paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[ACME] Allow to skip http verification

master
andryyy 2019-03-29 07:46:52 +01:00
parent 9378a34adb
commit b42d0df8e2
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
1 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
data/Dockerfiles/acme/docker-entrypoint.sh
View File

@ -5,6 +5,16 @@ exec 5>&1
# Thanks to https://github.com/cvmiller -> https://github.com/cvmiller/expand6 # Thanks to https://github.com/cvmiller -> https://github.com/cvmiller/expand6
source /srv/expand6.sh source /srv/expand6.sh
# Skipping IP check when we like to live dangerously
if [[ "${SKIP_IP_CHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
SKIP_IP_CHECK=y
fi
# Skipping HTTP check when we like to live dangerously
if [[ "${SKIP_HTTP_VERIFICATION}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
SKIP_HTTP_VERIFICATION=y
fi
log_f() { log_f() {
if [[ ${2} == "no_nl" ]]; then if [[ ${2} == "no_nl" ]]; then
echo -n "$(date) - ${1}" echo -n "$(date) - ${1}"
@ -120,7 +130,10 @@ verify_challenge_path(){
# verify_challenge_path URL 4|6 # verify_challenge_path URL 4|6
RAND_FILE=${RANDOM}${RANDOM}${RANDOM} RAND_FILE=${RANDOM}${RANDOM}${RANDOM}
touch /var/www/acme/${RAND_FILE} touch /var/www/acme/${RAND_FILE}
if [[ "$(curl -${2} http://${1}/.well-known/acme-challenge/${RAND_FILE} --write-out %{http_code} --silent --output /dev/null)" =~ ^(2|3) ]]; then if [[ ${SKIP_HTTP_VERIFICATION} == "y" ]]; then
echo '(skipping check, returning 0)'
return 0
elif [[ "$(curl -${2} http://${1}/.well-known/acme-challenge/${RAND_FILE} --write-out %{http_code} --silent --output /dev/null)" =~ ^(2|3) ]]; then
rm /var/www/acme/${RAND_FILE} rm /var/www/acme/${RAND_FILE}
return 0 return 0
else else
@ -199,11 +212,6 @@ while true; do
chmod 600 ${ACME_BASE}/acme/key.pem chmod 600 ${ACME_BASE}/acme/key.pem
chmod 600 ${ACME_BASE}/acme/account.pem chmod 600 ${ACME_BASE}/acme/account.pem
# Skipping IP check when we like to live dangerously
if [[ "${SKIP_IP_CHECK}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
SKIP_IP_CHECK=y
fi
# Cleaning up and init validation arrays # Cleaning up and init validation arrays
unset SQL_DOMAIN_ARR unset SQL_DOMAIN_ARR
unset VALIDATED_CONFIG_DOMAINS unset VALIDATED_CONFIG_DOMAINS