vpt/qcloud-ssl-cdn
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
60134a7338
qcloud-ssl-cdn/docker/update.sh

81 lines
2.6 KiB
Bash
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/sh
set -u
if [ "${ACME_ENABLED:=true}" = "true" ]; then
# 使用acme获取/更新证书
${ACME_HOME}/acme.sh ${ACME_PARAMS:-} \
--force --issue --cert-home ${CERT_HOME} \
-d ${ACME_DOMAIN} -d *.${ACME_DOMAIN} \
--dns ${ACME_DNS_TYPE} \
--key-file ${CERT_HOME}/${ACME_DOMAIN}/yevpt.com.key \
--fullchain-file ${CERT_HOME}/${ACME_DOMAIN}/fullchain.cer
fi
# 添加刷新url
echo "${PUSH_URLS:-}" | tr ',' '\n' > ${WORK_DIR}/urls.txt
if [ -n "${PUSH_URLS_PATH:-}" ]; then
cat "${PUSH_URLS_PATH}" >> ${WORK_DIR}/urls.txt
fi
# 写入腾讯云cdn更新配置
cat>${WORK_DIR}/config.py<<-EOF
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# author: 'zfb'
# time: 2020-12-02 16:15
# 腾讯云支持使用单域名和泛域名的证书,例如
# acme.sh --issue -d "whuzfb.cn" -d "*.whuzfb.cn" --dns dns_dp
# acme.sh --issue -d "blog.whuzfb.cn" --dns dns_dp
# 使用ACME申请的SSL完整证书的本地存放路径
CER_FILE = "${CERT_HOME}/${ACME_DOMAIN}/fullchain.cer"
# 使用ACME申请的SSL证书私钥的本地存放路径
KEY_FILE = "${CERT_HOME}/${ACME_DOMAIN}/${ACME_DOMAIN}.key"
# CDN服务配置的域名需要提前在腾讯云网页前端创建
# 如果ACME申请的证书为泛域名证书且要配置多个CDN加速
# CDN_DOMAIN = ["blog.whuzfb.cn", "blog2.whuzfb.cn", "web.whuzfb.cn"]
CDN_DOMAIN = ["`echo ${CDN_DOMAIN} | sed -e 's/,/","/g'`"]
# 腾讯云https://console.cloud.tencent.com/cam/capi
SECRETID = "${SECRETID}"
SECRETKEY = "${SECRETKEY}"
# 控制功能开关
# 是否进行上传证书文件的操作根据CER_FILE和KEY_FILE
UPLOAD_SSL = True
# 以下为HTTPS额外功能
# 是否开启HTTP2
ENABLE_HTTP2 = True
# 是否开启HSTS
ENABLE_HSTS = True
# 为HSTS设定最长过期时间以秒为单位
HSTS_TIMEOUT_AGE = 31536000
# HSTS包含子域名仅对泛域名有效
HSTS_INCLUDE_SUBDOMAIN = True
# 是否开启OCSP
ENABLE_OCSP = True
# 是否删除适用于CDN_DOMAIN域名下的其他所有证书
# 满足以下条件证书适用于CDN_DOMAIN、证书id不是本次使用的id
DELETE_OLD_CERTS = True
# 是否进行为CDN_DOMAIN更换SSL证书的操作
# 若UPDATE_SSL = True且UPLOAD_SSL = True则CERT_ID可不设置直接利用UPLOAD_SSL的证书
UPDATE_SSL = True
CERT_ID = ""
# 是否进行预热URL的操作
PUSH_URL = True
# 是否进行刷新URL的操作
PURGE_URL = True
# 自定义的预热URL默认会预热sitemap.xml的所有链接文件路径
# 该文件内每行一个URL例如
# https://blog.whuzfb.cn/img/me2.jpg
# https://blog.whuzfb.cn/img/home-bg.jpg
URLS_FILE = "urls.txt"
EOF
# 更新CDN证书
cd ${WORK_DIR} && python main.py
Reference in New Issue View Git Blame Copy Permalink