colben/docker
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
colben
2025-11-06 18:44:27 +08:00
parent a607719b46
commit f6eb48fc91
3 changed files with 78 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
letsencrypt/Demo/SingleNode/README.md
View File

@@ -14,17 +14,18 @@
- 调用腾讯云接口设置/更新 TXT 解析记录 - 调用腾讯云接口设置/更新 TXT 解析记录
``` ```
cp tencent-api.sh letsencrypt-wildcard/etc/manual-hook.sh cp tencent-api.sh letsencrypt-wildcard/etc/manual-hook.sh
# 修改脚本,替换成自己的阿里云 access key 信息 # 修改脚本,替换成自己的腾讯云 secret 信息
#ACCESS_KEY_ID='aliyun access key id' #export TENCENTCLOUD_SECRET_ID='tencent secret id'
#ACCESS_KEY_SECRET='aliyun access key secret' #export TENCENTCLOUD_SECRET_KEY='tencent secret key'
``` ```
- 调用阿里云接口设置/更新 TXT 解析记录 - 调用阿里云接口设置/更新 TXT 解析记录
``` ```
cp aliyun-api.sh letsencrypt-wildcard/etc/manual-hook.sh cp aliyun-api.sh letsencrypt-wildcard/etc/manual-hook.sh
# 修改脚本,替换成自己的腾讯云 secret 信息 # 修改脚本,替换成自己的阿里云的 region 和 access key 信息
#SECRET_ID='tencent secret id' #REGION=cn-beijing
#SECRET_KEY='tencent secret key' #ACCESS_KEY_ID='aliyun access key id'
#ACCESS_KEY_SECRET='aliyun access key secret'
``` ```
- 手动启动,等待容器停止后,证书申请完成 - 手动启动,等待容器停止后,证书申请完成

150
letsencrypt/Demo/SingleNode/aliyun-api.sh
View File

@@ -1,20 +1,21 @@
#!/bin/bash #!/bin/bash
#========================================= #=========================================
# Author : Colben # Author : Colben
# Create : 2022-04-11 19:48 # Create : 2025-11-06 15:43
#========================================= #=========================================
set -euo pipefail set -euo pipefail
export LANG=en_US.UTF-8 export LANG=en_US.UTF-8
trap Quit EXIT trap Quit EXIT
REGION=cn-beijing
ACCESS_KEY_ID='aliyun access key id' ACCESS_KEY_ID='aliyun access key id'
ACCESS_KEY_SECRET='aliyun access key secret' ACCESS_KEY_SECRET='aliyun access key secret'
DOMAIN=$CERTBOT_DOMAIN DOMAIN=$CERTBOT_DOMAIN
SUB_DOMAIN=_acme-challenge SUB_DOMAIN=_acme-challenge
RECORD_ID= RECORD_ID=
RECORD_VA=$CERTBOT_VALIDATION RECORD_VA=$CERTBOT_VALIDATION
PID_FILE=/tmp/$(basename ${0%.sh}).pid RECORD="txt record: $SUB_DOMAIN.$DOMAIN"
if [ -t 0 ]; then if [ -t 0 ]; then
function Print { echo -e "\033[32;1m$(date +'[%F %T]') $*\033[0m"; } function Print { echo -e "\033[32;1m$(date +'[%F %T]') $*\033[0m"; }
@@ -35,118 +36,69 @@ function Quit {
sleep 30 sleep 30
} }
function GetSignature { function SetAK {
local uriEncoded="GET&%2F&$(echo "$1" | sed -e 's/=/%3D/g' -e 's/:/%253A/g' -e 's/&/%26/g')" Warn Setting AK with regin: $REGION ...
local sha1Str=$(echo -n "$uriEncoded" | openssl dgst -sha1 -hmac "$ACCESS_KEY_SECRET&" -binary) aliyun configure set \
echo -n "$sha1Str" | base64 | sed -e 's/=/%3D/g' -e 's/+/%2B/g' -e 's,/,%2F,g' --mode AK \
--access-key-id $ACCESS_KEY_ID \
--access-key-secret $ACCESS_KEY_SECRET \
--region $REGION
} }
function ListRecord { function GetTxtRecord {
Warn Get request uri ...
