diff options
| -rwxr-xr-x | acmeman | 74 | ||||
| -rw-r--r-- | lib/App/Acmeman/Source/File.pm | 24 |
2 files changed, 77 insertions, 21 deletions
@@ -86,3 +86,3 @@ B<Acmeman> is normally run periodically as a cronjob. If you plan to serve SSL protected domains using apache, you can skip -right to the B<APACHE> section. +right to the B<apache> section. @@ -129,3 +129,5 @@ program behavior. One of the important settings is B<source>, which declares an external source from which domain settings must be obtained. As -of B<acmeman> version 2.00, the only available external source is B<apache>. +of B<acmeman> version 1.05, the following sources are available: +B<null>, B<apache>, and B<file>. + Consider the following configuration: @@ -213,16 +215,20 @@ same order as they appeared in the configuration file. -=item B<source=>I<ID> [I<LAYOUT>] +=item B<source=>I<ID> [I<ARG>...] Defines additional source of information. B<App::Acmeman> version 1.05 -is shipped with two sources: B<null> and B<apache>. +is shipped with three sources: B<null>, B<apache>, and B<file>. -The B<null> module is an empty source. Use it if all domains are described -in the configuration file. +The B<null> module is an empty source. Command line arguments are ignored. +Use this source if all domains are described in the configuration file. The B<apache> source module is the default. It scans B<httpd> configuration -files as described in section B<APACHE>. The optional I<LAYOUT> argument -defines the apache configuration layout. Allowed values are: B<debian>, -B<slackware>, B<suse> and B<rh> (for Red Hat). If I<LAYOUT> is absent, it +files as described in section B<APACHE>. One argument is allowed. If supplied, +it defines the apache configuration layout. Allowed values are: B<debian>, +B<slackware>, B<suse> and B<rh> (for Red Hat). Without arguments, the layout will be autodetected. +The B<file> source reads domain names from one or more disk files. A +mandatory argument specifies the name of the directory where the files +are located. This mode is suitable for use with B<haproxy> pattern files. + =item B<files=>I<NAME> @@ -347,9 +353,25 @@ be replaced with the actual domain name. Default is B<$domain>. -=head1 APACHE +=head1 SOURCES + +=head2 null + + [core] + source = null + +Declares empty source. This means that B<acmeman> will handle only domain +names explicitly declared in the configuration file using the B<domain> +setting. + +=head2 apache -This is the default mode. It assumes Apache httpd, version 2.4 or later + [core] + source = apache [LAYOUT] + +This is the default source. It assumes Apache httpd, version 2.4 or later (although only minor changes are necessary to make it work with version 2.2). -Four most popular layouts of Apache configuration files are supported: -Debian, Slackware, SuSe, and Red Hat. A special directory should be -configured for receiving ACME challenges. +The optional I<LAYOUT> argument defines the layout of the apache configuration +files. Allowed layout values are: B<debian>, B<slackware>, B<suse> and +B<rh> (for Red Hat). If not supplied, the layout is determined automatically. + +A special directory should be configured for receiving ACME challenges. @@ -365,3 +387,3 @@ B<httpd> server. -=head2 Setup +=head3 Setup @@ -388,3 +410,3 @@ unless given the B<--force> (B<-F>) option. -=head2 Configuring SSL +=head3 Configuring SSL @@ -467,2 +489,22 @@ will use the B<LetsEncryptSSL> macro to configure the correct certificate: +=head2 file + + [core] + source = file PATTERN [--ignore=RX] [--host=HOST] + +Domain names will be read from files matching I<PATTERN>. This argument +can be either a valid globbing pattern or a directory name. In the latter +case, the source module will read all files from that directory, except +those whose names match the following perl regexp: C<^\.|~$|\.bak$|^#.*#$>. +The default regexp can be overridden using the B<--ignore> (B<-i>) option. + +The input files must contain exactly one domain name per line. No empty +lines or comments are allowed. The first domain name will become the B<CN> +of the issued certificate. The rest of domain names will form alternative +names. + +If the B<--host> (B<-h>) option is used, only one certificate will be +issued. The I<HOST> will be used as its B<CN>. All the domain names read +from the input files will form the list of its alternative names. + =head1 OPTIONS diff --git a/lib/App/Acmeman/Source/File.pm b/lib/App/Acmeman/Source/File.pm index 561c279..48a4010 100644 --- a/lib/App/Acmeman/Source/File.pm +++ b/lib/App/Acmeman/Source/File.pm @@ -7,2 +7,3 @@ use File::Spec; use parent 'App::Acmeman::Source'; +use Getopt::Long qw(GetOptionsFromArray :config gnu_getopt no_ignore_case); @@ -12,2 +13,6 @@ sub new { my $ignore = '^\.|~$|\.bak$|^#.*#$'; + my $host; + GetOptionsFromArray(\@_, + 'ignore|i=s' => \$ignore, + 'host|h=s' => \$host); unless ($pattern =~ m{[][*?]}) { @@ -16,3 +21,5 @@ sub new { } - bless { pattern => $pattern, ignore => $ignore }, $class; + bless { pattern => $pattern, + ignore => $ignore, + host => $host }, $class; } @@ -23,2 +30,5 @@ sub scan { my $err = 0; + if ($self->{host}) { + $self->define_domain($self->{host}); + } foreach my $file (glob $self->{pattern}) { @@ -37,8 +47,12 @@ sub load { return 0; - }; + }; chomp(my @lines = <$fh>); close $fh; - my $cn = shift @lines; - $self->define_domain($cn); - $self->define_alias($cn, @lines); + if ($self->{host}) { + $self->define_alias($self->{host}, @lines); + } else { + my $cn = shift @lines; + $self->define_domain($cn); + $self->define_alias($cn, @lines); + } return 1; |