summaryrefslogtreecommitdiffabout
authorSergey Poznyakoff <gray@gnu.org.ua>2018-05-07 08:27:28 (GMT)
committer Sergey Poznyakoff <gray@gnu.org.ua>2018-05-07 08:27:28 (GMT)
commit95c82ca2a5562e60463a38519157ae1a8b60ac1a (patch) (side-by-side diff)
tree5a6062e7b3cacb3a7da79d4f099d90003352745b
parentd76f2f28aaff86ffd7e4a049d5ce7cd91885805f (diff)
downloadacmeman-95c82ca2a5562e60463a38519157ae1a8b60ac1a.tar.gz
acmeman-95c82ca2a5562e60463a38519157ae1a8b60ac1a.tar.bz2
Improve "file" source
* lib/App/Acmeman/Source/File.pm (new): New options --ignore and --host. * acmeman: Document the "file" source.
Diffstat (more/less context) (ignore whitespace changes)
-rwxr-xr-xacmeman74
-rw-r--r--lib/App/Acmeman/Source/File.pm24
2 files changed, 77 insertions, 21 deletions
diff --git a/acmeman b/acmeman
index 7edd5e0..143ef43 100755
--- a/acmeman
+++ b/acmeman
@@ -86,3 +86,3 @@ B<Acmeman> is normally run periodically as a cronjob.
If you plan to serve SSL protected domains using apache, you can skip
-right to the B<APACHE> section.
+right to the B<apache> section.
@@ -129,3 +129,5 @@ program behavior. One of the important settings is B<source>, which declares
an external source from which domain settings must be obtained. As
-of B<acmeman> version 2.00, the only available external source is B<apache>.
+of B<acmeman> version 1.05, the following sources are available:
+B<null>, B<apache>, and B<file>.
+
Consider the following configuration:
@@ -213,16 +215,20 @@ same order as they appeared in the configuration file.
-=item B<source=>I<ID> [I<LAYOUT>]
+=item B<source=>I<ID> [I<ARG>...]
Defines additional source of information. B<App::Acmeman> version 1.05
-is shipped with two sources: B<null> and B<apache>.
+is shipped with three sources: B<null>, B<apache>, and B<file>.
-The B<null> module is an empty source. Use it if all domains are described
-in the configuration file.
+The B<null> module is an empty source. Command line arguments are ignored.
+Use this source if all domains are described in the configuration file.
The B<apache> source module is the default. It scans B<httpd> configuration
-files as described in section B<APACHE>. The optional I<LAYOUT> argument
-defines the apache configuration layout. Allowed values are: B<debian>,
-B<slackware>, B<suse> and B<rh> (for Red Hat). If I<LAYOUT> is absent, it
+files as described in section B<APACHE>. One argument is allowed. If supplied,
+it defines the apache configuration layout. Allowed values are: B<debian>,
+B<slackware>, B<suse> and B<rh> (for Red Hat). Without arguments, the layout
will be autodetected.
+The B<file> source reads domain names from one or more disk files. A
+mandatory argument specifies the name of the directory where the files
+are located. This mode is suitable for use with B<haproxy> pattern files.
+
=item B<files=>I<NAME>
@@ -347,9 +353,25 @@ be replaced with the actual domain name. Default is B<$domain>.
-=head1 APACHE
+=head1 SOURCES
+
+=head2 null
+
+ [core]
+ source = null
+
+Declares empty source. This means that B<acmeman> will handle only domain
+names explicitly declared in the configuration file using the B<domain>
+setting.
+
+=head2 apache
-This is the default mode. It assumes Apache httpd, version 2.4 or later
+ [core]
+ source = apache [LAYOUT]
+
+This is the default source. It assumes Apache httpd, version 2.4 or later
(although only minor changes are necessary to make it work with version 2.2).
-Four most popular layouts of Apache configuration files are supported:
-Debian, Slackware, SuSe, and Red Hat. A special directory should be
-configured for receiving ACME challenges.
+The optional I<LAYOUT> argument defines the layout of the apache configuration
+files. Allowed layout values are: B<debian>, B<slackware>, B<suse> and
+B<rh> (for Red Hat). If not supplied, the layout is determined automatically.
+
+A special directory should be configured for receiving ACME challenges.
@@ -365,3 +387,3 @@ B<httpd> server.
-=head2 Setup
+=head3 Setup
@@ -388,3 +410,3 @@ unless given the B<--force> (B<-F>) option.
-=head2 Configuring SSL
+=head3 Configuring SSL
@@ -467,2 +489,22 @@ will use the B<LetsEncryptSSL> macro to configure the correct certificate:
+=head2 file
+
+ [core]
+ source = file PATTERN [--ignore=RX] [--host=HOST]
+
+Domain names will be read from files matching I<PATTERN>. This argument
+can be either a valid globbing pattern or a directory name. In the latter
+case, the source module will read all files from that directory, except
+those whose names match the following perl regexp: C<^\.|~$|\.bak$|^#.*#$>.
+The default regexp can be overridden using the B<--ignore> (B<-i>) option.
+
+The input files must contain exactly one domain name per line. No empty
+lines or comments are allowed. The first domain name will become the B<CN>
+of the issued certificate. The rest of domain names will form alternative
+names.
+
+If the B<--host> (B<-h>) option is used, only one certificate will be
+issued. The I<HOST> will be used as its B<CN>. All the domain names read
+from the input files will form the list of its alternative names.
+
=head1 OPTIONS
diff --git a/lib/App/Acmeman/Source/File.pm b/lib/App/Acmeman/Source/File.pm
index 561c279..48a4010 100644
--- a/lib/App/Acmeman/Source/File.pm
+++ b/lib/App/Acmeman/Source/File.pm
@@ -7,2 +7,3 @@ use File::Spec;
use parent 'App::Acmeman::Source';
+use Getopt::Long qw(GetOptionsFromArray :config gnu_getopt no_ignore_case);
@@ -12,2 +13,6 @@ sub new {
my $ignore = '^\.|~$|\.bak$|^#.*#$';
+ my $host;
+ GetOptionsFromArray(\@_,
+ 'ignore|i=s' => \$ignore,
+ 'host|h=s' => \$host);
unless ($pattern =~ m{[][*?]}) {
@@ -16,3 +21,5 @@ sub new {
}
- bless { pattern => $pattern, ignore => $ignore }, $class;
+ bless { pattern => $pattern,
+ ignore => $ignore,
+ host => $host }, $class;
}
@@ -23,2 +30,5 @@ sub scan {
my $err = 0;
+ if ($self->{host}) {
+ $self->define_domain($self->{host});
+ }
foreach my $file (glob $self->{pattern}) {
@@ -37,8 +47,12 @@ sub load {
return 0;
- };
+ };
chomp(my @lines = <$fh>);
close $fh;
- my $cn = shift @lines;
- $self->define_domain($cn);
- $self->define_alias($cn, @lines);
+ if ($self->{host}) {
+ $self->define_alias($self->{host}, @lines);
+ } else {
+ my $cn = shift @lines;
+ $self->define_domain($cn);
+ $self->define_alias($cn, @lines);
+ }
return 1;

Return to:

Send suggestions and report system problems to the System administrator.