Skip to content
Snippets Groups Projects
Commit 68ea74c4 authored by Andreas Lindemark's avatar Andreas Lindemark
Browse files

New project called Certbot

parent 0bf28d21
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 345 additions and 0 deletions
Linux/Certbot/README.md 0 → 100644
+ 7
0
View file @ 68ea74c4
# Setup script
sudo chmod 600 /etc/smbcredentials
sudo chown root:root /etc/smbcredentials
sudo chmod 600 /urs/local/sbin/*
sudo chown root:root /urs/local/sbin/*
\ No newline at end of file
Linux/Certbot/etc/cron.d/edgerouter-backup 0 → 100644
+ 2
0
View file @ 68ea74c4
# Run the EdgeRouter backup script daily
15 6 * * * root /usr/local/sbin/fetch-edgerouter-settings.sh edgerouter
\ No newline at end of file
Linux/Certbot/etc/logrotate.d/edgerouter-backups 0 → 100644
+ 9
0
View file @ 68ea74c4
/var/log/edgerouter_backup.log {
daily
rotate 7
compress
missingok
notifempty
delaycompress
copytruncate
}
\ No newline at end of file
Linux/Certbot/usr/local/sbin/deploy-cert-to-edgerouter.sh 0 → 100644
+ 92
0
View file @ 68ea74c4
#!/bin/bash
# /usr/local/sbin/deploy-cert-to-edgerouter.sh
# Check if argument is provided
if [ -z "$1" ]; then
echo "Usage: $0 <config_name>"
exit 1
fi
CONFIG_NAME=$1
# Get the directory of the script
SCRIPT_DIR=$(dirname "$0")
# Source the variables
source "${SCRIPT_DIR}/device_${CONFIG_NAME}.env.sh"
source "${SCRIPT_DIR}/notify_email.env.sh"
# Other variables
DATE=$(date +%Y-%m-%d)
CERT_DIR="/etc/letsencrypt/live/${DOMAIN}"
DATE_FILE="${CERT_DIR}/date.txt"
SUBJECT="Certbot Certificate Deployed for ${DOMAIN}"
BODY="The certificate for ${DOMAIN} was successfully deployed on ${DATE}."
# Mount the SMB share
echo "Mounting SMB share..."
mount -t cifs ${SMB_SHARE} ${SMB_MOUNT} -o credentials=/etc/smbcredentials,vers=3.0,sec=ntlmssp
if [ $? -ne 0 ]; then
echo "Failed to mount SMB share."
exit 1
fi
# Create the subfolder if it doesn't exist
if [ ! -d "${SMB_MOUNT}/${DOMAIN}" ]; then
mkdir "${SMB_MOUNT}/${DOMAIN}"
fi
# Concatenate the certificate files
echo "Combining certificate and private key into a combined file..."
cat ${CERT_DIR}/privkey.pem ${CERT_DIR}/fullchain.pem > ${CERT_DIR}/server.pem
# This part might not work
if [ $? -ne 0 ]; then
echo "Failed to create .pfx file."
exit 1
fi
# Save the date to a file
echo "Save the date ${DATE} to the file ${DATE_FILE}..."
echo ${DATE} > ${DATE_FILE}
# Copy the cert.pem. chain.pem, fullchain.pem, privkey.pem and the date file to the SMB share
echo "Copying cert.pem. chain.pem, fullchain.pem and privkey.pem..."
cp ${CERT_DIR}/cert.pem ${SMB_MOUNT}/${DOMAIN}/
cp ${CERT_DIR}/chain.pem ${SMB_MOUNT}/${DOMAIN}/
cp ${CERT_DIR}/fullchain.pem ${SMB_MOUNT}/${DOMAIN}/
cp ${CERT_DIR}/privkey.pem ${SMB_MOUNT}/${DOMAIN}/
cp ${CERT_DIR}/server.pem ${SMB_MOUNT}/${DOMAIN}/
cp ${DATE_FILE} ${SMB_MOUNT}/${DOMAIN}/
# Unmount the SMB share
echo "Unmounting SMB share..."
