forked from turnkeylinux/confconsole
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
unfinished hacking... still requires integration with the hook script
- Loading branch information
1 parent
0e8cb45
commit 87988b2
Showing
3 changed files
with
224 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,180 @@ | ||
#!/bin/bash -e | ||
|
||
# Copyright (c) 2019 TurnKey GNU/Linux - https://www.turnkeylinux.org | ||
# | ||
# add-water-ctl - Script to control add-water HTTP Let's Encrypt challenge | ||
# server | ||
# | ||
# This file is part of Confconsole. | ||
# | ||
# Confconsole is free software; you can redistribute it and/or modify it | ||
# under the terms of the GNU Affero General Public License as published by the | ||
# Free Software Foundation; either version 3 of the License, or (at your | ||
# option) any later version. | ||
|
||
[ "$DEBUG" = "y" ] && set -x | ||
|
||
|
||
ADD_WATER_BIN_DEFAULT="/usr/lib/confconsole/plugins.d/Lets_Encrypt/add-water" | ||
ADD_WATER_LOG_DEFAULT="/var/log/confconsole/letsencrypt.log" | ||
ADD_WATER_USR_DEFAULT="www-data" | ||
ADD_WATER_PID_DEFAULT="/var/run/add-water/pid" | ||
|
||
AW_BIN="${AW_BIN:-${ADD_WATER_BIN_DEFAULT}}" | ||
AW_LOG="${AW_LOG:-${ADD_WATER_LOG_DEFAULT}}" | ||
AW_USR="${AW_USR:-${ADD_WATER_USR_DEFAULT}}" | ||
AW_PID="${AW_PID:-${ADD_WATER_PID_DEFAULT}}" | ||
|
||
CTL_LOG="${CTL_LOG:-${AW_LOG}}" | ||
|
||
mkdir -p "$(dirname $AW_PID)" "$(dirname $AW_LOG)" "$(dirname $CTL_LOG)" | ||
touch $AW_LOG | ||
chown -R $AW_USR "$(dirname $AW_PID)" "$(dirname $AW_LOG)" | ||
|
||
AUTHBIND80=/etc/authbind/byport/80 | ||
[ -f "$AUTHBIND80" ] || touch "$AUTHBIND80" | ||
AUTHBIND_USR=$(stat --format '%U' $AUTHBIND80) | ||
EXIT_CODE=0 | ||
|
||
usage() { | ||
echo "$@" | ||
cat<<EOF | ||
Syntax: $APP start TOKEN_PATH | stop [-d PIDFILE ] [-l LOGFILE] | ||
Wrapper script for add-water challenge server for dehydrated on TurnKey Linux. | ||
Provides a clean interface to start/stop add-water. | ||
This file is part of confconsole. | ||
Environment variables: | ||
DEBUG=y $APP will be very verbose (set -x) | ||
AW_BIN Path to add-water binary | ||
default: $ADD_WATER_BIN_DEFAULT | ||
AW_LOG Path to add-water log file | ||
default: $ADD_WATER_LOG_DEFAULT | ||
AW_USR User account to use when running add-water | ||
default: $ADD_WATER_USR_DEFAULT | ||
AW_PID Path to add-water PID file | ||
default: $ADD_WATER_PID_DEFAULT | ||
Arguments: | ||
start TOKEN_PATH | ||
- Start add-water server (daemon), serving TOKEN_PATH. | ||
If already running, will stop first, then start. | ||
stop | ||
- Stop add-water server. | ||
Options: | ||
-d PIDFILE |--daemonize PIDFILE | ||
- daemonize add-water, storing pid value in PIDFILE | ||
- default behaviour is equiavlent to: | ||
-d \$AW_PID | ||
-l LOGFILE | --logfile LOGFILE | ||
- log file to write to | ||
- default behviour is equivalent to: | ||
-l \$AW_LOG | ||
EOF | ||
exit 1 | ||
} | ||
|
||
fatal() { | ||
echo "[$(date "+%Y-%m-%d %H:%M:%S")] $APP: FATAL: $@" >&2 > >(tee -a $CTL_LOG >&2) | ||
} | ||
|
||
warning() { | ||
echo "[$(date "+%Y-%m-%d %H:%M:%S")] $APP: WARNING: $@" | tee -a $CTL_LOG | ||
} | ||
|
||
check_80() { | ||
# returns 'PID/process_name' of what is running on port 80 | ||
netstat -ltpn | grep ":80 " | head -1 | tr -s '[[:space:]]' '\n' \ | ||
| tail -1 | ||
} | ||
|
||
check_80_pid() { | ||
# returns PID of what is running on port 80 | ||
check_80 | cut -d/ -f1 | ||
} | ||
|
||
check_80_actual_proc() { | ||
# In the case of add-water; check_80_proc returns 'python'; this returns | ||
# the full path of the process associated with PID running on port 80. | ||
# E.g. in the case of add-water; returns 'add-water' | ||
ps -p $(check_80_pid) -o comm= | ||
} | ||
|
||
status() { | ||
# returns one of: | ||
# 'running' - add-water running | ||
# 'blocked' - add-water not running; port 80 in use | ||
# 'available' - add-water not ruuning; port 80 free | ||
# | ||
# even though we have a pid file we're not using it as a race condition | ||
# has been causing the pidfile to mismatch the pid, so we'll just use | ||
# the info we can get from port 80 | ||
|
||
if [ "$(check_80_actual_proc)" = 'add-water' ]; then | ||
echo "running" | ||
elif [ "$(check_80)" != "" ]; then | ||
echo "blocked" | ||
else | ||
echo "available" | ||
fi | ||
} | ||
|
||
start() { | ||
path_to_serve=$1 | ||
[ "$(status)" = 'running' ] && stop | ||
$AW_BIN -d $pidfile -l $logfile $path_to_serve | ||
} | ||
|
||
stop() { | ||
if [ "$(status)" = 'running' ]; then | ||
sleep 1 | ||
kill -9 $(check_80_pid) | ||
rm -f $pidfile | ||
elif [ "$status" = 'blocked' ]; then | ||
warning "add-water not running and port 80 in use" | ||
fi | ||
# just pass if port 80 is free | ||
} | ||
|
||
[ "$EUID" = "0" ] || fatal "$APP must be run as root" | ||
[ -x "$AW_BIN" ] || fatal "add-water binary not found: $AW_BIN" | ||
|
||
unset command pidfile logfile | ||
while [[ $# -gt 0 ]]; do | ||
case $1 in | ||
start) command="start $2"; shift;; | ||
stop) command="stop";; | ||
status) command="status";; | ||
-d|--damonize) pidfile=$2; shift;; | ||
-l|--logfile) logfile=$2; shift;; | ||
-l|--help) usage;; | ||
*) usage "FATAL: unsupported or unknown argument: '$1'";; | ||
esac | ||
shift | ||
done | ||
[ -n "$command" ] || usage "$APP $@" | ||
[ -n "$pidfile" ] || pidfile="$AW_PID" | ||
[ -n "$logfile" ] || logfile="$AW_LOG" | ||
export pidfile logfile | ||
$command | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters