gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
750f79db3c
secubox-openwrt/package/secubox/secubox-app-haproxy/files/usr/lib/acme/deploy/haproxy.sh
CyberMind-FR ab34719f9f feat(secubox-core): Add secubox-landing page generator 
- Add secubox-landing script to generate landing pages from HAProxy vhosts
- Integrate landing command into secubox CLI
- Add boot hook to regenerate landing pages on startup
- Fix HAProxy multi-cert SNI using crt-list instead of directory mode
- Fix backend IPs from 127.0.0.1 to 192.168.255.1 for LXC compatibility
- Auto-convert localhost IPs in RPCD handler and CLI tools

Landing page features:
- Groups all services by zone with stats header
- Shows SSL certificate status per domain
- Categorizes by type: Streamlit, Blog, Admin, Media, Dev, etc.
- Regenerates at boot (30s after startup)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-08 06:15:37 +01:00

58 lines
1.8 KiB
Bash
Raw Blame History

#!/bin/sh
# ACME deploy hook for HAProxy
# Combines fullchain + private key into single .pem file
# Usage: Called by acme.sh after certificate issuance/renewal
HAPROXY_CERTS_DIR="/srv/haproxy/certs"
# acme.sh passes these environment variables:
# DOMAIN - the domain name
# CERT_PATH - path to the domain certificate
# KEY_PATH - path to the domain private key
# CA_PATH - path to the intermediate CA certificate
# FULLCHAIN_PATH - path to the full chain certificate
# CERT_KEY_PATH - same as KEY_PATH
deploy() {
local domain="$1"
local key_path="$2"
local cert_path="$3"
local ca_path="$4"
local fullchain_path="$5"
[ -z "$domain" ] && { echo "Error: domain required"; return 1; }
mkdir -p "$HAPROXY_CERTS_DIR"
# Use fullchain if available, otherwise use cert + ca
local combined_cert=""
if [ -n "$fullchain_path" ] && [ -f "$fullchain_path" ]; then
combined_cert="$fullchain_path"
elif [ -n "$cert_path" ] && [ -f "$cert_path" ]; then
combined_cert="$cert_path"
else
echo "Error: No certificate file found for $domain"
return 1
fi
if [ -z "$key_path" ] || [ ! -f "$key_path" ]; then
echo "Error: No key file found for $domain"
return 1
fi
# Combine fullchain + private key for HAProxy
echo "Deploying certificate for $domain to HAProxy..."
cat "$combined_cert" "$key_path" > "$HAPROXY_CERTS_DIR/$domain.pem"
chmod 600 "$HAPROXY_CERTS_DIR/$domain.pem"
echo "Certificate deployed: $HAPROXY_CERTS_DIR/$domain.pem"
# Regenerate certs.list for multi-certificate SNI support
/usr/sbin/haproxy-sync-certs 2>/dev/null || true
return 0
}
# Entry point for acme.sh deploy hook
deploy "$Le_Domain" "$CERT_KEY_PATH" "$CERT_PATH" "$CA_CERT_PATH" "$CERT_FULLCHAIN_PATH"
Reference in New Issue View Git Blame Copy Permalink