umount ${SMB_MOUNT}
if [ $? -ne 0 ]; then
echo "Failed to unmount SMB share."
exit 1
fi
# Upload the concatenated file to the EdgeRouter
echo "Upload the $TMP_FILE to $DOMAIN"
scp ${SSH_OPTS} ${CERT_DIR}/server.pem ${ROUTER_USER}@${ROUTER_IP}:/tmp/server.pem
# SSH into the EdgeRouter and move the file to the correct location and restart lighttpd
echo SSH into the ${DOMAIN} and move the file to the correct location and restart lighttpd
ssh ${SSH_OPTS} ${ROUTER_USER}@${ROUTER_IP} << EOF
set -e
sudo cp /etc/lighttpd/server.pem /config/auth/certificates/server.pem.old
sudo cp /etc/lighttpd/server.pem /etc/lighttpd/server.pem.old
sudo mv /tmp/server.pem /config/auth/certificates/server.pem
sudo chown root:root /config/auth/certificates/server.pem*
sudo chmod 400 /config/auth/certificates/server.pem*
sudo cp /config/auth/certificates/server.pem /etc/lighttpd/server.pem
sudo kill -SIGTERM \$(cat /var/run/lighttpd.pid)
sudo /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
EOF
echo "Certificate transfer completed successfully."
# Send notification E-mail
echo Send notification E-mail
"${SCRIPT_DIR}/notify_email.sh" "${EMAIL}" "${SUBJECT}" "${BODY}" "${FROM_EMAIL}" "${SMTP_SERVER}" "${SMTP_PORT}"
\ No newline at end of file
Linux/Certbot/usr/local/sbin/device_template.env.sh 0 → 100644
+ 14
0
View file @ 68ea74c4
# Template for EdgeRoputer deployment variables
# Copy this file and rename it to match your target (e.g., device_edgerouter.env.sh)
# Variables for edgerouter
# Used by:
# - deploy-cert-to-edgerouter.sh
# - fetch-edgerouter-settings.sh
DOMAIN="edgerouter.example.com" # The certificate domain name
ROUTER_USER="user" # Uername for EdgeRouter
ROUTER_IP="192.168.0.1" # IP-adress to EdgeRouter
SSH_OPTS="-i /root/.ssh/id_rsa -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
SMB_SHARE="//windows.exaple.com/share" # Servername and share to mount
SMB_MOUNT="/mnt/windows-share" # Local path to the mounted share
\ No newline at end of file
Linux/Certbot/usr/local/sbin/fetch-edgerouter-settings.sh 0 → 100644
+ 157
0
View file @ 68ea74c4
#!/bin/bash
# /usr/local/sbin/fetch-edgerouter-settings.sh
# Check if argument is provided
if [ -z "$1" ]; then
echo "Usage: $0 <config_name>"
exit 1
fi
CONFIG_NAME=$1
# Get the directory of the script
SCRIPT_DIR=$(dirname "$0")
# Source the variables
source "${SCRIPT_DIR}/device_${CONFIG_NAME}.env.sh"
source "${SCRIPT_DIR}/notify_email.env.sh"
# Other variables
DATE=$(date +%Y-%m-%d)
TIME=$(date +%H%M)
BACKUP_DIR="/var/backups/${CONFIG_NAME}"
BACKUP_FILE="${CONFIG_NAME}_config_${DATE}_${TIME}.boot"
SUBJECT="EdgeRouter settings download status for ${CONFIG_NAME}"
BODY="The settings from ${DOMAIN} was successfully downloaded on ${DATE}.\n\n"
LOG_FILE="/var/log/${CONFIG_NAME}_backup.log"
LOCKFILE="/tmp/${CONFIG_NAME}_backup.lock"
DRY_RUN=false
# Check for dry-run flag
if [ "$2" == "--dry-run" ]; then
DRY_RUN=true
fi
# Function to log messages
log_message() {
local message="$1"
local timestamp=$(date "+%Y-%m-%d %H:%M:%S")
echo "${message}" # to terminal
echo "${timestamp} | ${message}" >> "${LOG_FILE}" # to log file
}
# Acquire lock to prevent concurrent runs
if [ -e "$LOCKFILE" ]; then
log_message "Script is already running."
exit 1
fi
touch "$LOCKFILE"
trap "rm -f $LOCKFILE" EXIT
# Ensure the backup directory exists
if [ ! -d "${BACKUP_DIR}" ]; then
log_message "Creating backup directory ${BACKUP_DIR}..."
