colben/docker
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
colben
2025-11-06 18:44:27 +08:00
parent a607719b46
commit f6eb48fc91
3 changed files with 78 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
letsencrypt/Demo/SingleNode/README.md
View File

@@ -14,17 +14,18 @@
- 调用腾讯云接口设置/更新 TXT 解析记录
```
cp tencent-api.sh letsencrypt-wildcard/etc/manual-hook.sh
# 修改脚本,替换成自己的阿里云 access key 信息
#ACCESS_KEY_ID='aliyun access key id'
#ACCESS_KEY_SECRET='aliyun access key secret'
# 修改脚本,替换成自己的腾讯云 secret 信息
#export TENCENTCLOUD_SECRET_ID='tencent secret id'
#export TENCENTCLOUD_SECRET_KEY='tencent secret key'
```
- 调用阿里云接口设置/更新 TXT 解析记录
```
cp aliyun-api.sh letsencrypt-wildcard/etc/manual-hook.sh
# 修改脚本,替换成自己的腾讯云 secret 信息
#SECRET_ID='tencent secret id'
#SECRET_KEY='tencent secret key'
# 修改脚本,替换成自己的阿里云的 region 和 access key 信息
#REGION=cn-beijing
#ACCESS_KEY_ID='aliyun access key id'
#ACCESS_KEY_SECRET='aliyun access key secret'
```
- 手动启动,等待容器停止后,证书申请完成

