|
| 1 | +#!/usr/bin/env python |
| 2 | + |
| 3 | +### AutoSSL NGinx Symlink Update ### |
| 4 | + |
| 5 | +# This script checks to see if Cpanels Autossl has installed a new SSL certificate by looking to see if the latest certificate |
| 6 | +# in the users ssl folder has changed. If it has, it updates the symlinks for nginx so that it is using the latest ssl certificate. |
| 7 | +# Following this it restarts nginx to save the changes. |
| 8 | + |
| 9 | +# In order to use the script pass it the argument -u and the user to run the script for |
| 10 | + |
| 11 | + |
| 12 | + |
| 13 | +## Import sys in order to store any variables passed in the run command |
| 14 | + |
| 15 | +import sys, os, optparse, glob, errno, subprocess |
| 16 | + |
| 17 | +## Create option for user input |
| 18 | + |
| 19 | +parser = optparse.OptionParser() |
| 20 | +parser.add_option('-u', '--user', dest='user', help='The user to update nginx autoSSL for') |
| 21 | + |
| 22 | +(options, args) = parser.parse_args() |
| 23 | + |
| 24 | + |
| 25 | +## Check to see a user was submitted with command |
| 26 | + |
| 27 | +if options.user is None: |
| 28 | + |
| 29 | +# If user ask for a user and close |
| 30 | + print 'Please input user' |
| 31 | + sys.stdout.flush() |
| 32 | + sys.exit(0) |
| 33 | + |
| 34 | +else: |
| 35 | + |
| 36 | +# Define Variables for the current path of the symlinks, certificates/keys and the users directories housing the certificates/keys |
| 37 | + current_sym_cert = '/etc/nginx/symlinks/' + options.user + '_current_cert' |
| 38 | + current_sym_key = '/etc/nginx/symlinks/' + options.user + '_current_key' |
| 39 | + current_cert = os.path.realpath ( current_sym_cert ) |
| 40 | + current_key = os.path.realpath ( current_sym_key ) |
| 41 | + usrdir_cert = '/home/' + options.user + '/ssl/certs/' |
| 42 | + usrdir_key = '/home/' + options.user + '/ssl/keys/' |
| 43 | + |
| 44 | +# Use glob to find the most recent certificate file and the most recent key file from the users directory |
| 45 | + newest_cert = max(glob.iglob(os.path.join(usrdir_cert, '*.crt')), key=os.path.getctime) |
| 46 | + newest_key = max(glob.iglob(os.path.join(usrdir_key, '*.key')), key=os.path.getctime) |
| 47 | + |
| 48 | +# Check to see if the latest certificate and the latest key are both the same as the current ones, if so then exit |
| 49 | + if current_cert == newest_cert and current_key == newest_key: |
| 50 | + |
| 51 | + sys.exit(0) |
| 52 | + |
| 53 | +# Otherwise Update the symlinks to reference the latest key and certificate, then restart nginx by calling a bash script |
| 54 | + else: |
| 55 | + |
| 56 | + print 'AutoSSL nginx certificate and key symlinks require update\n' |
| 57 | + sys.stdout.flush() |
| 58 | + |
| 59 | +# Define function to be used in replacing symlinks, function trys to create the link and if it cant because one already exists it deletest the old one and |
| 60 | +# then trys to create it again. If it fails in creation due to another error then it prints the error. |
| 61 | + def symlink_force(target, link_name): |
| 62 | + |
| 63 | + try: |
| 64 | + |
| 65 | + os.symlink(target, link_name) |
| 66 | + |
| 67 | + except OSError, e: |
| 68 | + |
| 69 | + if e.errno == errno.EEXIST: |
| 70 | + os.remove(link_name) |
| 71 | + os.symlink(target, link_name) |
| 72 | + print 'Replaced Existing Symlink For: ',options.user |
| 73 | + sys.stdout.flush() |
| 74 | + |
| 75 | + else: |
| 76 | + raise e |
| 77 | + |
| 78 | +# Call symlink_force function to replace symlinks with symlinks to the latest certificates |
| 79 | + symlink_force(newest_cert, current_sym_cert) |
| 80 | + symlink_force(newest_key, current_sym_key) |
| 81 | + |
| 82 | +# Restart nginx by calling nginx_restart script |
| 83 | + print 'Attempt nginx restart\n' |
| 84 | + sys.stdout.flush() |
| 85 | + subprocess.call('/root/scripts/cron/nginx/nginx_restart') |
0 commit comments