local sign=
local resp= local resp=
local uri="AccessKeyId=$ACCESS_KEY_ID" Warn Getting $RECORD ...
uri="${uri}&Action=DescribeDomainRecords" if resp=$(aliyun alidns DescribeSubDomainRecords \
uri="${uri}&DomainName=$DOMAIN" --SubDomain $SUB_DOMAIN.$DOMAIN \
uri="${uri}&Format=JSON" --Type TXT); then
uri="${uri}&KeyWord=$SUB_DOMAIN" [ '1' != "$(jq -rM .TotalCount)" ] && warn Not found $RECORD! && return 0
uri="${uri}&SearchMode=EXACT" RECORD_ID=$(echo $resp | jq -rM .DomainRecords.Record[0].RecordId)
uri="${uri}&SignatureMethod=HMAC-SHA1" else
uri="${uri}&SignatureNonce=$RANDOM" echo "$resp"
uri="${uri}&SignatureVersion=1.0" Error Failed to get $RECORD!
uri="${uri}&Timestamp=$(date +'%FT%TZ' -d'8 hours ago')" fi
uri="${uri}&Type=TXT"
uri="${uri}&Version=2015-01-09"
sign=$(GetSignature "$uri")
Warn List record ...
resp=$(curl -sSL -XGET "http://alidns.aliyuncs.com/?$uri&Signature=$sign" | jq -eM .)
RECORD_ID=$(echo $resp | jq -crM .DomainRecords.Record[].RecordId)
[ 'null' == "$RECORD_ID" ] && echo "$resp" && exit 1
return 0
} }
function CreateRecord { function CreateTxtRecord {
Warn Get request uri ... Warn Creating $RECORD ...
local sign= aliyun alidns AddDomainRecord \
local resp= --DomainName $DOMAIN \
local uri="AccessKeyId=$ACCESS_KEY_ID" --RR $SUB_DOMAIN \
uri="${uri}&Action=AddDomainRecord" --Type TXT \
uri="${uri}&DomainName=$DOMAIN" --Value $RECORD_VA \
uri="${uri}&Format=JSON" && Print Succeeded to create $RECORD. \
uri="${uri}&RR=$SUB_DOMAIN" && return 0
uri="${uri}&SignatureMethod=HMAC-SHA1" Error Failed to create $RECORD!
uri="${uri}&SignatureNonce=$RANDOM"
uri="${uri}&SignatureVersion=1.0"
uri="${uri}&Timestamp=$(date +'%FT%TZ' -d'8 hours ago')"
uri="${uri}&Type=TXT"
uri="${uri}&Value=$RECORD_VA"
uri="${uri}&Version=2015-01-09"
sign=$(GetSignature "$uri")
Warn Create sub_domain: $SUB_DOMAIN with value: $RECORD_VA ...
resp=$(curl -sSL -XGET "http://alidns.aliyuncs.com/?$uri&Signature=$sign" | jq -eM .)
[ 'null' != "$(echo $resp | jq -crM .Message)" ] && echo "$resp" && exit 1
return 0
} }
function ModifyRecord { function ModifyRecord {
Warn Get request uri ... Warn Modifying $RECORD ...
local sign= aliyun alidns UpdateDomainRecord \
local resp= --RecordId $RECORD_ID \
local uri="AccessKeyId=$ACCESS_KEY_ID" --RR $SUB_DOMAIN \
uri="${uri}&Action=UpdateDomainRecord" --Type TXT \
uri="${uri}&DomainName=$DOMAIN" --Value $RECORD_VA \
uri="${uri}&Format=JSON" && Print Succeeded to modify $RECORD. \
uri="${uri}&RR=$SUB_DOMAIN" && return 0
uri="${uri}&RecordId=$RECORD_ID" Error Failed to modify $RECORD!
uri="${uri}&SignatureMethod=HMAC-SHA1"
uri="${uri}&SignatureNonce=$RANDOM"
uri="${uri}&SignatureVersion=1.0"
uri="${uri}&Timestamp=$(date +'%FT%TZ' -d'8 hours ago')"
uri="${uri}&Type=TXT"
uri="${uri}&Value=$RECORD_VA"
uri="${uri}&Version=2015-01-09"
sign=$(GetSignature "$uri")
Warn Modify record: $RECORD_ID with value: $RECORD_VA ...
resp=$(curl -sSL -XGET "http://alidns.aliyuncs.com/?$uri&Signature=$sign" | jq -eM .)
[ 'null' != "$(echo $resp | jq -crM .Message)" ] && echo "$resp" && exit 1
return 0
} }
function DeleteRecord { function DeleteRecord {
Warn Get request uri ... Warn Deleting $RECORD ...
local sign= aliyun alidns DeleteDomainRecord \
local resp= --RecordId $RECORD_ID \
local uri="AccessKeyId=$ACCESS_KEY_ID" && Print Succeeded to delete $RECORD. \
uri="${uri}&Action=DeleteDomainRecord" && return 0
uri="${uri}&DomainName=$DOMAIN" Error Failed to delete $RECORD!
uri="${uri}&Format=JSON"
uri="${uri}&RecordId=$RECORD_ID"
uri="${uri}&SignatureMethod=HMAC-SHA1"
uri="${uri}&SignatureNonce=$RANDOM"
uri="${uri}&SignatureVersion=1.0"
uri="${uri}&Timestamp=$(date +'%FT%TZ' -d'8 hours ago')"
uri="${uri}&Version=2015-01-09"
sign=$(GetSignature "$uri")
Warn Delete record $RECORD_ID ...
resp=$(curl -sSL -XGET "http://alidns.aliyuncs.com/?$uri&Signature=$sign" | jq -eM .)
[ 'null' != "$(echo $resp | jq -crM .Message)" ] && echo "$resp" && exit 1
return 0
} }
function Main { function Main {
[ -e "$PID_FILE" ] && Error Pid file $PID_FILE already exists, quit! trap Quit EXIT
echo $$ > $PID_FILE SetAK
for _ in {1..5}; do GetTxtRecord
ListRecord || continue [ -z "$RECORD_ID" ] && CreateTxtRecord
if [ -z "$RECORD_ID" ]; then [ -z "$RECORD_ID" ] || ModifyTxtRecord
CreateRecord || continue
else
ModifyRecord || continue
fi
END=1 END=1
return 0
done
return 1
} }
# Start here # Start here

45
letsencrypt/Demo/SingleNode/tencent-api.sh
View File

@@ -14,18 +14,17 @@ DOMAIN=$CERTBOT_DOMAIN
SUB_DOMAIN=_acme-challenge SUB_DOMAIN=_acme-challenge
RECORD_ID= RECORD_ID=
RECORD_VA=$CERTBOT_VALIDATION RECORD_VA=$CERTBOT_VALIDATION
RECORD="txt record: $SUB_DOMAIN.$DOMAIN"
if [ -t 0 ]; then if [ -t 0 ]; then
function Print { echo -e "\033[36;1m$(date +'[%F %T]')\033[32;1m $*\033[0m"; } function Print { echo -e "\033[36;1m$(date +'[%F %T]')\033[32;1m $*\033[0m"; }
function Warn { echo -e "\033[36;1m$(date +'[%F %T]')\033[33;1m $*\033[0m"; } function Warn { echo -e "\033[36;1m$(date +'[%F %T]')\033[33;1m $*\033[0m"; }
function Error { echo -e "\033[36;1m$(date +'[%F %T]')\033[31;1m $*\033[0m"; exit 1; } function Error { echo -e "\033[36;1m$(date +'[%F %T]')\033[31;1m $*\033[0m"; exit 1; }
function ErrorOnly { echo -e "\033[36;1m$(date +'[%F %T]')\033[31;1m $*\033[0m"; }
else else
#exec &> /var/log/$(basename ${0%.sh}).out #exec &> /var/log/$(basename ${0%.sh}).out
function Print { echo -e "$(date +'[%F %T INFO]') $*"; } function Print { echo -e "$(date +'[%F %T INFO]') $*"; }
function Warn { echo -e "$(date +'[%F %T WARN]') $*"; } function Warn { echo -e "$(date +'[%F %T WARN]') $*"; }
function Error { echo -e "$(date +'[%F %T ERROR]') $*"; exit 1; } function Error { echo -e "$(date +'[%F %T ERROR]') $*"; exit 1; }
function ErrorOnly { echo -e "$(date +'[%F %T ERROR]') $*"; }
fi fi
function Quit { function Quit {
@@ -37,60 +36,53 @@ function Quit {
} }
function GetTxtRecord { function GetTxtRecord {
local record="txt record: $SUB_DOMAIN.$DOMAIN"
local err=
local resp= local resp=
Warn Getting $record ... Warn Getting $RECORD ...
resp=$(tccli dnspod DescribeRecordList \ if resp=$(tccli dnspod DescribeRecordList \
--Domain $DOMAIN \ --Domain $DOMAIN \
--Subdomain $SUB_DOMAIN \ --Subdomain $SUB_DOMAIN \
--RecordType TXT) || err=$? --RecordType TXT); then
[ '255' == "$err" ] \
&& Warn Not found $record! \
&& return 0
[ -n "$err" ] \
&& echo "$resp" \
&& ErrorOnly Failed to get $record! \
&& return $err
RECORD_ID=$(echo $resp | jq -rM ".RecordList[0].RecordId") RECORD_ID=$(echo $resp | jq -rM ".RecordList[0].RecordId")
else
[ '255' == "$?" ] && Warn Not found $RECORD! && return 0
echo "$resp"
Error Failed to get $RECORD!
fi
} }
function CreateTxtRecord { function CreateTxtRecord {
local record="txt record: $SUB_DOMAIN.$DOMAIN" Warn Creating $RECORD ...
Warn Creating $record ...
tccli dnspod CreateTXTRecord \ tccli dnspod CreateTXTRecord \
--Domain $DOMAIN \ --Domain $DOMAIN \
--SubDomain $SUB_DOMAIN \ --SubDomain $SUB_DOMAIN \
--RecordLine '默认' \ --RecordLine '默认' \
--Value $RECORD_VA \ --Value $RECORD_VA \
&& Print Succeeded to create $record. \ && Print Succeeded to create $RECORD. \
&& return 0 && return 0
ErrorOnly Failed to create $record! Error Failed to create $RECORD!
} }
function ModifyTxtRecord { function ModifyTxtRecord {
local record="txt record: $SUB_DOMAIN.$DOMAIN" Warn Modifying $RECORD ...
Warn Modifying $record ...
tccli dnspod ModifyTXTRecord \ tccli dnspod ModifyTXTRecord \
--Domain $DOMAIN \ --Domain $DOMAIN \
--SubDomain $SUB_DOMAIN \ --SubDomain $SUB_DOMAIN \
--RecordId $RECORD_ID \ --RecordId $RECORD_ID \
--RecordLine '默认' \ --RecordLine '默认' \
--Value $RECORD_VA \ --Value $RECORD_VA \
&& Print Succeeded to modify $record. \ && Print Succeeded to modify $RECORD. \
&& return 0 && return 0
ErrorOnly Failed to modify $record! Error Failed to modify $RECORD!
} }
function DeleteRecord { function DeleteRecord {
local record="record: $SUB_DOMAIN.$DOMAIN" Warn Deleting $RECORD ...
Warn Deleting $record ...
tccli dnspod DeleteRecord \ tccli dnspod DeleteRecord \
--Domain $DOMAIN \ --Domain $DOMAIN \
--RecordId $RECORD_ID \ --RecordId $RECORD_ID \
&& Print Succeeded to delete $record. \ && Print Succeeded to delete $RECORD. \
&& return 0 && return 0
ErrorOnly Failed to delete $record! Error Failed to delete $RECORD!
} }
function Main { function Main {
@@ -99,7 +91,6 @@ function Main {
[ -z "$RECORD_ID" ] && CreateTxtRecord [ -z "$RECORD_ID" ] && CreateTxtRecord
[ -z "$RECORD_ID" ] || ModifyTxtRecord [ -z "$RECORD_ID" ] || ModifyTxtRecord
END=1 END=1
return 0
} }
# Start here # Start here