150
letsencrypt/Demo/SingleNode/aliyun-api.sh
View File

@@ -1,20 +1,21 @@
#!/bin/bash
#=========================================
# Author : Colben
# Create : 2022-04-11 19:48
# Create : 2025-11-06 15:43
#=========================================
set -euo pipefail
export LANG=en_US.UTF-8
trap Quit EXIT
REGION=cn-beijing
ACCESS_KEY_ID='aliyun access key id'
ACCESS_KEY_SECRET='aliyun access key secret'
DOMAIN=$CERTBOT_DOMAIN
SUB_DOMAIN=_acme-challenge
RECORD_ID=
RECORD_VA=$CERTBOT_VALIDATION
PID_FILE=/tmp/$(basename ${0%.sh}).pid
RECORD="txt record: $SUB_DOMAIN.$DOMAIN"
if [ -t 0 ]; then
function Print { echo -e "\033[32;1m$(date +'[%F %T]') $*\033[0m"; }
@@ -35,118 +36,69 @@ function Quit {
sleep 30
}
function GetSignature {
local uriEncoded="GET&%2F&$(echo "$1" | sed -e 's/=/%3D/g' -e 's/:/%253A/g' -e 's/&/%26/g')"
local sha1Str=$(echo -n "$uriEncoded" | openssl dgst -sha1 -hmac "$ACCESS_KEY_SECRET&" -binary)
echo -n "$sha1Str" | base64 | sed -e 's/=/%3D/g' -e 's/+/%2B/g' -e 's,/,%2F,g'
function SetAK {
Warn Setting AK with regin: $REGION ...
aliyun configure set \
--mode AK \
--access-key-id $ACCESS_KEY_ID \
--access-key-secret $ACCESS_KEY_SECRET \
--region $REGION
}
function ListRecord {
Warn Get request uri ...
local sign=
function GetTxtRecord {
local resp=
local uri="AccessKeyId=$ACCESS_KEY_ID"
uri="${uri}&Action=DescribeDomainRecords"
uri="${uri}&DomainName=$DOMAIN"
uri="${uri}&Format=JSON"
uri="${uri}&KeyWord=$SUB_DOMAIN"
uri="${uri}&SearchMode=EXACT"
uri="${uri}&SignatureMethod=HMAC-SHA1"
uri="${uri}&SignatureNonce=$RANDOM"
uri="${uri}&SignatureVersion=1.0"
uri="${uri}&Timestamp=$(date +'%FT%TZ' -d'8 hours ago')"
uri="${uri}&Type=TXT"
uri="${uri}&Version=2015-01-09"
sign=$(GetSignature "$uri")
Warn List record ...
resp=$(curl -sSL -XGET "http://alidns.aliyuncs.com/?$uri&Signature=$sign" | jq -eM .)
RECORD_ID=$(echo $resp | jq -crM .DomainRecords.Record[].RecordId)
[ 'null' == "$RECORD_ID" ] && echo "$resp" && exit 1
return 0
Warn Getting $RECORD ...
if resp=$(aliyun alidns DescribeSubDomainRecords \
--SubDomain $SUB_DOMAIN.$DOMAIN \
--Type TXT); then
[ '1' != "$(jq -rM .TotalCount)" ] && warn Not found $RECORD! && return 0
RECORD_ID=$(echo $resp | jq -rM .DomainRecords.Record[0].RecordId)
else
echo "$resp"
Error Failed to get $RECORD!
fi
}
function CreateRecord {
Warn Get request uri ...
local sign=
local resp=
local uri="AccessKeyId=$ACCESS_KEY_ID"
uri="${uri}&Action=AddDomainRecord"
uri="${uri}&DomainName=$DOMAIN"
uri="${uri}&Format=JSON"
uri="${uri}&RR=$SUB_DOMAIN"
uri="${uri}&SignatureMethod=HMAC-SHA1"
uri="${uri}&SignatureNonce=$RANDOM"
uri="${uri}&SignatureVersion=1.0"
uri="${uri}&Timestamp=$(date +'%FT%TZ' -d'8 hours ago')"
uri="${uri}&Type=TXT"
uri="${uri}&Value=$RECORD_VA"
uri="${uri}&Version=2015-01-09"
sign=$(GetSignature "$uri")
Warn Create sub_domain: $SUB_DOMAIN with value: $RECORD_VA ...
resp=$(curl -sSL -XGET "http://alidns.aliyuncs.com/?$uri&Signature=$sign" | jq -eM .)
[ 'null' != "$(echo $resp | jq -crM .Message)" ] && echo "$resp" && exit 1
return 0
function CreateTxtRecord {
Warn Creating $RECORD ...
aliyun alidns AddDomainRecord \
--DomainName $DOMAIN \
--RR $SUB_DOMAIN \
--Type TXT \
--Value $RECORD_VA \
&& Print Succeeded to create $RECORD. \
&& return 0
Error Failed to create $RECORD!
}
function ModifyRecord {
Warn Get request uri ...
local sign=
local resp=
local uri="AccessKeyId=$ACCESS_KEY_ID"
uri="${uri}&Action=UpdateDomainRecord"
uri="${uri}&DomainName=$DOMAIN"
uri="${uri}&Format=JSON"
uri="${uri}&RR=$SUB_DOMAIN"
uri="${uri}&RecordId=$RECORD_ID"
uri="${uri}&SignatureMethod=HMAC-SHA1"
uri="${uri}&SignatureNonce=$RANDOM"
uri="${uri}&SignatureVersion=1.0"
uri="${uri}&Timestamp=$(date +'%FT%TZ' -d'8 hours ago')"
uri="${uri}&Type=TXT"
uri="${uri}&Value=$RECORD_VA"
uri="${uri}&Version=2015-01-09"
sign=$(GetSignature "$uri")
Warn Modify record: $RECORD_ID with value: $RECORD_VA ...
resp=$(curl -sSL -XGET "http://alidns.aliyuncs.com/?$uri&Signature=$sign" | jq -eM .)
[ 'null' != "$(echo $resp | jq -crM .Message)" ] && echo "$resp" && exit 1
return 0
Warn Modifying $RECORD ...
aliyun alidns UpdateDomainRecord \
--RecordId $RECORD_ID \
--RR $SUB_DOMAIN \
--Type TXT \
--Value $RECORD_VA \
&& Print Succeeded to modify $RECORD. \
&& return 0
Error Failed to modify $RECORD!
}
function DeleteRecord {
Warn Get request uri ...
local sign=
local resp=
local uri="AccessKeyId=$ACCESS_KEY_ID"
uri="${uri}&Action=DeleteDomainRecord"
uri="${uri}&DomainName=$DOMAIN"
uri="${uri}&Format=JSON"
uri="${uri}&RecordId=$RECORD_ID"
uri="${uri}&SignatureMethod=HMAC-SHA1"
uri="${uri}&SignatureNonce=$RANDOM"
uri="${uri}&SignatureVersion=1.0"
uri="${uri}&Timestamp=$(date +'%FT%TZ' -d'8 hours ago')"
uri="${uri}&Version=2015-01-09"
sign=$(GetSignature "$uri")
Warn Delete record $RECORD_ID ...
resp=$(curl -sSL -XGET "http://alidns.aliyuncs.com/?$uri&Signature=$sign" | jq -eM .)
[ 'null' != "$(echo $resp | jq -crM .Message)" ] && echo "$resp" && exit 1
return 0
Warn Deleting $RECORD ...
aliyun alidns DeleteDomainRecord \
--RecordId $RECORD_ID \
&& Print Succeeded to delete $RECORD. \
&& return 0
Error Failed to delete $RECORD!
}
function Main {
[ -e "$PID_FILE" ] && Error Pid file $PID_FILE already exists, quit!
echo $$ > $PID_FILE
for _ in {1..5}; do
ListRecord || continue
if [ -z "$RECORD_ID" ]; then
CreateRecord || continue
else
ModifyRecord || continue
fi
trap Quit EXIT
SetAK
GetTxtRecord
[ -z "$RECORD_ID" ] && CreateTxtRecord
[ -z "$RECORD_ID" ] || ModifyTxtRecord
END=1
return 0
done
return 1
}
# Start here

