deploy/gcore_cdn.sh

   1 #!/usr/bin/env sh
   2
   3 # Here is the script to deploy the cert to G-Core CDN service (https://gcore.com/) using the G-Core Labs API (https://apidocs.gcore.com/cdn).
   4 # Returns 0 when success.
   5 #
   6 # Written by temoffey <temofffey@gmail.com>
   7 # Public domain, 2019
   8 # Update by DreamOfIce <admin@dreamofice.cn> in 2023
   9
  10 #export DEPLOY_GCORE_CDN_USERNAME=myusername
  11 #export DEPLOY_GCORE_CDN_PASSWORD=mypassword
  12
  13 ########  Public functions #####################
  14
  15 #domain keyfile certfile cafile fullchain
  16
  17 gcore_cdn_deploy() {
  18   _cdomain="$1"
  19   _ckey="$2"
  20   _ccert="$3"
  21   _cca="$4"
  22   _cfullchain="$5"
  23
  24   _debug _cdomain "$_cdomain"
  25   _debug _ckey "$_ckey"
  26   _debug _ccert "$_ccert"
  27   _debug _cca "$_cca"
  28   _debug _cfullchain "$_cfullchain"
  29
  30   _fullchain=$(tr '\r\n' '*#' <"$_cfullchain" | sed 's/*#/#/g;s/##/#/g;s/#/\\n/g')
  31   _key=$(tr '\r\n' '*#' <"$_ckey" | sed 's/*#/#/g;s/#/\\n/g')
  32
  33   _debug _fullchain "$_fullchain"
  34   _debug _key "$_key"
  35
  36   if [ -z "$DEPLOY_GCORE_CDN_USERNAME" ]; then
  37     if [ -z "$Le_Deploy_gcore_cdn_username" ]; then
  38       _err "Please define the target username: export DEPLOY_GCORE_CDN_USERNAME=username"
  39       return 1
  40     fi
  41   else
  42     Le_Deploy_gcore_cdn_username="$DEPLOY_GCORE_CDN_USERNAME"
  43     _savedomainconf Le_Deploy_gcore_cdn_username "$Le_Deploy_gcore_cdn_username"
  44   fi
  45
  46   if [ -z "$DEPLOY_GCORE_CDN_PASSWORD" ]; then
  47     if [ -z "$Le_Deploy_gcore_cdn_password" ]; then
  48       _err "Please define the target password: export DEPLOY_GCORE_CDN_PASSWORD=password"
  49       return 1
  50     fi
  51   else
  52     Le_Deploy_gcore_cdn_password="$DEPLOY_GCORE_CDN_PASSWORD"
  53     _savedomainconf Le_Deploy_gcore_cdn_password "$Le_Deploy_gcore_cdn_password"
  54   fi
  55
  56   _info "Get authorization token"
  57   _request="{\"username\":\"$Le_Deploy_gcore_cdn_username\",\"password\":\"$Le_Deploy_gcore_cdn_password\"}"
  58   _debug _request "$_request"
  59   export _H1="Content-Type:application/json"
  60   _response=$(_post "$_request" "https://api.gcore.com/auth/jwt/login")
  61   _debug _response "$_response"
  62   _regex=".*\"access\":\"\([-._0-9A-Za-z]*\)\".*$"
  63   _debug _regex "$_regex"
  64   _token=$(echo "$_response" | sed -n "s/$_regex/\1/p")
  65   _debug _token "$_token"
  66
  67   if [ -z "$_token" ]; then
  68     _err "Error G-Core Labs API authorization"
  69     return 1
  70   fi
  71
  72   _info "Find CDN resource with cname $_cdomain"
  73   export _H2="Authorization:Bearer $_token"
  74   _response=$(_get "https://api.gcore.com/cdn/resources")
  75   _debug _response "$_response"
  76   _regex="\"primary_resource\":null},"
  77   _debug _regex "$_regex"
  78   _response=$(echo "$_response" | sed "s/$_regex/$_regex\n/g")
  79   _debug _response "$_response"
  80   _regex="^.*\"cname\":\"$_cdomain\".*$"
  81   _debug _regex "$_regex"
  82   _resource=$(echo "$_response" | _egrep_o "$_regex")
  83   _debug _resource "$_resource"
  84   _regex=".*\"id\":\([0-9]*\).*$"
  85   _debug _regex "$_regex"
  86   _resourceId=$(echo "$_resource" | sed -n "s/$_regex/\1/p")
  87   _debug _resourceId "$_resourceId"
  88   _regex=".*\"sslData\":\([0-9]*\).*$"
  89   _debug _regex "$_regex"
  90   _sslDataOld=$(echo "$_resource" | sed -n "s/$_regex/\1/p")
  91   _debug _sslDataOld "$_sslDataOld"
  92   _regex=".*\"originGroup\":\([0-9]*\).*$"
  93   _debug _regex "$_regex"
  94   _originGroup=$(echo "$_resource" | sed -n "s/$_regex/\1/p")
  95   _debug _originGroup "$_originGroup"
  96
  97   if [ -z "$_resourceId" ] || [ -z "$_originGroup" ]; then
  98     _err "Not found CDN resource with cname $_cdomain"
  99     return 1
 100   fi
 101
 102   _info "Add new SSL certificate"
 103   _date=$(date "+%d.%m.%Y %H:%M:%S")
 104   _request="{\"name\":\"$_cdomain ($_date)\",\"sslCertificate\":\"$_fullchain\",\"sslPrivateKey\":\"$_key\"}"
 105   _debug _request "$_request"
 106   _response=$(_post "$_request" "https://api.gcore.com/cdn/sslData")
 107   _debug _response "$_response"
 108   _regex=".*\"id\":\([0-9]*\).*$"
 109   _debug _regex "$_regex"
 110   _sslDataAdd=$(echo "$_response" | sed -n "s/$_regex/\1/p")
 111   _debug _sslDataAdd "$_sslDataAdd"
 112
 113   if [ -z "$_sslDataAdd" ]; then
 114     _err "Error new SSL certificate add"
 115     return 1
 116   fi
 117
 118   _info "Update CDN resource"
 119   _request="{\"originGroup\":$_originGroup,\"sslData\":$_sslDataAdd}"
 120   _debug _request "$_request"
 121   _response=$(_post "$_request" "https://api.gcore.com/cdn/resources/$_resourceId" '' "PUT")
 122   _debug _response "$_response"
 123   _regex=".*\"sslData\":\([0-9]*\).*$"
 124   _debug _regex "$_regex"
 125   _sslDataNew=$(echo "$_response" | sed -n "s/$_regex/\1/p")
 126   _debug _sslDataNew "$_sslDataNew"
 127
 128   if [ "$_sslDataNew" != "$_sslDataAdd" ]; then
 129     _err "Error CDN resource update"
 130     return 1
 131   fi
 132
 133   if [ -z "$_sslDataOld" ] || [ "$_sslDataOld" = "null" ]; then
 134     _info "Not found old SSL certificate"
 135   else
 136     _info "Delete old SSL certificate"
 137     _response=$(_post '' "https://api.gcore.com/cdn/sslData/$_sslDataOld" '' "DELETE")
 138     _debug _response "$_response"
 139   fi
 140
 141   _info "Certificate successfully deployed"
 142   return 0
 143 }