-
-
Save PSingletary/626247b68a8ca7cf754266957006c7a1 to your computer and use it in GitHub Desktop.
Script to import an SSL certificate into a Synology NAS.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # The id of the certificate to install. | |
| CERT_ID="$1" | |
| # The packages whose certificate to replace. | |
| CERT_PKGS="${@:2}" | |
| # The directory that holds to certificate to import. | |
| CERT_IMPORT_DIR="/tmp/certificate/$CERT_ID" | |
| # The directories that hold the installed certificates. | |
| CERT_ROOT_DIR="/usr/syno/etc/certificate" | |
| PACKAGE_CERT_ROOT_DIR="/usr/local/etc/certificate" | |
| # The directory that holds the master certificates. | |
| CERT_ARCHIVE_DIR="$CERT_ROOT_DIR/_archive/$CERT_ID" | |
| # Installs a certificate into the certificate repository. | |
| function install_in_archive() { | |
| chown root:root $CERT_IMPORT_DIR/*.pem | |
| rsync -avh "$CERT_IMPORT_DIR/" "$CERT_ARCHIVE_DIR" | |
| chmod 400 "$CERT_ARCHIVE_DIR"/*.pem | |
| rm $CERT_IMPORT_DIR/*.pem | |
| } | |
| # Installs a certificate for one of the system's built-in packages. | |
| function install_in_root() { | |
| # All certificates in the root dir. | |
| local CERT_FILES=$(find $CERT_ROOT_DIR -name cert.pem) | |
| if [ ! -z "$CERT_FILES" ]; then | |
| # Loop over all certificates in the root dir. | |
| for CERT_FILE in $CERT_FILES; do | |
| # Loop over all packages for which to install the certificate. | |
| for CERT_PKG in $CERT_PKGS; do | |
| # Verify that a certificate belongs to one of the packages. | |
| if [[ $CERT_FILE == *"/$CERT_PKG/"* ]] && [[ $CERT_FILE != *"/_archive/"* ]]; then | |
| rsync -avh "$CERT_ARCHIVE_DIR/" "$(dirname $CERT_FILE)" | |
| fi | |
| done | |
| done | |
| # Restart nginx. | |
| /bin/systemctl restart nginx | |
| fi | |
| } | |
| # Installs a certificate for one of the user installed packages. | |
| function install_in_pkgs() { | |
| # All certificates in the packages dir. | |
| local CERT_FILES=$(find $PACKAGE_CERT_ROOT_DIR -name cert.pem) | |
| if [ ! -z "$CERT_FILES" ]; then | |
| # Loop over all certificates in the packages dir. | |
| for CERT_FILE in $CERT_FILES; do | |
| # Loop over all the packages for which to install the certificate. | |
| for CERT_PKG in $CERT_PKGS; do | |
| # Verify that a certificate belongs to one of the packages. | |
| if [[ $CERT_FILE == *"/$CERT_PKG/"* ]]; then | |
| rsync -avh "$CERT_ARCHIVE_DIR/" "$(dirname $CERT_FILE)/" | |
| /usr/syno/bin/synopkg restart $(echo $CERT_FILE | awk -F/ '{print $6}') | |
| fi | |
| done | |
| done | |
| fi | |
| } | |
| install_in_archive | |
| install_in_root | |
| install_in_pkgs |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment