VA
/
va-proxy
1
0
Fork 0
Code Issues Pull Requests Projects Releases 2 Wiki Activity

first release

This commit is contained in:
Jörg Deckert 2023-02-14 08:22:24 +01:00
parent f5060ee22b
commit 2a88d082cb
8 changed files with 92 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
LICENSE
View File

@ -1,6 +1,6 @@
MIT License MIT License
Copyright (c) <year> <copyright holders> Copyright (c) 2023 Unitas Network GmbH
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

13
Makefile Normal file
View File

@ -0,0 +1,13 @@
cert-renew.sh = $(CHROOT)/etc/ssl/cert-renew.sh
systemd-units: appliance/cert-renew.service appliance/cert-renew.timer
mkdir -p $(CHROOT)/usr/local/bin
cp appliance/cert-renew.service appliance/cert-renew.timer $(CHROOT)/etc/systemd/system/
$(cert-renew.sh): appliance/cert-renew.sh
mkdir -p $(CHROOT)/etc/ssl
cp $< $@
preinstall:
postinstall: systemd-units $(cert-renew.sh)

2
README.md
View File

@ -1,3 +1,3 @@
# va-proxy # va-proxy
Web ProxyAppliance for the Gentoo Virtual Appliance Web proxy appliance for the Gentoo Virtual Appliance

8
appliance/cert-renew.service Normal file
View File

@ -0,0 +1,8 @@
[Unit]
Description=renew certificates from git store
RefuseManualStart=no
RefuseManualStop=yes
[Service]
Type=oneshot
ExecStart=/etc/ssl/cert-renew.sh

52
appliance/cert-renew.sh Executable file
View File

@ -0,0 +1,52 @@
#!/bin/bash
HOST="proxy"
TLD="example.com"
FQDN="$HOST.$TLD"
LABEL="DATA"
CERT_DIR=/$LABEL/CERTS
CERT_APACHE=/$LABEL/etc/ssl/apache2
GETREPO=""
GETUSER=""
GETPASS=""
function getCurrentVersion() {
# Get hash from latest revision
git log --format=format:%H -1
}
cd $CERT_DIR
if [ -z "$GETREPO" ]; then
GIT_REVISION=0
GIT_NEW_REVISION=1
cd $FQDN
elif [ ! -d "$FQDN" ]; then
GIT_REVISION=0
git clone "https://$GETUSER:$GETPASS@$GETREPO"
cd $FQDN
GIT_NEW_REVISION=$(getCurrentVersion)
else
cd $FQDN
GIT_REVISION=$(getCurrentVersion)
git commit -m "CRON: auto commit"
git fetch
git merge origin/master -m "Auto Merge"
GIT_NEW_REVISION=$(getCurrentVersion)
fi
echo "old: $GIT_REVISION"
echo "new: $GIT_NEW_REVISION"
if [ $GIT_REVISION != $GIT_NEW_REVISION ]
then
echo "Update Apache certificate..."
mkdir -p $CERT_APACHE
cp $CERT_DIR/$FQDN/$FQDN-fullchain.pem $CERT_APACHE/server.crt
cp $CERT_DIR/KEYS/$FQDN-key.pem $CERT_APACHE/server.key
echo "Restarting Apache..."
systemctl is-active --quiet apache2 && systemctl restart apache2
fi
exit 0

12
appliance/cert-renew.timer Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=renew certificates from git store
RefuseManualStart=no
RefuseManualStop=no
[Timer]
Persistent=false
OnCalendar=Sun *-*-* 04:03:00
Unit=cert-renew.service
[Install]
WantedBy=default.target

3
package.use Normal file
View File

@ -0,0 +1,3 @@
# Squid
net-proxy/squid caps pam ldap samba sasl kerberos radius ssl snmp logrotate ecap ssl-crtd perl tproxy
net-proxy/squidguard ldap

2
world Normal file
View File

@ -0,0 +1,2 @@
net-proxy/squid
net-proxy/squidguard