2024-06-01 17:29:46 +02:00
|
|
|
#!/command/with-contenv bash
|
|
|
|
|
# shellcheck shell=bash
|
|
|
|
|
# Start the CERTSYNC service
|
|
|
|
|
|
|
|
|
|
set -o errexit -o nounset -o pipefail
|
|
|
|
|
|
|
|
|
|
# Logs should be sent to stdout so that s6 can collect them
|
|
|
|
|
|
|
|
|
|
echo "[INFO] Starting certsync..."
|
|
|
|
|
|
|
|
|
|
lefile="/etc/letsencrypt/live/frigate/fullchain.pem"
|
|
|
|
|
|
2024-06-02 14:48:28 +02:00
|
|
|
tls_enabled=`python3 /usr/local/nginx/get_tls_settings.py | jq -r .enabled`
|
2024-06-01 17:29:46 +02:00
|
|
|
|
|
|
|
|
while true
|
|
|
|
|
do
|
2024-06-02 14:48:28 +02:00
|
|
|
if [[ "$tls_enabled" == 'false' ]]; then
|
|
|
|
|
sleep 9999
|
|
|
|
|
continue
|
|
|
|
|
fi
|
2024-06-01 17:29:46 +02:00
|
|
|
|
|
|
|
|
if [ ! -e $lefile ]
|
|
|
|
|
then
|
|
|
|
|
echo "[ERROR] TLS certificate does not exist: $lefile"
|
|
|
|
|
fi
|
|
|
|
|
|
2024-06-02 14:48:28 +02:00
|
|
|
leprint=`openssl x509 -in $lefile -fingerprint -noout 2>&1 || echo 'failed'`
|
2024-06-01 17:29:46 +02:00
|
|
|
|
|
|
|
|
case "$leprint" in
|
|
|
|
|
*Fingerprint*)
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
echo "[ERROR] Missing fingerprint from $lefile"
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
2024-06-02 14:48:28 +02:00
|
|
|
liveprint=`echo | openssl s_client -showcerts -connect 127.0.0.1:8080 2>&1 | openssl x509 -fingerprint 2>&1 | grep -i fingerprint || echo 'failed'`
|
2024-06-01 17:29:46 +02:00
|
|
|
|
|
|
|
|
case "$liveprint" in
|
|
|
|
|
*Fingerprint*)
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
echo "[ERROR] Missing fingerprint from current nginx TLS cert"
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
if [[ "$leprint" != "failed" && "$liveprint" != "failed" && "$leprint" != "$liveprint" ]]
|
|
|
|
|
then
|
|
|
|
|
echo "[INFO] Reloading nginx to refresh TLS certificate"
|
|
|
|
|
echo "$lefile: $leprint"
|
|
|
|
|
/usr/local/nginx/sbin/nginx -s reload
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
sleep 60
|
|
|
|
|
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
exit 0
|
