diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2018-05-07 11:27:28 +0300 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2018-05-07 11:27:28 +0300 |
commit | 95c82ca2a5562e60463a38519157ae1a8b60ac1a (patch) | |
tree | 5a6062e7b3cacb3a7da79d4f099d90003352745b | |
parent | d76f2f28aaff86ffd7e4a049d5ce7cd91885805f (diff) | |
download | acmeman-95c82ca2a5562e60463a38519157ae1a8b60ac1a.tar.gz acmeman-95c82ca2a5562e60463a38519157ae1a8b60ac1a.tar.bz2 |
Improve "file" source
* lib/App/Acmeman/Source/File.pm (new): New options --ignore and
--host.
* acmeman: Document the "file" source.
-rwxr-xr-x | acmeman | 74 | ||||
-rw-r--r-- | lib/App/Acmeman/Source/File.pm | 24 |
2 files changed, 77 insertions, 21 deletions
@@ -84,7 +84,7 @@ scans B<apache> configuration files for a list of domains. | |||
84 | B<Acmeman> is normally run periodically as a cronjob. | 84 | B<Acmeman> is normally run periodically as a cronjob. |
85 | 85 | ||
86 | If you plan to serve SSL protected domains using apache, you can skip | 86 | If you plan to serve SSL protected domains using apache, you can skip |
87 | right to the B<APACHE> section. | 87 | right to the B<apache> section. |
88 | 88 | ||
89 | The following is a short introduction to the B<acmeman> configuration. For | 89 | The following is a short introduction to the B<acmeman> configuration. For |
90 | a detailed discussion, see the B<CONFIGURATION> section below. | 90 | a detailed discussion, see the B<CONFIGURATION> section below. |
@@ -127,7 +127,9 @@ the B<domain> section lacks the B<files> keyword. | |||
127 | The special section B<[core]> contains basic settings that control the | 127 | The special section B<[core]> contains basic settings that control the |
128 | program behavior. One of the important settings is B<source>, which declares | 128 | program behavior. One of the important settings is B<source>, which declares |
129 | an external source from which domain settings must be obtained. As | 129 | an external source from which domain settings must be obtained. As |
130 | of B<acmeman> version 2.00, the only available external source is B<apache>. | 130 | of B<acmeman> version 1.05, the following sources are available: |
131 | B<null>, B<apache>, and B<file>. | ||
132 | |||
131 | Consider the following configuration: | 133 | Consider the following configuration: |
132 | 134 | ||
133 | [core] | 135 | [core] |
@@ -211,20 +213,24 @@ server (or whatever server is using the certificates). If more than one | |||
211 | B<postrenew> statements are defined, they will be run in sequence, in the | 213 | B<postrenew> statements are defined, they will be run in sequence, in the |
212 | same order as they appeared in the configuration file. | 214 | same order as they appeared in the configuration file. |
213 | 215 | ||
214 | =item B<source=>I<ID> [I<LAYOUT>] | 216 | =item B<source=>I<ID> [I<ARG>...] |
215 | 217 | ||
216 | Defines additional source of information. B<App::Acmeman> version 1.05 | 218 | Defines additional source of information. B<App::Acmeman> version 1.05 |
217 | is shipped with two sources: B<null> and B<apache>. | 219 | is shipped with three sources: B<null>, B<apache>, and B<file>. |
218 | 220 | ||
219 | The B<null> module is an empty source. Use it if all domains are described | 221 | The B<null> module is an empty source. Command line arguments are ignored. |
220 | in the configuration file. | 222 | Use this source if all domains are described in the configuration file. |
221 | 223 | ||
222 | The B<apache> source module is the default. It scans B<httpd> configuration | 224 | The B<apache> source module is the default. It scans B<httpd> configuration |
223 | files as described in section B<APACHE>. The optional I<LAYOUT> argument | 225 | files as described in section B<APACHE>. One argument is allowed. If supplied, |
224 | defines the apache configuration layout. Allowed values are: B<debian>, | 226 | it defines the apache configuration layout. Allowed values are: B<debian>, |
225 | B<slackware>, B<suse> and B<rh> (for Red Hat). If I<LAYOUT> is absent, it | 227 | B<slackware>, B<suse> and B<rh> (for Red Hat). Without arguments, the layout |
226 | will be autodetected. | 228 | will be autodetected. |
227 | 229 | ||
230 | The B<file> source reads domain names from one or more disk files. A | ||
231 | mandatory argument specifies the name of the directory where the files | ||
232 | are located. This mode is suitable for use with B<haproxy> pattern files. | ||
233 | |||
228 | =item B<files=>I<NAME> | 234 | =item B<files=>I<NAME> |
229 | 235 | ||
230 | Identifies the B<[files]> section which describes how to create certificate | 236 | Identifies the B<[files]> section which describes how to create certificate |
@@ -345,13 +351,29 @@ be replaced with the actual domain name. Default is B<$domain>. | |||
345 | 351 | ||
346 | =back | 352 | =back |
347 | 353 | ||
348 | =head1 APACHE | 354 | =head1 SOURCES |
355 | |||
356 | =head2 null | ||
357 | |||
358 | [core] | ||
359 | source = null | ||
360 | |||
361 | Declares empty source. This means that B<acmeman> will handle only domain | ||
362 | names explicitly declared in the configuration file using the B<domain> | ||
363 | setting. | ||
364 | |||
365 | =head2 apache | ||
349 | 366 | ||
350 | This is the default mode. It assumes Apache httpd, version 2.4 or later | 367 | [core] |
368 | source = apache [LAYOUT] | ||
369 | |||
370 | This is the default source. It assumes Apache httpd, version 2.4 or later | ||
351 | (although only minor changes are necessary to make it work with version 2.2). | 371 | (although only minor changes are necessary to make it work with version 2.2). |
352 | Four most popular layouts of Apache configuration files are supported: | 372 | The optional I<LAYOUT> argument defines the layout of the apache configuration |
353 | Debian, Slackware, SuSe, and Red Hat. A special directory should be | 373 | files. Allowed layout values are: B<debian>, B<slackware>, B<suse> and |
354 | configured for receiving ACME challenges. | 374 | B<rh> (for Red Hat). If not supplied, the layout is determined automatically. |
375 | |||
376 | A special directory should be configured for receiving ACME challenges. | ||
355 | 377 | ||
356 | The package provides two Apache macros: for serving ACME challenges and | 378 | The package provides two Apache macros: for serving ACME challenges and |
357 | declaring SSL virtual hosts. | 379 | declaring SSL virtual hosts. |
@@ -363,7 +385,7 @@ predefined number of seconds (24 hours by default). If any of the | |||
363 | certificates were updated during the run, B<acmeman> will restart the | 385 | certificates were updated during the run, B<acmeman> will restart the |
364 | B<httpd> server. | 386 | B<httpd> server. |
365 | 387 | ||
366 | =head2 Setup | 388 | =head3 Setup |
367 | 389 | ||
368 | To set up the necessary infrastructure, run B<acmeman --setup>. It will | 390 | To set up the necessary infrastructure, run B<acmeman --setup>. It will |
369 | create the configuration file B<httpd-letsencrypt.conf>, defining two | 391 | create the configuration file B<httpd-letsencrypt.conf>, defining two |
@@ -386,7 +408,7 @@ domain, and F<privkey.pem>, containing the private key for that domain. | |||
386 | The program will refuse to overwrite existing files B<httpd-letsencrypt.conf>, | 408 | The program will refuse to overwrite existing files B<httpd-letsencrypt.conf>, |
387 | unless given the B<--force> (B<-F>) option. | 409 | unless given the B<--force> (B<-F>) option. |
388 | 410 | ||
389 | =head2 Configuring SSL | 411 | =head3 Configuring SSL |
390 | 412 | ||
391 | To declare that a virtual host needs SSL certificate, add the following | 413 | To declare that a virtual host needs SSL certificate, add the following |
392 | line to the Apache B<VirtualHost> block serving plain HTTP for that host: | 414 | line to the Apache B<VirtualHost> block serving plain HTTP for that host: |
@@ -465,6 +487,26 @@ will use the B<LetsEncryptSSL> macro to configure the correct certificate: | |||
