PrivLab/Traefik
0
Fork 0
Code Actions Releases 1 Activity
Files
release
Traefik/root/etc/traefik/acme/00-export
Cantibra a32a62ed73
All checks were successful
Traefik (Bookworm) / Traefik [arm64] (push) Successful in 1m9s
Details
Traefik (Bookworm) / Traefik [amd64] (push) Successful in 1m19s
Details
Traefik (Noble) / Traefik [arm64] (push) Successful in 1m27s
Details
Traefik (Noble) / Traefik [amd64] (push) Successful in 1m29s
Details
Traefik (Trixie) / Traefik [arm64] (push) Successful in 1m7s
Details
Traefik (Trixie) / Traefik [amd64] (push) Successful in 1m17s
Details
Initialize Git Repository: 'Traefik'
2026-01-26 06:10:48 +01:00

85 lines
3.4 KiB
Bash
Raw Permalink Blame History

#!/usr/bin/bash
#
# Export the certificates and keys from 'acme.json'
#
###
#
# Options Section
#
###
set -e
set -u
set -o pipefail
###
#
# Variables Section
#
###
source '/etc/traefik/acme/acme.env'
ACME_STORAGE="${ACME_STORAGE:='/var/lib/traefik/acme'}"
ACME_DATABASE="${ACME_DATABASE:='/var/lib/traefik/acme.json'}"
###
#
# Runtime Environment
#
###
if [[ "${EUID}" -ne '0' && "${USER}" != 'traefik' ]]; then
/usr/bin/echo -e 'Error: Permission Denied'
exit 1
fi
if [[ -d "${ACME_STORAGE}" ]]; then
/usr/bin/rm --force --recursive "${ACME_STORAGE}"
fi
/usr/bin/install --directory --group='traefik' --mode='0700' --owner='traefik' "${ACME_STORAGE}"
for RESOLVER in $(/usr/bin/jq --raw-output --exit-status 'keys[]' "${ACME_DATABASE}"); do
ACCOUNT=$(/usr/bin/jq --raw-output --arg resolver "${RESOLVER}" --exit-status '.[$resolver].Account.PrivateKey' "${ACME_DATABASE}")
/usr/bin/install --directory --group='traefik' --mode='0700' --owner='traefik' "${ACME_STORAGE}/.${RESOLVER}"
/usr/bin/echo -e "-----BEGIN RSA PRIVATE KEY-----\n${ACCOUNT}\n-----END RSA PRIVATE KEY-----" | \
/usr/bin/openssl 'rsa' -inform 'pem' -out "${ACME_STORAGE}/.${RESOLVER}/account.key" &> '/dev/null'
/usr/bin/chmod '0400' "${ACME_STORAGE}/.${RESOLVER}/account.key"
/usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/.${RESOLVER}/account.key"
for DOMAIN in $(/usr/bin/jq --raw-output --arg resolver "${RESOLVER}" --exit-status '.[$resolver].Certificates[].domain.main' "${ACME_DATABASE}"); do
CERTIFICATE=$(/usr/bin/jq --raw-output --arg resolver "${RESOLVER}" --arg domain "${DOMAIN}" --exit-status '.[$resolver].Certificates[] | select (.domain.main == $domain ) | .certificate' "${ACME_DATABASE}")
KEY=$(/usr/bin/jq --raw-output --arg resolver "${RESOLVER}" --arg domain "${DOMAIN}" --exit-status '.[$resolver].Certificates[] | select (.domain.main == $domain ) | .key' "${ACME_DATABASE}")
/usr/bin/install --directory --group='traefik' --mode='0700' --owner='traefik' "${ACME_STORAGE}/${DOMAIN}"
case "${RESOLVER}" in
*rsa*)
/usr/bin/install --directory --group='traefik' --mode='0700' --owner='traefik' "${ACME_STORAGE}/${DOMAIN}/rsa"
/usr/bin/echo "${CERTIFICATE}" | \
/usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/rsa/root.crt"
/usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/rsa/root.crt"
/usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/${DOMAIN}/rsa/root.crt"
/usr/bin/echo "${KEY}" | \
/usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/rsa/root.key"
/usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/rsa/root.key"
/usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/${DOMAIN}/rsa/root.key"
;;
*ecdsa*)
/usr/bin/install --directory --group='traefik' --mode='0700' --owner='traefik' "${ACME_STORAGE}/${DOMAIN}/ecc"
/usr/bin/echo "${CERTIFICATE}" | \
/usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/ecc/root.crt"
/usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/ecc/root.crt"
/usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/${DOMAIN}/ecc/root.crt"
/usr/bin/echo "${KEY}" | \
/usr/bin/base64 --decode > "${ACME_STORAGE}/${DOMAIN}/ecc/root.key"
/usr/bin/chmod '0400' "${ACME_STORAGE}/${DOMAIN}/ecc/root.key"
/usr/bin/chown 'traefik':'traefik' "${ACME_STORAGE}/${DOMAIN}/ecc/root.key"
;;
esac
done
done
View Git Blame Copy Permalink