support vsftpd hook

2025-10-31 10:27:22 +00:00 · 2017-02-21 23:18:11 +08:00 · 2017-02-21 23:18:11 +08:00 · 6dfc8fe0ea
commit 6dfc8fe0ea
parent 044da37c95
2 changed files with 93 additions and 2 deletions
--- a/deploy/README.md
+++ b/deploy/README.md
@ -26,5 +26,25 @@ Before you can deploy your cert, you must [issue the cert first](https://github.

 (TODO)

+## 4. Deploy the cert to local vsftpd server.

+```sh
+acme.sh --deploy -d ftp.example.com --deploy-hook vsftpd
+```
+
+The default vsftpd conf file is `/etc/vsftpd.conf`,  if your vsftpd conf is not in the default location, you can specify one:
+
+```sh
+export DEPLOY_VSFTPD_CONF="/etc/vsftpd.conf"
+
+acme.sh --deploy -d ftp.example.com --deploy-hook vsftpd
+```
+
+The default command to restart vsftpd server is `service vsftpd restart`, if it doesn't work, you can specify one:
+
+```sh
+export DEPLOY_VSFTPD_RELOAD="/etc/init.d/vsftpd restart"
+
+acme.sh --deploy -d ftp.example.com --deploy-hook vsftpd
+```

--- a/deploy/vsftpd.sh
+++ b/deploy/vsftpd.sh
@ -4,6 +4,9 @@

 #returns 0 means success, otherwise error.

+#DEPLOY_VSFTPD_CONF="/etc/vsftpd.conf"
+#DEPLOY_VSFTPD_RELOAD="service vsftpd restart"
+
 ########  Public functions #####################

 #domain keyfile certfile cafile fullchain
@ -20,7 +23,75 @@ vsftpd_deploy() {
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"

-  _err "deploy cert to vsftpd server, Not implemented yet"
-  return 1
+  _ssl_path="/etc/acme.sh/vsftpd"
+  if ! mkdir -p "$_ssl_path"; then
+    _err "Can not create folder:$_ssl_path"
+    return 1
+  fi

+  DEFAULT_VSFTPD_CONF="/etc/vsftpd.conf"
+  _vsftpd_conf="${DEPLOY_VSFTPD_CONF:-$DEFAULT_VSFTPD_CONF}"
+
+  if [ ! -f "$_vsftpd_conf" ]; then
+    if [ -z "$DEPLOY_VSFTPD_CONF" ]; then
+      _err "vsftpd conf is not found, please define DEPLOY_VSFTPD_CONF"
+      return 1
+    else
+      _err "It seems that the specified vsftpd conf is not valid, please check."
+      return 1
+    fi 
+  fi
+
+  if [ ! -w "$_vsftpd_conf" ]; then
+    _err "The file $_vsftpd_conf is not writable, please change the permission."
+    return 1
+  fi
+
+  _backup_conf="$DOMAIN_BACKUP_PATH/vsftpd.conf.bak"
+  _info "Backup $_vsftpd_conf to $_backup_conf"
+  cp "$_vsftpd_conf" "$_backup_conf"
+  
+  _info "Copying key and cert"
+  _real_key="$_ssl_path/vsftpd.key"
+  if ! cat "$_ckey" >"$_real_key"; then
+    _err "Error: write key file to: $_real_key"
+    return 1
+  fi
+  _real_fullchain="$_ssl_path/vsftpd.chain.pem"
+  if ! cat "$_cfullchain" >"$_real_fullchain"; then
+    _err "Error: write key file to: $_real_fullchain"
+    return 1
+  fi
+  _info "Modify vsftpd conf: $_vsftpd_conf"
+  
+  DEFAULT_VSFTPD_RELOAD="service vsftpd restart"
+  _reload="${DEPLOY_VSFTPD_RELOAD:-$DEFAULT_VSFTPD_RELOAD}"
+  if _setopt "$_vsftpd_conf" "rsa_cert_file" "=" "$_real_fullchain" \
+    && _setopt "$_vsftpd_conf" "rsa_private_key_file" "=" "$_real_key" \
+    && _setopt "$_vsftpd_conf" "ssl_enable" "=" "YES" \
+    && eval "$_reload"; then
+    _info "Deploy success!"
+    if [ "$DEPLOY_VSFTPD_CONF" ]; then
+      _savedomainconf DEPLOY_VSFTPD_CONF "$DEPLOY_VSFTPD_CONF"
+    else
+      _cleardomainconf DEPLOY_VSFTPD_CONF
+    fi
+    if [ "$DEPLOY_VSFTPD_RELOAD" ]; then
+      _savedomainconf DEPLOY_VSFTPD_RELOAD "$DEPLOY_VSFTPD_RELOAD"
+    else
+      _cleardomainconf DEPLOY_VSFTPD_RELOAD
+    fi
+    return 0
+  else
+    _err "Config vsftpd server error, please report bug to us."
+    _info "Restoring vsftpd conf"
+    if cat "$_backup_conf" >"$_vsftpd_conf"; then
+      _info "Restore conf success"
+      eval "$_reload"
+    else
+      _err "Opps, error restore vsftpd conf, please report bug to us."
+    fi
+    return 1
+  fi
+  return 1
 }