service lighttpd reload
}

haproxy_reload() {
	if [ ! -x /usr/sbin/haproxy ] || [ ! -f /etc/haproxy/server.pem ]; then
		return
	fi

	echo " + Hook: Overwritting /etc/haproxy/server.pem and restarting haproxy..."
	atomic_concat /etc/haproxy/server.pem "$FULLCHAINCERT" "$PRIVKEY"
	/sbin/service haproxy reload
}

nginx_reload() {
	if [ ! -f /etc/nginx/server.crt ] || [ ! -f /etc/nginx/server.key ]; then
		return
	fi

	echo " + Hook: Overwritting /etc/nginx/server.{crt,key} and reloading nginx..."
	atomic_concat /etc/nginx/server.crt "$FULLCHAINCERT"
	atomic_concat /etc/nginx/server.key "$PRIVKEY"
	/sbin/service nginx reload
}

httpd_reload() {
	if [ ! -x /etc/rc.d/init.d/httpd ]; then
		return
	fi

	echo " + Hook: Reloading Apache 2..."
	atomic_concat /etc/httpd/ssl/server.crt "$FULLCHAINCERT"
	atomic_concat /etc/httpd/ssl/server.key "$PRIVKEY"
	/sbin/service httpd graceful
}

case "$1" in
deploy_cert)
	DOMAIN="$2"
	PRIVKEY="$3"
	CERT="$4"
	FULLCHAINCERT="$5"
	CHAINCERT="$6"
	TIMESTAMP="$7"

	lighttpd_reload
	nginx_reload
	httpd_reload
	haproxy_reload
	;;
clean_challenge)
	CHALLENGE_TOKEN="$2"
	KEYAUTH="$3"
	echo " + Hook: $1: Nothing to do..."
	;;
deploy_challenge)
	echo " + Hook: $1: Nothing to do..."
	;;
unchanged_cert)
	echo " + Hook: $1: Nothing to do..."
	;;
*)
	echo " + Hook: $1: Nothing to do..."
	;;
esac
Commit	Line	Data
5765eca7 ER	1	#!/bin/sh
5765eca7 ER	2
623687d0 ER	3	# concat file atomic way
	4	atomic_concat() {
	5	local file=$1; shift
	6	> $file.new
	7	chmod 600 $file.new
	8	cat "$@" > $file.new
	9	cp -f $file $file.dehydrated~
	10	mv -f $file.new $file
	11	}
	12
	13	lighttpd_reload() {
	14	if [ ! -x /usr/sbin/lighttpd ] \|\| [ ! -f /etc/lighttpd/server.pem ]; then
	15	return
	16	fi
	17
	18	echo " + Hook: Overwritting /etc/lighttpd/server.pem and reloading lighttpd..."
	19	atomic_concat /etc/lighttpd/server.pem "$FULLCHAINCERT" "$PRIVKEY"
	20	/sbin/service lighttpd reload
	21	}
	22
	23	haproxy_reload() {
	24	if [ ! -x /usr/sbin/haproxy ] \|\| [ ! -f /etc/haproxy/server.pem ]; then
	25	return
	26	fi
	27
	28	echo " + Hook: Overwritting /etc/haproxy/server.pem and restarting haproxy..."
	29	atomic_concat /etc/haproxy/server.pem "$FULLCHAINCERT" "$PRIVKEY"
	30	/sbin/service haproxy reload
	31	}
	32
	33	nginx_reload() {
	34	if [ ! -f /etc/nginx/server.crt ] \|\| [ ! -f /etc/nginx/server.key ]; then
	35	return
	36	fi
	37
	38	echo " + Hook: Overwritting /etc/nginx/server.{crt,key} and reloading nginx..."
	39	atomic_concat /etc/nginx/server.crt "$FULLCHAINCERT"
	40	atomic_concat /etc/nginx/server.key "$PRIVKEY"
	41	/sbin/service nginx reload
	42	}
	43
	44	httpd_reload() {
	45	if [ ! -x /etc/rc.d/init.d/httpd ]; then
	46	return
	47	fi
	48
30b951d8 ER	49	echo " + Hook: Reloading Apache 2..."
	50	atomic_concat /etc/httpd/ssl/server.crt "$FULLCHAINCERT"
	51	atomic_concat /etc/httpd/ssl/server.key "$PRIVKEY"
623687d0 ER	52	/sbin/service httpd graceful
	53	}
	54
5765eca7 ER	55	case "$1" in
5765eca7 ER	56	deploy_cert)
62eb8e9f AM	57	DOMAIN="$2"
	58	PRIVKEY="$3"
	59	CERT="$4"
	60	FULLCHAINCERT="$5"
	61	CHAINCERT="$6"
	62	TIMESTAMP="$7"
623687d0 ER	63
	64	lighttpd_reload
	65	nginx_reload
	66	httpd_reload
	67	haproxy_reload
62eb8e9f AM	68	;;
	69	clean_challenge)
	70	CHALLENGE_TOKEN="$2"
	71	KEYAUTH="$3"
	72	echo " + Hook: $1: Nothing to do..."
	73	;;
	74	deploy_challenge)
	75	echo " + Hook: $1: Nothing to do..."
	76	;;
	77	unchanged_cert)
	78	echo " + Hook: $1: Nothing to do..."
5765eca7 ER	79	;;
	80	*)
	81	echo " + Hook: $1: Nothing to do..."
	82	;;
	83	esac