mirror of
https://github.com/blakeblackshear/frigate.git
synced 2024-11-21 19:07:46 +01:00
bccffe6670
* implement self signed cert and monitor/reload * move go2rtc upstream to separate file * add directory for ACME challenges * make certsync more resilient * add TLS docs * add jwt secret info to docs
53 lines
1.2 KiB
Plaintext
Executable File
53 lines
1.2 KiB
Plaintext
Executable File
#!/command/with-contenv bash
|
|
# shellcheck shell=bash
|
|
# Start the CERTSYNC service
|
|
|
|
set -o errexit -o nounset -o pipefail
|
|
|
|
# Logs should be sent to stdout so that s6 can collect them
|
|
|
|
echo "[INFO] Starting certsync..."
|
|
|
|
lefile="/etc/letsencrypt/live/frigate/fullchain.pem"
|
|
|
|
|
|
while true
|
|
do
|
|
|
|
if [ ! -e $lefile ]
|
|
then
|
|
echo "[ERROR] TLS certificate does not exist: $lefile"
|
|
fi
|
|
|
|
leprint=`openssl x509 -in $lefile -fingerprint -noout || echo 'failed'`
|
|
|
|
case "$leprint" in
|
|
*Fingerprint*)
|
|
;;
|
|
*)
|
|
echo "[ERROR] Missing fingerprint from $lefile"
|
|
;;
|
|
esac
|
|
|
|
liveprint=`echo | openssl s_client -showcerts -connect 127.0.0.1:443 2>&1 | openssl x509 -fingerprint | grep -i fingerprint || echo 'failed'`
|
|
|
|
case "$liveprint" in
|
|
*Fingerprint*)
|
|
;;
|
|
*)
|
|
echo "[ERROR] Missing fingerprint from current nginx TLS cert"
|
|
;;
|
|
esac
|
|
|
|
if [[ "$leprint" != "failed" && "$liveprint" != "failed" && "$leprint" != "$liveprint" ]]
|
|
then
|
|
echo "[INFO] Reloading nginx to refresh TLS certificate"
|
|
echo "$lefile: $leprint"
|
|
/usr/local/nginx/sbin/nginx -s reload
|
|
fi
|
|
|
|
sleep 60
|
|
|
|
done
|
|
|
|
exit 0 |