From: Zoltán Felleg <zoltan.felleg@userrendszerhaz.hu>
Date: Wed, 29 Jun 2022 20:13:59 +0000 (+0200)
Subject: Updated ws.pm (implemented letsencrypt renewal using cron and rsync).
X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=77aa5a8ce64fce0a093b5f24bb31ba08cce09cf4;p=user-lxc.git

Updated ws.pm (implemented letsencrypt renewal using cron and rsync).
---

diff --git a/sources/ws.pm/c3d/firstboot/scripts/10_setupletsencrypt.sh b/sources/ws.pm/c3d/firstboot/scripts/10_setupletsencrypt.sh
index 019bbd0..881a154 100755
--- a/sources/ws.pm/c3d/firstboot/scripts/10_setupletsencrypt.sh
+++ b/sources/ws.pm/c3d/firstboot/scripts/10_setupletsencrypt.sh
@@ -1,4 +1,9 @@
 #!/bin/sh
 
 
+mv /etc/letsencrypt /etc/letsencrypt.orig
 /usr/local/bin/getletsencrypt.sh
+if [ $? -eq 0 ]
+then
+    echo '30 3 * * * root /usr/local/bin/getletsencrypt.sh' >>/etc/crontab
+fi
diff --git a/sources/ws.pm/c3d/firstboot/scripts/20_setuphttpd.sh b/sources/ws.pm/c3d/firstboot/scripts/20_setuphttpd.sh
index 6a3a230..a13615e 100755
--- a/sources/ws.pm/c3d/firstboot/scripts/20_setuphttpd.sh
+++ b/sources/ws.pm/c3d/firstboot/scripts/20_setuphttpd.sh
@@ -1,17 +1,15 @@
 #!/bin/sh
 
 
-if [ -d /etc/letsencrypt/live/useribm ]
+if [ -d /etc/letsencrypt ]
 then
-    for ORIG_FILE in /etc/httpd/conf.d/*.le
+    cd /etc/httpd/conf.d
+    for ORIG_FILE in *.le
     do
-        CONF_FILE=$(echo $ORIG_FILE | sed 's/^\(.*\)\.le$/\1/')
+        CONF_FILE=$(basename $ORIG_FILE .le)
         echo "Moving $ORIG_FILE to $CONF_FILE"
         mv $ORIG_FILE $CONF_FILE
     done
-    cp --archive \
-       /usr/lib/python3.10/site-packages/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf \
-       /etc/letsencrypt/options-ssl-apache.conf
     systemctl enable httpd.service
     systemctl start httpd.service
 fi
diff --git a/sources/ws.pm/c3d/postinstall/install-data/etc/httpd/conf.d/useribm.hu.443.conf.le b/sources/ws.pm/c3d/postinstall/install-data/etc/httpd/conf.d/useribm.hu.443.conf.le
index 1521652..0907477 100644
--- a/sources/ws.pm/c3d/postinstall/install-data/etc/httpd/conf.d/useribm.hu.443.conf.le
+++ b/sources/ws.pm/c3d/postinstall/install-data/etc/httpd/conf.d/useribm.hu.443.conf.le
@@ -17,23 +17,23 @@
     ProxyPass /ugyvitel http://192.168.42.248:8079/ugyvitel keepalive=On connectiontimeout=600
     ProxyPassReverse /ugyvitel http://192.168.42.248:8079/ugyvitel
 
-    # avon file transfer -> xfr.pm.user.hu:80
+    # avon file transfer -> xfr.pm.useribm.hu:80
     ProxyPass /avonxfr http://192.168.173.251/avonxfr
     ProxyPassReverse /avonxfr http://192.168.173.251/avonxfr
 
-    # bb file transfer -> xfr.pm.user.hu:80
+    # bb file transfer -> xfr.pm.useribm.hu:80
     ProxyPass /bbxfr http://192.168.173.251/bbxfr
     ProxyPassReverse /bbxfr http://192.168.173.251/bbxfr
 
-    # erste file transfer -> xfr.pm.user.hu:80
+    # erste file transfer -> xfr.pm.useribm.hu:80
     ProxyPass /erstexfr http://192.168.173.251/erstexfr
     ProxyPassReverse /erstexfr http://192.168.173.251/erstexfr
 
-    # onyf file transfer -> xfr.pm.user.hu:80
+    # onyf file transfer -> xfr.pm.useribm.hu:80
     ProxyPass /onyfxfr http://192.168.173.251/onyfxfr
     ProxyPassReverse /onyfxfr http://192.168.173.251/onyfxfr
 
-    # ubis file transfer -> xfr.pm.user.hu:80
+    # ubis file transfer -> xfr.pm.useribm.hu:80
     ProxyPass /ubisxfr http://192.168.173.251/ubisxfr
     ProxyPassReverse /ubisxfr http://192.168.173.251/ubisxfr
 
@@ -56,7 +56,7 @@
         </RequireAny>
     </Directory>
 
-    ProxyPass "/" "http://git.pm.user.hu/"
+    ProxyPass "/" "http://git.pm.useribm.hu/"
 </VirtualHost>
 
 <VirtualHost *:443>
@@ -73,7 +73,7 @@
         </RequireAny>
     </Directory>
 
-    ProxyPass "/" "http://hg.pm.user.hu/"
+    ProxyPass "/" "http://hg.pm.useribm.hu/"
 </VirtualHost>
 
