3 # This deploy hook is tested on OpenMediaVault 5.x. It supports both local and remote deployment.
4 # The way it works is that if a cert with the matching domain name is not found, it will firstly create a dummy cert to get its uuid, and then replace it with your cert.
6 # DEPLOY_OMV_WEBUI_ADMIN - This is OMV web gui admin account. Default value is admin. It's required as the user parameter (-u) for the omv-rpc command.
7 # DEPLOY_OMV_HOST and DEPLOY_OMV_SSH_USER are optional. They are used for remote deployment through ssh (support public key authentication only). Per design, OMV web gui admin doesn't have ssh permission, so another account is needed for ssh.
9 # returns 0 means success, otherwise error.
11 ######## Public functions #####################
13 #domain keyfile certfile cafile fullchain
14 openmediavault_deploy
() {
21 _debug _cdomain
"$_cdomain"
23 _debug _ccert
"$_ccert"
25 _debug _cfullchain
"$_cfullchain"
27 _getdeployconf DEPLOY_OMV_WEBUI_ADMIN
29 if [ -z "$DEPLOY_OMV_WEBUI_ADMIN" ]; then
30 DEPLOY_OMV_WEBUI_ADMIN
="admin"
33 _savedeployconf DEPLOY_OMV_WEBUI_ADMIN
"$DEPLOY_OMV_WEBUI_ADMIN"
35 _getdeployconf DEPLOY_OMV_HOST
36 _getdeployconf DEPLOY_OMV_SSH_USER
38 if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then
39 _info
"[OMV deploy-hook] Deploy certificate remotely through ssh."
40 _savedeployconf DEPLOY_OMV_HOST
"$DEPLOY_OMV_HOST"
41 _savedeployconf DEPLOY_OMV_SSH_USER
"$DEPLOY_OMV_SSH_USER"
43 _info
"[OMV deploy-hook] Deploy certificate locally."
46 if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then
48 _command
="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{\"start\": 0, \"limit\": -1}' | jq -r '.data[] | select(.name==\"/CN='$_cdomain'\") | .uuid'"
49 # shellcheck disable=SC2029
50 _uuid
=$
(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
51 _debug _command
"$_command"
53 if [ -z "$_uuid" ]; then
54 _info
"[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!"
55 _command
="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{\"cn\": \"test.example.com\", \"size\": 4096, \"days\": 3650, \"c\": \"\", \"st\": \"\", \"l\": \"\", \"o\": \"\", \"ou\": \"\", \"email\": \"\"}' | jq -r '.uuid'"
56 # shellcheck disable=SC2029
57 _uuid
=$
(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
58 _debug _command
"$_command"
60 if [ -z "$_uuid" ]; then
61 _err
"[OMV deploy-hook] An error occured while creating the certificate"
66 _info
"[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid"
67 _fullchain
=$
(jq
<"$_cfullchain" -aRs .
)
68 _key
=$
(jq
<"$_ckey" -aRs .
)
70 _debug _fullchain
"$_fullchain"
73 _info
"[OMV deploy-hook] Updating key and certificate in openmediavault"
74 _command
="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'"
75 # shellcheck disable=SC2029
76 _result
=$
(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
78 _debug _command
"$_command"
79 _debug _result
"$_result"
81 _command
="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')"
82 # shellcheck disable=SC2029
83 _result
=$
(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
85 _debug _command
"$_command"
86 _debug _result
"$_result"
88 _info
"[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)"
89 _command
="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'"
90 # shellcheck disable=SC2029
91 _result
=$
(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
93 _debug _command
"$_command"
94 _debug _result
"$_result"
96 _info
"[OMV deploy-hook] Asking nginx to reload"
97 _command
="nginx -s reload"
98 # shellcheck disable=SC2029
99 _result
=$
(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
101 _debug _command
"$_command"
102 _debug _result
"$_result"
106 # shellcheck disable=SC2086
107 _uuid
=$
(omv-rpc
-u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{"start": 0, "limit": -1}' | jq
-r '.data[] | select(.name=="/CN='$_cdomain'") | .uuid')
108 if [ -z "$_uuid" ]; then
109 _info
"[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!"
110 # shellcheck disable=SC2086
111 _uuid
=$
(omv-rpc
-u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{"cn": "test.example.com", "size": 4096, "days": 3650, "c": "", "st": "", "l": "", "o": "", "ou": "", "email": ""}' | jq
-r '.uuid')
113 if [ -z "$_uuid" ]; then
114 _err
"[OMB deploy-hook] An error occured while creating the certificate"
119 _info
"[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid"
120 _fullchain
=$
(jq
<"$_cfullchain" -aRs .
)
121 _key
=$
(jq
<"$_ckey" -aRs .
)
123 _debug _fullchain
"$_fullchain"
126 _info
"[OMV deploy-hook] Updating key and certificate in openmediavault"
127 _command
="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'"
128 _result
=$
(eval "$_command")
130 _debug _command
"$_command"
131 _debug _result
"$_result"
133 _command
="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')"
134 _result
=$
(eval "$_command")
136 _debug _command
"$_command"
137 _debug _result
"$_result"
139 _info
"[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)"
140 _command
="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'"
141 _result
=$
(eval "$_command")
143 _debug _command
"$_command"
144 _debug _result
"$_result"
146 _info
"[OMV deploy-hook] Asking nginx to reload"
147 _command
="nginx -s reload"
148 _result
=$
(eval "$_command")
150 _debug _command
"$_command"
151 _debug _result
"$_result"