mirror of
https://github.com/blakeblackshear/frigate.git
synced 2026-02-11 13:45:25 +03:00
59 lines
1.4 KiB
Plaintext
Executable File
59 lines
1.4 KiB
Plaintext
Executable File
#!/command/with-contenv bash
|
|
# shellcheck shell=bash
|
|
# Start the CERTSYNC service
|
|
|
|
set -o errexit -o nounset -o pipefail
|
|
|
|
# Logs should be sent to stdout so that s6 can collect them
|
|
|
|
echo "[INFO] Starting certsync..."
|
|
|
|
lefile="/etc/letsencrypt/live/frigate/fullchain.pem"
|
|
|
|
if [ ! -e $lefile ]
|
|
then
|
|
echo "[ERROR] TLS certificate does not exist: $lefile"
|
|
exit 1
|
|
fi
|
|
|
|
|
|
while true
|
|
do
|
|
|
|
leprint=`openssl x509 -in $lefile -fingerprint -noout`
|
|
|
|
case "$leprint" in
|
|
*Fingerprint*)
|
|
;;
|
|
*)
|
|
echo "[ERROR] Missing fingerprint from $lefile"
|
|
# exit 1
|
|
;;
|
|
esac
|
|
|
|
# i think this should work without '-servername "$domain"'
|
|
liveprint=`echo | openssl s_client -showcerts -connect 127.0.0.1:443 2>&1 | openssl x509 -fingerprint | grep -i fingerprint`
|
|
|
|
case "$liveprint" in
|
|
*Fingerprint*)
|
|
;;
|
|
*)
|
|
echo "[ERROR] Missing fingerprint from current TLS cert"
|
|
# exit 1
|
|
;;
|
|
esac
|
|
|
|
if [ "$leprint" != "$liveprint" ]
|
|
then
|
|
echo "[INFO] Reloading nginx to refresh TLS certificate"
|
|
echo "$lefile: $leprint"
|
|
/usr/local/nginx/sbin/nginx -s reload
|
|
fi
|
|
|
|
# certbot certonly --cert-name frigate --webroot -w /etc/letsencrypt/www --keep-until-expiring --deploy-hook "/usr/local/nginx/sbin/nginx -s reload"
|
|
|
|
sleep 60
|
|
|
|
done
|
|
|
|
exit 0 |