 <VirtualHost *:443>
diff --git a/sources/ws.pm/c3d/postinstall/install-data/etc/httpd/conf.d/userrendszerhaz.hu.443.conf.le b/sources/ws.pm/c3d/postinstall/install-data/etc/httpd/conf.d/userrendszerhaz.hu.443.conf.le
index 5005a19..9da2924 100644
--- a/sources/ws.pm/c3d/postinstall/install-data/etc/httpd/conf.d/userrendszerhaz.hu.443.conf.le
+++ b/sources/ws.pm/c3d/postinstall/install-data/etc/httpd/conf.d/userrendszerhaz.hu.443.conf.le
@@ -17,19 +17,19 @@
     ProxyPass /ugyvitel http://192.168.42.248:8079/ugyvitel keepalive=On connectiontimeout=600
     ProxyPassReverse /ugyvitel http://192.168.42.248:8079/ugyvitel
 
-    # avon file transfer -> shs.pm.user.hu:80
+    # avon file transfer -> shs.pm.useribm.hu:80
     ProxyPass /avonxfr http://192.168.173.251/avonxfr
     ProxyPassReverse /avonxfr http://192.168.173.251/avonxfr
 
-    # erste file transfer -> shs.pm.user.hu:80
+    # erste file transfer -> shs.pm.useribm.hu:80
     ProxyPass /erstexfr http://192.168.173.251/erstexfr
     ProxyPassReverse /erstexfr http://192.168.173.251/erstexfr
 
-    # onyf file transfer -> shs.pm.user.hu:80
+    # onyf file transfer -> shs.pm.useribm.hu:80
     ProxyPass /onyfxfr http://192.168.173.251/onyfxfr
     ProxyPassReverse /onyfxfr http://192.168.173.251/onyfxfr
 
-    # ubis file transfer -> shs.pm.user.hu:80
+    # ubis file transfer -> shs.pm.useribm.hu:80
     ProxyPass /ubisxfr http://192.168.173.251/ubisxfr
     ProxyPassReverse /ubisxfr http://192.168.173.251/ubisxfr
 
@@ -52,7 +52,7 @@
         </RequireAny>
     </Directory>
 
-    ProxyPass "/" "http://git.pm.user.hu/"
+    ProxyPass "/" "http://git.pm.useribm.hu/"
 </VirtualHost>
 
 <VirtualHost *:443>
@@ -69,7 +69,7 @@
         </RequireAny>
     </Directory>
 
-    ProxyPass "/" "http://hg.pm.user.hu/"
+    ProxyPass "/" "http://hg.pm.useribm.hu/"
 </VirtualHost>
 
 <VirtualHost *:443>
diff --git a/sources/ws.pm/c3d/postinstall/install-data/usr/local/bin/getletsencrypt.sh b/sources/ws.pm/c3d/postinstall/install-data/usr/local/bin/getletsencrypt.sh
index eb5ba2d..e8161fc 100755
--- a/sources/ws.pm/c3d/postinstall/install-data/usr/local/bin/getletsencrypt.sh
+++ b/sources/ws.pm/c3d/postinstall/install-data/usr/local/bin/getletsencrypt.sh
@@ -1,19 +1,55 @@
 #!/bin/sh
 
 
-if [ -d /etc/letsencrypt ]
-then
-    rm --force --recursive /etc/letsencrypt.old
-    cp --archive /etc/letsencrypt /etc/letsencrypt.old
-fi
+LE_DIRECTORY=/etc/letsencrypt
+OLD_LE_DIRECTORY=/etc/letsencrypt.old
+STAGING_DIRECTORY=/etc/letsencrypt.staging
+TMP_DIRECTORY=$(mktemp --directory)
+
 
 /usr/bin/rsync \
     --archive \
     --delete-after \
     --info=STATS \
     pki.in.useribm.hu::letsencrypt \
-    /etc/letsencrypt
+    $TMP_DIRECTORY
+if [ $? -ne 0 ]
+then
+    rm --force --recursive $TMP_DIRECTORY
+    exit 1
+fi
 
 cp --archive \
     /usr/lib/python3.10/site-packages/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf \
-    /etc/letsencrypt/options-ssl-apache.conf
+    $TMP_DIRECTORY/options-ssl-apache.conf
+
+if [ -d $LE_DIRECTORY ]
+then
+    if [ -d $STAGING_DIRECTORY ]
+    then
+        diff --brief --recursive $STAGING_DIRECTORY $TMP_DIRECTORY
+        DIFFERING=$?
+        if [ $DIFFERING -eq 0 ]
+        then
+            rm --force --recursive $OLD_LE_DIRECTORY
+            rm --force --recursive $TMP_DIRECTORY
+            mv $LE_DIRECTORY $OLD_LE_DIRECTORY
+            mv $STAGING_DIRECTORY $LE_DIRECTORY
+            systemctl restart httpd
+        else
+            rm --force --recursive $STAGING_DIRECTORY
+            mv $TMP_DIRECTORY $STAGING_DIRECTORY
+        fi
+    else
+        diff --brief --recursive $LE_DIRECTORY $TMP_DIRECTORY
+        DIFFERING=$?
+        if [ $DIFFERING -eq 0 ]
+        then
+            rm --force --recursive $TMP_DIRECTORY
+        else
+            mv $TMP_DIRECTORY $STAGING_DIRECTORY
+        fi
+    fi
+else
+    mv $TMP_DIRECTORY $LE_DIRECTORY
+fi
diff --git a/sources/ws.pm/envvars b/sources/ws.pm/envvars
index 4f87544..a2be809 100644
--- a/sources/ws.pm/envvars
+++ b/sources/ws.pm/envvars
@@ -1,3 +1,3 @@
 DISTRIBUTION=Fedora
 DISTRIBUTION_VERSION=36
-SPEC_PACKAGES="httpd mod_ssl python3-certbot-apache rsync"
+SPEC_PACKAGES="cronie httpd mod_ssl python3-certbot-apache rsync"