add cloudflare le-dns support

2017-10-21 14:31:30 +08:00 · 2017-10-21 14:31:30 +08:00 · 950316c221
parent 9469441492
commit 950316c221
4 changed files with 159 additions and 0 deletions
--- a/le-dns/cloudflare-hook.sh
+++ b/le-dns/cloudflare-hook.sh
@ -0,0 +1,22 @@
+#!/bin/bash
+
+function deploy_challenge {
+    local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
+    echo "$DOMAIN" "$TOKEN_FILENAME" "$TOKEN_VALUE"
+    ./cloudflare.sh "$CONFIG" "$DOMAIN" "$TOKEN_VALUE"
+    sleep 15
+}
+
+function clean_challenge {
+    local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
+}
+
+function deploy_cert {
+    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" CHAINFILE="${4}"
+}
+
+function unchanged_cert {
+    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
+}
+
+HANDLER=$1; shift; $HANDLER $@
--- a/le-dns/cloudflare.conf
+++ b/le-dns/cloudflare.conf
@ -0,0 +1,6 @@
+CF_EMAIL="YOUR_EMAIL@gmail.com"
+CF_TOKEN="YOUR_API_TOKEN"
+DOMAIN_NAME="example.com"
+CERT_DOMAINS="example.com www.example.com"
+#ECC=TRUE
+
--- a/le-dns/cloudflare.sh
+++ b/le-dns/cloudflare.sh
@ -0,0 +1,94 @@
+#!/usr/bin/env sh
+
+CONFIG=$1
+DOMAIN_FULL=$2
+TXT_TOKEN=$3
+
+if [ ! -f "$CONFIG" ];then
+    echo "ERROR, CONFIG NOT EXIST."
+    exit 1
+fi
+
+# shellcheck source=/dev/null
+. "$CONFIG"
+
+SUB_DOMAIN=${DOMAIN_FULL%$DOMAIN}
+
+if [ -z "$SUB_DOMAIN" ];then
+    HOST="_acme-challenge"
+else
+    HOST="_acme-challenge.${SUB_DOMAIN%.}"
+fi 
+
+# we get them automatically for you
+CF_ZONE_ID=""
+CF_DOMAIN_ID=""
+
+jsonValue() {
+    KEY=$1
+    num=$2
+    awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'"$KEY"'\042/){print $(i+1)}}}' | tr -d '"' | sed -n "${num}"p
+}
+
+
+getZoneID() {
+  CF_ZONE_ID=$(curl -s \
+    -X GET "https://api.cloudflare.com/client/v4/zones?name=${DOMAIN_NAME}" \
+    -H "X-Auth-Email: ${CF_EMAIL}" \
+    -H "X-Auth-Key: ${CF_TOKEN}" \
+    -H "Content-Type: application/json"| \
+    jsonValue id 1)
+}
+
+getDomainID() {
+  CF_DOMAIN_ID=$(curl -s \
+    -X GET "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/dns_records?name=${HOST}" \
+    -H "X-Auth-Email: ${CF_EMAIL}" \
+    -H "X-Auth-Key: ${CF_TOKEN}" \
+    -H "Content-Type: application/json" | \
+    jsonValue id 1)
+}
+
+createDomain() {
+  RESULT=$(curl -s \
+    -X POST "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/dns_records" \
+    -H "X-Auth-Email: ${CF_EMAIL}" \
+    -H "X-Auth-Key: ${CF_TOKEN}" \
+    -H "Content-Type: application/json" \
+    --data '{"type":"TXT","name":"'"${HOST}"'","content":"'"${TXT_TOKEN}"'","ttl":1,"proxied":false}' | \
+    jsonValue success 1)
+
+    if [ "$RESULT" = "true" ];then
+        echo "$(date) -- Update success"
+    else
+        echo "$(date) -- Update failed"
+    fi
+
+}
+
+updateDomain() {
+  RESULT=$(curl -s \
+    -X PUT "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/dns_records/${CF_DOMAIN_ID}" \
+    -H "X-Auth-Email: ${CF_EMAIL}" \
+    -H "X-Auth-Key: ${CF_TOKEN}" \
+    -H "Content-Type: application/json" \
+    --data '{"type":"TXT","name":"'"${HOST}"'","content":"'"${TXT_TOKEN}"'","ttl":1,"proxied":false}' | \
+    jsonValue success 1)
+
+    if [ "$RESULT" = "true" ];then
+        echo "$(date) -- Update success"
+    else
+        echo "$(date) -- Update failed"
+    fi
+
+}
+
+getZoneID
+getDomainID
+
+if [ -z "$CF_DOMAIN_ID" ];then
+    createDomain
+else
+    updateDomain
+fi
+
--- a/le-dns/le-cloudflare.sh
+++ b/le-dns/le-cloudflare.sh
@ -0,0 +1,37 @@
+#!/bin/bash
+
+export CONFIG=$1
+
+if [ -f "$CONFIG" ];then
+    . "$CONFIG"
+    DIRNAME=$(dirname "$CONFIG")
+    cd "$DIRNAME" || exit 1
+else
+    echo "ERROR CONFIG."
+    exit 1
+fi
+
+echo "$CERT_DOMAINS" > domains.txt
+
+if [ ! -f "cloudflare.sh" ];then
+    wget https://github.com/xdtianyu/scripts/raw/master/le-dns/cloudflare.sh -O cloudflare.sh -o /dev/null
+    chmod +x cloudflare.sh
+fi
+
+if [ ! -f "cloudflare-hook.sh" ];then
+    wget https://github.com/xdtianyu/scripts/raw/master/le-dns/cloudflare-hook.sh -O cloudflare-hook.sh -o /dev/null
+    chmod +x cloudflare-hook.sh
+fi
+
+if [ ! -f "letsencrypt.sh" ];then
+    wget https://raw.githubusercontent.com/lukas2511/dehydrated/master/dehydrated -O letsencrypt.sh -o /dev/null
+    chmod +x letsencrypt.sh
+fi
+
+if [ "$ECC" = "TRUE" ];then
+    ./letsencrypt.sh -c -k ./cloudflare-hook.sh -t dns-01 -a secp384r1
+else
+    ./letsencrypt.sh -c -k ./cloudflare-hook.sh -t dns-01
+fi
+
+chown -R www-data:www-data certs