Add nginx example configuration
[acme] / acmeconf
1 #! /usr/bin/perl
2
3 # This program is free software: you can redistribute it and/or modify
4 # it under the terms of the GNU General Public License as published by
5 # the Free Software Foundation, either version 3 of the License, or
6 # (at your option) any later version.
7 #
8 # This program is distributed in the hope that it will be useful,
9 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # GNU General Public License for more details.
12 #
13 # You should have received a copy of the GNU General Public License
14 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 #
16 # Copyright (C) 2016 - 2017 Raphaël Gertz <acme@rapsys.eu>
17
18 # Best practice
19 use strict;
20 use warnings;
21
22 # Load required modules
23 use JSON;
24 use Tie::IxHash;
25
26 # Load POSIX
27 use POSIX qw(EXIT_SUCCESS EXIT_FAILURE);
28
29 # Init redhat
30 my @redhat = ();
31
32 # Init debian
33 my @debian = ();
34
35 # Init root
36 my %root = ();
37 tie(%root, 'Tie::IxHash', thumbprint => '/etc/acme/thumbprint', term => 'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf', pending => '/tmp/acme.pending', certificates => []);
38
39 # Init prod
40 my $prod = 0;
41
42 # Strip and enable prod
43 @ARGV = map { if ($_ eq '-p') { $prod = 1; (); } else { $_; } } @ARGV;
44
45 use Data::Dumper;
46
47 # Strip and enable debug
48 for (my $i = 0; $i <= $#ARGV; $i++) {
49 # Match redhat types
50 if ($ARGV[$i] =~ /^(?:(\-r|\-\-redhat)(?:=([^-][a-zA-Z0-9_\.,-]+))?)$/) {
51 if (defined($2)) {
52 push(@redhat, [split(',', $2)]);
53 # Extract next parameter
54 } elsif(defined($ARGV[$i+1]) && $ARGV[$i+1] =~ /^([^-][a-zA-Z0-9_\.,-]+)$/) {
55 push(@redhat, [split(',', $1)]);
56 $i++;
57 # Set default
58 } else {
59 push(@redhat, ['www.example.com','example.com','...']);
60 }
61 # Match debian types
62 } elsif ($ARGV[$i] =~ /^(?:(\-d|\-\-debian)(?:=([^-][a-zA-Z0-9_\.,-]+))?)$/) {
63 if (defined($2)) {
64 push(@debian, [split(',', $2)]);
65 # Extract next parameter
66 } elsif(defined($ARGV[$i+1]) && $ARGV[$i+1] =~ /^([^-][a-zA-Z0-9_\.,-]+)$/) {
67 push(@debian, [split(',', $1)]);
68 $i++;
69 # Set default
70 } else {
71 push(@debian, ['www.example.com','example.com','...']);
72 }
73 # Match term
74 } elsif ($ARGV[$i] =~ /^(?:(\-t|\-\-term)(?:=(https:\/\/letsencrypt\.org\/documents\/[a-zA-Z0-9\._-]+\.pdf))?)$/) {
75 if (defined($2)) {
76 $root{term} = $2;
77 splice(@ARGV, $i, 1);
78 $i--;
79 # Extract next parameter
80 } elsif(defined($ARGV[$i+1]) && $ARGV[$i+1] =~ /^(https:\/\/letsencrypt\.org\/documents\/[a-zA-Z0-9\._-]+\.pdf)$/) {
81 $root{term} = $1;
82 splice(@ARGV, $i, 2);
83 $i--;
84 # Set default
85 } else {
86 print 'Term parameter without valid link'."\n";
87 exit EXIT_FAILURE;
88 }
89 }
90 }
91
92 # Show usage
93 if (scalar(@redhat) < 1 && scalar(@debian) < 1) {
94 print "Usage: $0 [(-d|--debian)[=example.com[,...]] [(-r|--redhat)[=example.com[,...]]] [(-t|--term)[=https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf]] [...] > /etc/acme/config\n";
95 exit EXIT_FAILURE;
96 }
97
98 # Append redhat style examples
99 for my $key (@redhat) {
100 my $domain = shift @{$key};
101 my @domains = $key;
102 tie(%{$root{certificates}[$#{$root{certificates}}+1]}, 'Tie::IxHash', (
103 # Public cert
104 #XXX: required
105 cert => '/etc/pki/tls/certs/'.$domain.'.pem',
106 # Private key
107 #XXX: required
108 key => '/etc/pki/tls/private/'.$domain.'.pem',
109 # Private account key
110 #XXX: required
111 account => '/etc/acme/account.pem',
112 # Mail address
113 #XXX: required
114 mail => 'webmaster@'.$domain,
115 # Root domain
116 #XXX: required
117 domain => $domain,
118 # Domain list
119 #XXX: required
120 domains => @domains,
121 # Production certificate
122 #XXX: optional
123 #XXX: set to 1 for production
124 prod => $prod
125 ));
126 }
127
128 # Append debian style examples
129 for my $key (@debian) {
130 my $domain = shift @{$key};
131 my @domains = $key;
132 tie(%{$root{certificates}[$#{$root{certificates}}+1]}, 'Tie::IxHash', (
133 # Public cert
134 #XXX: required
135 cert => '/etc/ssl/certs/'.$domain.'.crt',
136 # Private key
137 #XXX: required
138 key => '/etc/ssl/private/'.$domain.'.key',
139 # Private account key
140 #XXX: required
141 account => '/etc/acme/account.pem',
142 # Mail address
143 #XXX: required
144 mail => 'webmaster@'.$domain,
145 # Root domain
146 #XXX: required
147 domain => $domain,
148 # Domain list
149 #XXX: required
150 domains => @domains,
151 # Production certificate
152 #XXX: optional
153 #XXX: set to 1 for production
154 prod => $prod
155 ));
156 }
157
158 # Display configuration template
159 print to_json(\%root, {pretty => 1});
160
161 # Exit with success
162 exit EXIT_SUCCESS;