Automatic cert reload via cron
continuous-integration/drone/tag Build is passing Details

This commit is contained in:
Paolo Asperti 2022-01-13 08:48:57 +01:00
parent f34ea92952
commit 8c2fcfc4a1
Signed by: paspo
GPG Key ID: 06D46905D19D5182
3 changed files with 57 additions and 2 deletions

View File

@ -7,7 +7,11 @@ RUN \
COPY custom.conf /etc/proftpd/conf.d/custom.conf
COPY run.sh /run.sh
COPY cron.sh /cron.sh
RUN chmod +x /run.sh
RUN \
chmod +x /run.sh && \
chmod +x /cron.sh && \
ln -s /cron.sh /etc/periodic/15min/reconfigure_certs.sh
ENTRYPOINT ["/run.sh"]

45
cron.sh Normal file
View File

@ -0,0 +1,45 @@
#!/bin/sh
############ TLS
TLS_CERT=${TLS_CERT:-/certs/cert.pem}
TLS_KEY=${TLS_KEY:-/certs/privkey.pem}
TLS_CHAIN=${TLS_CHAIN:-/certs/chain.pem}
cat $TLS_CERT > /etc/proftpd/cert.pem
cat $TLS_KEY > /etc/proftpd/privkey.pem
cat $TLS_CHAIN > /etc/proftpd/chain.pem
############ IF CERT IS THE SAME, THEN EXIT
md5sum -c /sums 1&>2 2>/dev/null && exit
############ CHECK CERT KEY ALGO
ALGO=$(openssl x509 -in /etc/proftpd/cert.pem -text | sed -n 's/\ *Public Key Algorithm: //p' | tr '\n')
if [ "$ALGO" = "id-ecPublicKey" ] ; then
cat > /etc/proftpd/conf.d/certificate.conf <<EOF
<IfModule mod_tls.c>
TLSECCertificateFile /etc/proftpd/cert.pem
TLSECCertificateKeyFile /etc/proftpd/privkey.pem
TLSCertificateChainFile /etc/proftpd/chain.pem
</IfModule>
EOF
fi
if [ "$ALGO" = "rsaEncryption" ] ; then
cat > /etc/proftpd/conf.d/certificate.conf <<EOF
<IfModule mod_tls.c>
TLSRSACertificateFile /etc/proftpd/cert.pem
TLSRSACertificateKeyFile /etc/proftpd/privkey.pem
TLSCertificateChainFile /etc/proftpd/chain.pem
</IfModule>
EOF
fi
md5sum "$TLS_CERT" > /sums
############ RELOAD
killall -HUP proftpd

8
run.sh
View File

@ -24,7 +24,7 @@ cat $TLS_CHAIN > /etc/proftpd/chain.pem
############ CHECK CERT KEY ALGO
ALGO=$(openssl x509 -in /etc/proftpd/cert.pem -text | sed -n 's/\ *Public Key Algorithm: //p')
ALGO=$(openssl x509 -in /etc/proftpd/cert.pem -text | sed -n 's/\ *Public Key Algorithm: //p' | tr '\n')
if [ "$ALGO" = "id-ecPublicKey" ] ; then
cat > /etc/proftpd/conf.d/certificate.conf <<EOF
@ -46,6 +46,8 @@ cat > /etc/proftpd/conf.d/certificate.conf <<EOF
EOF
fi
md5sum "$TLS_CERT" > /sums
############ PASSIVE PORTS
PASSIVEPORTS_START=${PASSIVEPORTS_START:-50000}
@ -53,6 +55,10 @@ PASSIVEPORTS_END=${PASSIVEPORTS_END:-50050}
echo "PassivePorts ${PASSIVEPORTS_START} ${PASSIVEPORTS_END}" > /etc/proftpd/conf.d/passive_ports.conf
############ START CRON
crond -b
############ START
proftpd -n