${DRY_RUN} || mkdir -p "${BACKUP_DIR}"
fi
# Download the EdgeRouter settings
log_message "Downloading the EdgeRouter settings..."
${DRY_RUN} || scp -q ${SSH_OPTS} ${ROUTER_USER}@${ROUTER_IP}:/config/config.boot ${BACKUP_DIR}/${BACKUP_FILE}
if [ $? -ne 0 ]; then
log_message "❌ Failed to download settings."
else
log_message "✅ Settings downloaded successfully."
fi
LOCAL_SAVE_SUCCESS=false
# Check if the local backup file exists
if [ -f "${BACKUP_DIR}/${BACKUP_FILE}" ]; then
log_message "✅ Local backup file exists: ${BACKUP_FILE}"
LOCAL_SAVE_SUCCESS=true
else
log_message "❌ Local backup file is missing."
exit 1
fi
# Mount the SMB share with timeout
log_message "Mounting SMB share..."
MOUNT_SUCCESS=true
if ! ${DRY_RUN}; then
timeout 20s mount -t cifs "$SMB_SHARE" "$SMB_MOUNT" -o credentials=/etc/smbcredentials,vers=3.0,sec=ntlmssp
if [ $? -ne 0 ]; then
log_message "❌ Mount SMB share ${SMB_MOUNT} failed or timed out. Skipping SMB-related steps."
MOUNT_SUCCESS=false
else
log_message "✅ SMB share ${SMB_MOUNT} mounted successfully."
fi
fi
REMOTE_SAVE_SUCCESS=false
if $MOUNT_SUCCESS; then
# Create the subfolder if it doesn't exist
if [ ! -d "${SMB_MOUNT}/${DOMAIN}" ]; then
log_message "Creating SMB subfolder ${SMB_MOUNT}/${DOMAIN}..."
${DRY_RUN} || mkdir -p "${SMB_MOUNT}/${DOMAIN}"
fi
# Copy the EdgeRouter settings file to the SMB share
log_message "Copying the EdgeRouter settings file to SMB share..."
if ${DRY_RUN} || cp "${BACKUP_DIR}/${BACKUP_FILE}" "${SMB_MOUNT}/${DOMAIN}/"; then
log_message "✅ Settings file copied successfully to SMB share $SMB_SHARE."
REMOTE_SAVE_SUCCESS=true
else
log_message "❌ Settings file failed to copy to SMB share $SMB_SHARE."
fi
# Check if the remote backup file exists
if [ -f "${SMB_MOUNT}/${DOMAIN}/${BACKUP_FILE}" ]; then
log_message "✅ Remote backup file exists: ${BACKUP_FILE}"
else
log_message "❌ Remote backup file is missing."
fi
# Clean up SMB backups older than 30 days
log_message "Cleaning up SMB backups older than 30 days..."
${DRY_RUN} || find "${SMB_MOUNT}/${DOMAIN}" -type f -name "*.boot" -mtime +30 -print -delete | tee -a "${LOG_FILE}"
# Unmount the SMB share
log_message "Unmounting SMB share..."
${DRY_RUN} || umount "${SMB_MOUNT}"
if [ $? -ne 0 ]; then
log_message "❌ Failed to unmount SMB share $SMB_SHARE."
else
log_message "✅ SMB share $SMB_SHARE unmounted successfully."
fi
fi
# Clean up local backups older than 14 days
log_message "Cleaning up local backups older than 14 days..."
${DRY_RUN} || find "${BACKUP_DIR}" -type f -name "*.boot" -mtime +14 -print -delete | tee -a "${LOG_FILE}"
# Build the email body with status summary
EMAIL_STATUS=""
if $LOCAL_SAVE_SUCCESS; then
EMAIL_STATUS+="✅ Local backup saved successfully, as ${BACKUP_FILE} in the folder ${BACKUP_DIR}.\n"
else
EMAIL_STATUS+="❌ Local backup to in the folder ${BACKUP_DIR} failed.\n"
fi
if $REMOTE_SAVE_SUCCESS; then
EMAIL_STATUS+="✅ Remote backup (SMB) saved successfully, as ${BACKUP_FILE} in the share $SMB_SHARE.\n"
else
EMAIL_STATUS+="❌ Remote backup (SMB) to the share $SMB_SHARE failed or skipped.\n"
fi
BODY="${BODY}${EMAIL_STATUS}"
# Send notification E-mail
log_message "Sending notification E-mail..."
${DRY_RUN} || "${SCRIPT_DIR}/notify_email.sh" "${EMAIL}" "${SUBJECT}" "${BODY}" "${FROM_EMAIL}" "${SMTP_SERVER}" "${SMTP_PORT}"
# Add a blank line at the end of the log for separation
echo "" >> "${LOG_FILE}"
exit 0
Linux/Certbot/usr/local/sbin/letsencrypt_template.env.sh 0 → 100644
+ 11
0
View file @ 68ea74c4
# Template for LetsEncrypt deployment variables
# Copy this file and rename it to match your target (e.g., letsencrypt_server.env.sh)
# Variables for server
# Used by:
# - copy-cert-to-windows.sh
DOMAIN="server.example.com" # The certificate domain name
SMB_SHARE="//windows.example.com/share" # Servername and share to mount
SMB_MOUNT="/mnt/windows-share" # Local path to the mounted share
PASSWORD="Password" # Set a password for the .pfx file
\ No newline at end of file
Linux/Certbot/usr/local/sbin/notify_email.sh 0 → 100644
+ 43
0
View file @ 68ea74c4
#!/bin/bash
# === Usage ===
# ./pysendmail.sh "<to_email>" "<subject>" "<body>" "<from_email>" "<smtp_server>" "<smtp_port>"
# Only the first three arguments are required. The rest have sensible defaults.
# === Positional Arguments ===
TO_EMAIL="$1" # Recipient email address
SUBJECT="$2" # Email subject line
BODY="$3" # Email body content
# === Optional Arguments with Defaults ===
FROM_EMAIL="${4:-root@localhost}" # Sender email address (default: root@localhost)
SMTP_SERVER="${5:-localhost}" # SMTP server address (default: localhost)
SMTP_PORT="${6:-25}" # SMTP server port (default: 25)
# === Python block to send the email ===
# This uses a Python heredoc to embed Python code directly in the Bash script.
python3 - <<EOF
import smtplib
from email.mime.text import MIMEText
import sys
# Create a plain text email message with the provided body
msg = MIMEText("""$BODY""")
msg['Subject'] = "$SUBJECT"
msg['From'] = "$FROM_EMAIL"
msg['To'] = "$TO_EMAIL"
try:
# Connect to the SMTP server
server = smtplib.SMTP("$SMTP_SERVER", $SMTP_PORT)
# Send the email
server.sendmail("$FROM_EMAIL", ["$TO_EMAIL"], msg.as_string())
# Close the connection
server.quit()
except Exception as e:
# Print error to stderr and exit with status 1 if sending fails
print(f"Failed to send email: {e}", file=sys.stderr)
sys.exit(1)
EOF
Linux/Certbot/usr/local/sbin/notify_email_template.env.sh 0 → 100644
+ 10
0
View file @ 68ea74c4
# Template for variables to send notifications via email
# Copy this file and rename it to match your target (e.g., notify_email.env.sh)
# Used by:
# - notify_email.sh
EMAIL="admin@example.com" # Sending to e-mail address
FROM_EMAIL="root@server.example.com" # Sending from e-mail address
SMTP_SERVER="smtp.example.com" # Mail server
SMTP_PORT="25"
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment