Compare commits
No commits in common. "5cafdd98bb3d07e02c925a029656f9711e03550a" and "f25c3e0c9a6d018808cacafe81a9e0260f35c2de" have entirely different histories.
5cafdd98bb
...
f25c3e0c9a
|
|
@ -79,7 +79,7 @@ sub print_from_offset {
|
|||
while (<LOGFILE>) {
|
||||
if ($_ =~ /^([[:xdigit:].:]+) (.+) (.+) (\[[[:alnum:]\/:]+ \+[[:digit:]]{4}\]) (".*") ([[:digit:]]{3}) ([[:digit:]]+) "(.*)" "(.*)"$/) {
|
||||
#We ignore some IP address
|
||||
next if ($1 eq '::1' or $1 eq '127.0.0.1');
|
||||
next if ($1 eq '::1' or $1 eq '127.0.0.1' or $1 eq '2a01:e35:2ef3:b360::abac:22' or $1 eq '192.168.0.34');
|
||||
|
||||
if ($6 >= 200 && $6 < 300) {
|
||||
++$outputCpt{'2XX'};
|
||||
|
|
|
|||
|
|
@ -1,50 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
# This script is used on a proxy to refresh the certificates
|
||||
# from the original servers.
|
||||
#
|
||||
# Typical arborescence is :
|
||||
# /etc/ssl/proxy-certs/www.foobar.com.crt
|
||||
# /etc/ssl/proxy-certs/www.foobar.com.key
|
||||
#
|
||||
# note : don't forget to make the webserver reload the new certificates.
|
||||
|
||||
# Stop at the first error
|
||||
set -e
|
||||
|
||||
EXIT_STATUS=0
|
||||
TMPFILE="$( mktemp )"
|
||||
|
||||
for i in *.crt; do
|
||||
FQDN_HOSTNAME="$( echo $i | sed 's/\.crt$//' )"
|
||||
|
||||
# We don't refresh when there is a certificate request:
|
||||
# those are locally served websites
|
||||
if [ ! -f "$FQDN_HOSTNAME.csr" ] && [ "$FQDN_HOSTNAME.key" ]; then
|
||||
# Fetch the certificate from the origin server and store
|
||||
# in a temporary file.
|
||||
openssl s_client \
|
||||
-showcerts \
|
||||
-servername "$FQDN_HOSTNAME" \
|
||||
-connect "$FQDN_HOSTNAME:443" < /dev/null 2>/dev/null | \
|
||||
sed -n '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' > "$TMPFILE"
|
||||
|
||||
# Check that the new cert still match the local key
|
||||
if [ "$( ( openssl x509 -noout -modulus -in "$FQDN_HOSTNAME.crt"; openssl rsa -noout -modulus -in "$FQDN_HOSTNAME.key" ) | uniq | wc -l )" -ne 1 ]; then
|
||||
# Mismatch : raise an alert
|
||||
echo "WARNING: retrieved certificate does not match '$FQDN_HOSTNAME.key'" >&2
|
||||
EXIT_STATUS=1
|
||||
else
|
||||
# Note: we try not to uselessly write and update the files' mtime,
|
||||
# but do it anyway if 'diff' is not available.
|
||||
if ! which diff >/dev/null || ! diff -q "$FQDN_HOSTNAME.crt" "$TMPFILE" >/dev/null ; then
|
||||
# Update the local certificate without changing ACL
|
||||
cat "$TMPFILE" > "$FQDN_HOSTNAME.crt"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
# Cleanup and exit
|
||||
rm -f "$TMPFILE"
|
||||
exit "$EXIT_STATUS"
|
||||
Loading…
Reference in a new issue