zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-08-05 17:18:04 +02:00
Code Issues Projects Releases Packages Wiki Activity

Added automatic reload of EPP server certificates

Browse source
This commit is contained in:
Pinga 2025-05-22 14:29:50 +03:00
parent d7f004e6a2
commit 165a059c7d
7 changed files with 148 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

62
docs/update1021.sh
View file

@ -169,6 +169,68 @@ curl -o /etc/ssl/certs/tmch.pem https://ca.icann.org/tmch.crt
curl -o /etc/ssl/certs/tmch_pilot.pem https://ca.icann.org/tmch_pilot.crt
chmod 644 /etc/ssl/certs/tmch.pem /etc/ssl/certs/tmch_pilot.pem
echo "Updating EPP server configuration."
CADDYFILE="/etc/caddy/Caddyfile"
CBACKUP="/etc/caddy/Caddyfile.bak.$(date +%F-%H%M%S)"
# Step 0: Backup original Caddyfile
cp "$CADDYFILE" "$CBACKUP"
echo "Caddy backup saved to $CBACKUP"
rdap_line=$(grep -E '^\s*rdap\.[^ ]+\s*\{' "$CADDYFILE")
bind_line=$(grep -A 3 "$rdap_line" "$CADDYFILE" | grep -E '^\s*bind\s')
base_domain=$(echo "$rdap_line" | sed -E "s/^\s*rdap\.([^ ]+)\s*\{/\1/")
bind_values=$(echo "$bind_line" | sed -E 's/^\s*bind\s+//')
cat <<EOF >> "$CADDYFILE"
epp.$base_domain {
bind $bind_values
redir https://cp.$base_domain{uri}
}
EOF
echo "Added EPP block for epp.$base_domain with bind: $bind_values"
systemctl reload caddy
sleep 5
ln -sf /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/epp.$base_domain/epp.$base_domain.crt /opt/registry/epp/epp.crt
ln -sf /var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/epp.$base_domain/epp.$base_domain.key /opt/registry/epp/epp.key
CONFIG_FILE="/opt/registry/epp/config.php"
NEW_CERT="/opt/registry/epp/epp.crt"
NEW_KEY="/opt/registry/epp/epp.key"
sed -i \
-e "s|^\(\s*'ssl_cert'\s*=>\s*\).*|\\1'$NEW_CERT',|" \
-e "s|^\(\s*'ssl_key'\s*=>\s*\).*|\\1'$NEW_KEY',|" \
"$CONFIG_FILE"
SERVICE_SRC="/opt/registry/docs/namingo-epp-reload.service"
PATH_SRC="/opt/registry/docs/namingo-epp-reload.path"
SERVICE_DEST="/etc/systemd/system/namingo-epp-reload.service"
PATH_DEST="/etc/systemd/system/namingo-epp-reload.path"
if [[ ! -f "$SERVICE_SRC" || ! -f "$PATH_SRC" ]]; then
echo "Error: Required files not found in /opt/registry/docs/"
exit 1
fi
echo "Copying systemd service and path files..."
cp "$SERVICE_SRC" "$SERVICE_DEST"
cp "$PATH_SRC" "$PATH_DEST"
echo "Reloading systemd daemon..."
systemctl daemon-reexec
systemctl daemon-reload
echo "Enabling and starting namingo-epp-reload.path..."
systemctl enable --now namingo-epp-reload.path
# Start services
echo "Starting services..."
systemctl start epp