45
letsencrypt/Demo/SingleNode/tencent-api.sh
View File

@@ -14,18 +14,17 @@ DOMAIN=$CERTBOT_DOMAIN
SUB_DOMAIN=_acme-challenge
RECORD_ID=
RECORD_VA=$CERTBOT_VALIDATION
RECORD="txt record: $SUB_DOMAIN.$DOMAIN"
if [ -t 0 ]; then
function Print { echo -e "\033[36;1m$(date +'[%F %T]')\033[32;1m $*\033[0m"; }
function Warn { echo -e "\033[36;1m$(date +'[%F %T]')\033[33;1m $*\033[0m"; }
function Error { echo -e "\033[36;1m$(date +'[%F %T]')\033[31;1m $*\033[0m"; exit 1; }
function ErrorOnly { echo -e "\033[36;1m$(date +'[%F %T]')\033[31;1m $*\033[0m"; }
else
#exec &> /var/log/$(basename ${0%.sh}).out
function Print { echo -e "$(date +'[%F %T INFO]') $*"; }
function Warn { echo -e "$(date +'[%F %T WARN]') $*"; }
function Error { echo -e "$(date +'[%F %T ERROR]') $*"; exit 1; }
function ErrorOnly { echo -e "$(date +'[%F %T ERROR]') $*"; }
fi
function Quit {
@@ -37,60 +36,53 @@ function Quit {
}
function GetTxtRecord {
local record="txt record: $SUB_DOMAIN.$DOMAIN"
local err=
local resp=
Warn Getting $record ...
resp=$(tccli dnspod DescribeRecordList \
Warn Getting $RECORD ...
if resp=$(tccli dnspod DescribeRecordList \
--Domain $DOMAIN \
--Subdomain $SUB_DOMAIN \
--RecordType TXT) || err=$?
[ '255' == "$err" ] \
&& Warn Not found $record! \
&& return 0
[ -n "$err" ] \
&& echo "$resp" \
&& ErrorOnly Failed to get $record! \
&& return $err
--RecordType TXT); then
RECORD_ID=$(echo $resp | jq -rM ".RecordList[0].RecordId")
else
[ '255' == "$?" ] && Warn Not found $RECORD! && return 0
echo "$resp"
Error Failed to get $RECORD!
fi
}
function CreateTxtRecord {
local record="txt record: $SUB_DOMAIN.$DOMAIN"
Warn Creating $record ...
Warn Creating $RECORD ...
tccli dnspod CreateTXTRecord \
--Domain $DOMAIN \
--SubDomain $SUB_DOMAIN \
--RecordLine '默认' \
--Value $RECORD_VA \
&& Print Succeeded to create $record. \
&& Print Succeeded to create $RECORD. \
&& return 0
ErrorOnly Failed to create $record!
Error Failed to create $RECORD!
}
function ModifyTxtRecord {
local record="txt record: $SUB_DOMAIN.$DOMAIN"
Warn Modifying $record ...
Warn Modifying $RECORD ...
tccli dnspod ModifyTXTRecord \
--Domain $DOMAIN \
--SubDomain $SUB_DOMAIN \
--RecordId $RECORD_ID \
--RecordLine '默认' \
--Value $RECORD_VA \
&& Print Succeeded to modify $record. \
&& Print Succeeded to modify $RECORD. \
&& return 0
ErrorOnly Failed to modify $record!
Error Failed to modify $RECORD!
}
function DeleteRecord {
local record="record: $SUB_DOMAIN.$DOMAIN"
Warn Deleting $record ...
Warn Deleting $RECORD ...
tccli dnspod DeleteRecord \
--Domain $DOMAIN \
--RecordId $RECORD_ID \
&& Print Succeeded to delete $record. \
&& Print Succeeded to delete $RECORD. \
&& return 0
ErrorOnly Failed to delete $record!
Error Failed to delete $RECORD!
}
function Main {
@@ -99,7 +91,6 @@ function Main {
[ -z "$RECORD_ID" ] && CreateTxtRecord
[ -z "$RECORD_ID" ] || ModifyTxtRecord
END=1
return 0
}
# Start here