hoellen/dockerfiles
1
0
Fork 0
mirror of https://github.com/hoellen/dockerfiles.git synced 2025-07-02 23:25:41 +00:00
Code Issues Projects Releases Wiki Activity

reverse: add certificate transprency support

Browse Source
This commit is contained in:
root
2017-09-18 19:50:56 +02:00
parent c8ca237ca7
commit 3ade350cd8
5 changed files with 40 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
reverse/rootfs/usr/local/bin/check_certs
View File

@ -35,6 +35,7 @@ f_check_certs() {
KEYFILE=/nginx/ssl/certificates/${domain}.key
CHAINFILE=/nginx/ssl/certificates/${domain}.chain.pem
FULLCHAINFILE=/nginx/ssl/certificates/${domain}.crt
SCTFILE=/nginx/ssl/timestamps/${domain}/fullchain.sct
mkdir -p /nginx/www/${domain}
openssl x509 -checkend 864000 -noout -in "${FULLCHAINFILE}"
@ -48,6 +49,9 @@ f_check_certs() {
head -$(grep -n "END CERTIFICATE" ${FULLCHAINFILE} | head -1 | cut -d: -f1) ${FULLCHAINFILE} > ${CERTFILE}
tail -$(($(wc -l ${FULLCHAINFILE} | awk '{print $1}')-$(grep -n "END CERTIFICATE" ${FULLCHAINFILE} | head -1 | cut -d: -f1))) ${FULLCHAINFILE} > ${CHAINFILE}
RELOAD_NGINX=1
if [ -f ${SCTFILE} ]; then
ct-submit ct.googleapis.com/pilot <${FULLCHAINFILE}>${SCTFILE}
fi
f_log INF "New Certificate for ${domain} generated"
fi
else