administrator/frigate
1
0
Fork 0
mirror of https://github.com/blakeblackshear/frigate.git synced 2026-02-11 13:45:25 +03:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

make certsync more resilient

Browse Source
This commit is contained in:
Blake Blackshear 2024-06-01 10:17:36 -05:00
parent e7adadc853
commit ed743fb0e8
1 changed files with 9 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
docker/main/rootfs/etc/s6-overlay/s6-rc.d/certsync/run
View File

@ -10,48 +10,42 @@ echo "[INFO] Starting certsync..."
lefile="/etc/letsencrypt/live/frigate/fullchain.pem"
if [ ! -e $lefile ]
then
echo "[ERROR] TLS certificate does not exist: $lefile"
exit 1
fi
while true
do
leprint=`openssl x509 -in $lefile -fingerprint -noout`
if [ ! -e $lefile ]
then
echo "[ERROR] TLS certificate does not exist: $lefile"
fi
leprint=`openssl x509 -in $lefile -fingerprint -noout || echo 'failed'`
case "$leprint" in
*Fingerprint*)
;;
*)
echo "[ERROR] Missing fingerprint from $lefile"
# exit 1
;;
esac
# i think this should work without '-servername "$domain"'
liveprint=`echo | openssl s_client -showcerts -connect 127.0.0.1:443 2>&1 | openssl x509 -fingerprint | grep -i fingerprint`
liveprint=`echo | openssl s_client -showcerts -connect 127.0.0.1:443 2>&1 | openssl x509 -fingerprint | grep -i fingerprint || echo 'failed'`
case "$liveprint" in
*Fingerprint*)
;;
*)
echo "[ERROR] Missing fingerprint from current TLS cert"
# exit 1
echo "[ERROR] Missing fingerprint from current nginx TLS cert"
;;
esac
if [ "$leprint" != "$liveprint" ]
if [[ "$leprint" != "failed" && "$liveprint" != "failed" && "$leprint" != "$liveprint" ]]
then
echo "[INFO] Reloading nginx to refresh TLS certificate"
echo "$lefile: $leprint"
/usr/local/nginx/sbin/nginx -s reload
fi
# certbot certonly --cert-name frigate --webroot -w /etc/letsencrypt/www --keep-until-expiring --deploy-hook "/usr/local/nginx/sbin/nginx -s reload"
sleep 60
done