465 | ... | 487 | ... |
466 | </VirtualHost> | 488 | </VirtualHost> |
467 | 489 | ||
490 | =head2 file | ||
491 | |||
492 | [core] | ||
493 | source = file PATTERN [--ignore=RX] [--host=HOST] | ||
494 | |||
495 | Domain names will be read from files matching I<PATTERN>. This argument | ||
496 | can be either a valid globbing pattern or a directory name. In the latter | ||
497 | case, the source module will read all files from that directory, except | ||
498 | those whose names match the following perl regexp: C<^\.|~$|\.bak$|^#.*#$>. | ||
499 | The default regexp can be overridden using the B<--ignore> (B<-i>) option. | ||
500 | |||
501 | The input files must contain exactly one domain name per line. No empty | ||
502 | lines or comments are allowed. The first domain name will become the B<CN> | ||
503 | of the issued certificate. The rest of domain names will form alternative | ||
504 | names. | ||
505 | |||
506 | If the B<--host> (B<-h>) option is used, only one certificate will be | ||
507 | issued. The I<HOST> will be used as its B<CN>. All the domain names read | ||
508 | from the input files will form the list of its alternative names. | ||
509 | |||
468 | =head1 OPTIONS | 510 | =head1 OPTIONS |
469 | 511 | ||
470 | =over 4 | 512 | =over 4 |
diff --git a/lib/App/Acmeman/Source/File.pm b/lib/App/Acmeman/Source/File.pm index 561c279..48a4010 100644 --- a/lib/App/Acmeman/Source/File.pm +++ b/lib/App/Acmeman/Source/File.pm | |||
@@ -5,22 +5,32 @@ use warnings; | |||
5 | use Carp; | 5 | use Carp; |
6 | use File::Spec; | 6 | use File::Spec; |
7 | use parent 'App::Acmeman::Source'; | 7 | use parent 'App::Acmeman::Source'; |
8 | use Getopt::Long qw(GetOptionsFromArray :config gnu_getopt no_ignore_case); | ||
8 | 9 | ||
9 | sub new { | 10 | sub new { |
10 | my $class = shift; | 11 | my $class = shift; |
11 | my $pattern = shift || croak "file name or globbing pattern must be given"; | 12 | my $pattern = shift || croak "file name or globbing pattern must be given"; |
12 | my $ignore = '^\.|~$|\.bak$|^#.*#$'; | 13 | my $ignore = '^\.|~$|\.bak$|^#.*#$'; |
14 | my $host; | ||
15 | GetOptionsFromArray(\@_, | ||
16 | 'ignore|i=s' => \$ignore, | ||
17 | 'host|h=s' => \$host); | ||
13 | unless ($pattern =~ m{[][*?]}) { | 18 | unless ($pattern =~ m{[][*?]}) { |
14 | $pattern =~ s{/$}{}; | 19 | $pattern =~ s{/$}{}; |
15 | $pattern = File::Spec->catfile($pattern, '*'); | 20 | $pattern = File::Spec->catfile($pattern, '*'); |
16 | } | 21 | } |
17 | bless { pattern => $pattern, ignore => $ignore }, $class; | 22 | bless { pattern => $pattern, |
23 | ignore => $ignore, | ||
24 | host => $host }, $class; | ||
18 | } | 25 | } |
19 | 26 | ||
20 | sub scan { | 27 | sub scan { |
21 | my ($self) = @_; | 28 | my ($self) = @_; |
22 | $self->debug(1, "initializing file list from $self->{pattern}"); | 29 | $self->debug(1, "initializing file list from $self->{pattern}"); |
23 | my $err = 0; | 30 | my $err = 0; |
31 | if ($self->{host}) { | ||
32 | $self->define_domain($self->{host}); | ||
33 | } | ||
24 | foreach my $file (glob $self->{pattern}) { | 34 | foreach my $file (glob $self->{pattern}) { |
25 | next if $file =~ m{$self->{ignore}}; | 35 | next if $file =~ m{$self->{ignore}}; |
26 | $err |= $self->load($file); | 36 | $err |= $self->load($file); |
@@ -35,12 +45,16 @@ sub load { | |||
35 | or do { | 45 | or do { |
36 | $self->error("can't open $file: $!"); | 46 | $self->error("can't open $file: $!"); |
37 | return 0; | 47 | return 0; |
38 | }; | 48 | }; |
39 | chomp(my @lines = <$fh>); | 49 | chomp(my @lines = <$fh>); |
40 | close $fh; | 50 | close $fh; |
41 | my $cn = shift @lines; | 51 | if ($self->{host}) { |
42 | $self->define_domain($cn); | 52 | $self->define_alias($self->{host}, @lines); |
43 | $self->define_alias($cn, @lines); | 53 | } else { |
54 | my $cn = shift @lines; | ||
55 | $self->define_domain($cn); | ||
56 | $self->define_alias($cn, @lines); | ||
57 | } | ||
44 | return 1; | 58 | return 1; |
45 | } | 59 | } |
46 | 60 | ||