aboutsummaryrefslogblamecommitdiff
path: root/files/usr/local/libexec/prosody-acme-proxy.xmpp_server
blob: 70faddd160e80b107998f048d00b7c3daab494a5 (plain) (tree) 
99b8524







































2c9845d

99b8524














1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

40

41
42
43
44
45
46
47
48
49
50
51
52
53
54







































                                                              
                                                













                                                                            
#!/bin/sh

# Retrieves ACME certificates from a different host over SFTP.
# Reloads prosody if any certificates were changed.

set -eu -o pipefail

PROSODY_USER=prosody
CERT_DIR=/usr/local/etc/prosody/certs
CHECKSUM_FILE="${CERT_DIR}/certs.md5"

prog=$(basename "$(readlink -f "$0")")
usage="${prog} [-q] USER@TARGET_HOST DOMAIN..."

usage(){
  printf 'usage: %s\n' "$usage" 1>&2
  exit 2
}

while getopts hq opt; do
  case $opt in
    h) usage ;;
    q) exec 1>/dev/null ;;
  esac
done
shift $((OPTIND - 1))

[ $# -ge 2 ] || usage
acmeproxy_target=$1; shift

# Get md5 of any existing certificates.
touch "$CHECKSUM_FILE"
md5_old=$(cat "$CHECKSUM_FILE")

# Retrieve certs from the proxy host via SFTP.
{ printf 'lcd %s\n' "$CERT_DIR"
  printf 'get certs/%s.crt\n' "$@"
  printf 'get certs/%s.key\n' "$@"
  printf 'quit\n'
} | /usr/local/bin/sftp -b - "$acmeproxy_target"

# Get md5 of the new certificates.
md5_new=$(md5sum "$CERT_DIR"/*.crt "$CERT_DIR"/*.key | tee "$CHECKSUM_FILE")

# If any certificates differ, reload prosody.
if [ "$md5_old" != "$md5_new" ]; then
  if prosodyctl status >/dev/null 2>&1; then
    prosodyctl reload
  else
    echo 'prosody not running, not reloading'
  fi
else
  echo 'certificates unchanged'
fi
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-28 12:20:39 -0500