/renew-hook-update-apisix.sh Secret
Last active
April 21, 2024 16:54
-
-
Save overstarry/0f5c2cf7cd4ccfe653dfa071390ae90b to your computer and use it in GitHub Desktop.
auto update apisix ssl by acme.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# author anjia0532@gmail.com | |
# blog https://anjia0532.github.io/ | |
# github https://github.com/anjia0532 | |
# this script depend on jq,check it first | |
RED='\033[0;31m' | |
NC='\033[0m' # No Color | |
if ! [ -x "$(command -v jq)" ]; then | |
echo -e "${RED}Error: jq is not installed.${NC}" >&2 | |
exit 1 | |
fi | |
if ! [ -x "$(command -v openssl)" ]; then | |
echo -e "${RED}Error: openssl is not installed.${NC}" >&2 | |
exit 1 | |
fi | |
if ! [ -x "$(command -v ~/.acme.sh/acme.sh)" ]; then | |
echo -e "${RED}Error: acme.sh is not installed.(doc https://github.com/acmesh-official/acme.sh/wiki/How-to-install)${NC}" >&2 | |
exit 1 | |
fi | |
usage () { echo "Usage : $0 -h <apisix admin host> -p <certificate pem file> -k <certificate private key file> -a <admin api key> -t <print debug info switch off/on,default off>"; } | |
# parse args | |
while getopts "h:p:k:a:t:" opts; do | |
case ${opts} in | |
h) HOST=${OPTARG} ;; | |
p) PEM=${OPTARG} ;; | |
k) KEY=${OPTARG} ;; | |
a) API_KEY=${OPTARG} ;; | |
t) DEBUG=${OPTARG} ;; | |
*) usage; exit;; | |
esac | |
done | |
# those args must be not null | |
if [ ! "$HOST" ] || [ ! "$PEM" ] || [ ! "$KEY" ] || [ ! "$API_KEY" ] | |
then | |
usage | |
exit 1 | |
fi | |
# optional args,set default value | |
[ -z "$DEBUG" ] && DEBUG=off | |
# print vars key and value when DEBUG eq on | |
[[ "on" == "$DEBUG" ]] && echo -e "HOST:${HOST} API_KEY:${API_KEY} PEM FILE:${PEM} KEY FILE:${KEY} DEBUG:${DEBUG}" | |
# get all ssl and filter this one by sni name | |
cert_content=$(curl --silent --location --request GET "${HOST}/apisix/admin/ssls/" \ | |
--header "X-API-KEY: ${API_KEY}" \ | |
--header 'Content-Type: application/json' | jq "first(.list[]| select(.value.snis[] | contains(\"$(openssl x509 -in $PEM -noout -text|grep -oP '(?<=DNS:|IP Address:)[^,]+'|sort|head -n1)\")))") | |
validity_start=$(date --date="$(openssl x509 -startdate -noout -in $PEM|cut -d= -f 2)" +"%s") | |
validity_end=$(date --date="$(openssl x509 -enddate -noout -in $PEM|cut -d= -f 2)" +"%s") | |
# create a new ssl when it not exist | |
if [ -z "$cert_content" ] | |
then | |
cert_content="{\"snis\":[],\"status\": 1}" | |
# read domains from pem file by openssl | |
snis=$(openssl x509 -in $PEM -noout -text|grep -oP '(?<=DNS:|IP Address:)[^,]+'|sort) | |
for sni in ${snis[@]} ; do | |
cert_content=$(echo $cert_content | jq ".snis += [\"$sni\"]") | |
done | |
cert_content=$(echo $cert_content | jq ".|.cert = \"$(cat $PEM)\"|.key = \"$(cat $KEY)\"|.validity_start=${validity_start}|.validity_end=${validity_end}") | |
cert_update_result=$(curl --silent --location --request POST "${HOST}/apisix/admin/ssls/" \ | |
--header "X-API-KEY: ${API_KEY}" \ | |
--header 'Content-Type: application/json' \ | |
--data "$cert_content" ) | |
[[ "on" == "$DEBUG" ]] && echo -e "cert_content: \n${cert_content}\n\ncreate result json:\n\n${cert_update_result}" | |
else | |
# get exist ssl id | |
URI=$(echo $cert_content | jq -r ".key") | |
ID=$(echo ${URI##*/}) | |
# get exist ssl certificate json , modify cert and key value | |
cert_content=$(echo $cert_content | jq ".value|.cert = \"$(cat $PEM)\"|.key = \"$(cat $KEY)\"|.id=\"${ID}\"|.update_time=$(date +'%s')|.validity_start=${validity_start}|.validity_end=${validity_end}") | |
# update apisix ssl | |
cert_update_result=$(curl --silent --location --request PUT "${HOST}/apisix/admin/ssls/${ID}" \ | |
--header "X-API-KEY: ${API_KEY}" \ | |
--header 'Content-Type: application/json' \ | |
--data "$cert_content" ) | |
[[ "on" == "$DEBUG" ]] && echo -e "cert_content: \n${cert_content}\n\nupdate result json:\n\n${cert_update_result}" | |
fi | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment