README.md aktualisiert
Signed-off-by: hax <hax@lainlounge.xyz>
This commit is contained in:
parent
51d63e7e3a
commit
54d2cee822
1 changed files with 72 additions and 0 deletions
72
README.md
72
README.md
|
|
@ -1,2 +1,74 @@
|
|||
# Prosxy-Cert-Updater
|
||||
|
||||
This script automates the process of synchronizing wildcard SSL certificates from a remote proxy server to a local Prosody server and restarting Prosody to apply the new certificates.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
Ensure the following requirements are met before running the script:
|
||||
|
||||
1. **SSH Access**: The local machine must have SSH access to the proxy server.
|
||||
2. **Root Privileges**: The script must be executed with sufficient permissions to access and modify certificate files and restart the Prosody service.
|
||||
3. **Bash Shell**: The script is written for the Bash shell.
|
||||
4. **Systemd**: The script assumes Prosody is managed via `systemctl`.
|
||||
|
||||
## Script Details
|
||||
|
||||
### Variables
|
||||
|
||||
- `PROXY_SERVER`: The SSH connection string for the proxy server (e.g., `root@10.64.0.5`).
|
||||
- `REMOTE_CERT_PATH`: Path on the proxy server where the certificates are stored.
|
||||
- `LOCAL_CERT_PATH`: Local path where the certificates should be stored.
|
||||
- `DOMAIN`: Domain name for the certificates.
|
||||
|
||||
### Functions
|
||||
|
||||
#### `backup`
|
||||
Creates a backup of the current certificates in the `backup` folder under the local certificate directory.
|
||||
|
||||
#### `fetch_wildcard_certificate`
|
||||
Transfers the wildcard SSL certificates (`fullchain.pem` and `privkey.pem`) from the remote proxy server to the local certificate directory.
|
||||
|
||||
#### `verify_certificates`
|
||||
Checks if the transferred certificate files exist in the local directory. Exits the script if any files are missing.
|
||||
|
||||
#### `reload_prosody`
|
||||
Reloads the Prosody service to apply the new certificates.
|
||||
|
||||
### Main Workflow
|
||||
1. Create a backup of the existing certificates.
|
||||
2. Fetch new certificates from the proxy server.
|
||||
3. Verify that the certificates were transferred successfully.
|
||||
4. Restart the Prosody service.
|
||||
5. Confirm the process is complete.
|
||||
|
||||
## Usage
|
||||
|
||||
1. Save the script to a file (e.g., `sync_certificates.sh`).
|
||||
2. Make the script executable:
|
||||
```bash
|
||||
chmod +x sync_certificates.sh
|
||||
```
|
||||
3. Run the script as root or with `sudo`:
|
||||
```bash
|
||||
sudo ./sync_certificates.sh
|
||||
```
|
||||
|
||||
## Logs
|
||||
The script outputs progress logs for each step, including error messages if any step fails.
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
- Ensure the `scp` command is installed and properly configured on both the local and remote machines.
|
||||
- Verify the paths to the certificate files on the remote and local machines.
|
||||
- Check the `journalctl` logs if Prosody fails to restart:
|
||||
```bash
|
||||
journalctl -u prosody
|
||||
```
|
||||
|
||||
## License
|
||||
This script is provided "as is" without warranty of any kind. Use it at your own risk.
|
||||
The Project is licensed under AGPL 3 or newer.
|
||||
|
||||
---
|
||||
|
||||
**Note**: Update the `PROXY_SERVER`, `REMOTE_CERT_PATH`, `LOCAL_CERT_PATH`, and `DOMAIN` variables in the script as needed to match your environment.
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue