-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #281 from terrateamio/main
Release v1
- Loading branch information
Showing
1 changed file
with
28 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,39 +1,47 @@ | ||
#!/usr/bin/env bash | ||
set -euf -o pipefail | ||
|
||
# This script checks if the NETWORK_PROXY environment variable is set. | ||
# If set, it reads the HTTP_PROXY_DOMAINS environment variable (expected to be a space-separated string), | ||
# This script checks if the HTTPS_PROXY environment variable is set. | ||
# If set, it reads the HTTPS_PROXY_DOMAINS environment variable (expected to be a space-separated string), | ||
# converts it into an array, and retrieves SSL certificates for each domain through the proxy. | ||
# The certificates are then stored in /usr/local/share/ca-certificates/ and the system's certificate store is updated. | ||
|
||
# Usage: | ||
# 1. Set the NETWORK_PROXY environment variable to your proxy address. | ||
# 2. Set the HTTP_PROXY_DOMAINS environment variable to a space-separated list of domains. | ||
# 1. Set the HTTPS_PROXY environment variable to your proxy address. | ||
# 2. Set the HTTPS_PROXY_DOMAINS environment variable to a space-separated list of domains. | ||
# 3. Run this script. | ||
|
||
# Example: | ||
# export NETWORK_PROXY="http://proxy.example.com:3128" | ||
# export HTTP_PROXY_DOMAINS="github.com api.github.com" | ||
# ./http-proxy-add-self-signed-certs | ||
|
||
# Check if NETWORK_PROXY is set | ||
if [ -z "${NETWORK_PROXY-}" ]; then | ||
echo "Error: NETWORK_PROXY is not set. Exiting." | ||
exit 1 | ||
# export HTTPS_PROXY=http://proxy.example.com:8080 | ||
# export HTTPS_PROXY_DOMAINS="github.com api.github.com" | ||
# ./http-proxy-add-self-signed-certs.sh | ||
|
||
# Check if HTTPS_PROXY is set | ||
if [ -z "${HTTPS_PROXY-}" ]; then | ||
echo "HTTPS_PROXY is not set. Exiting." | ||
exit | ||
fi | ||
|
||
# Check if HTTP_PROXY_DOMAINS is set and non-empty | ||
if [ -z "${HTTP_PROXY_DOMAINS-}" ]; then | ||
echo "Error: HTTP_PROXY_DOMAINS is not set. Exiting." | ||
exit 1 | ||
# Strip http:// or https:// for the openssl command | ||
HTTPS_PROXY=$(echo "$HTTPS_PROXY" | sed 's~http[s]\?://~~') | ||
|
||
# Check if HTTPS_PROXY_DOMAINS is set and non-empty | ||
if [ -z "${HTTPS_PROXY_DOMAINS-}" ]; then | ||
echo "HTTPS_PROXY_DOMAINS is not set. Exiting." | ||
exit | ||
fi | ||
|
||
# Convert HTTP_PROXY_DOMAINS to an array | ||
IFS=' ' read -r -a domains <<< "$HTTP_PROXY_DOMAINS" | ||
# Convert HTTPS_PROXY_DOMAINS to an array | ||
IFS=' ' read -r -a domains <<< "$HTTPS_PROXY_DOMAINS" | ||
|
||
# Add domain certs | ||
# Retrieve and store certificates for each domain | ||
for domain in "${domains[@]}"; do | ||
openssl s_client -showcerts -connect "$domain":443 -proxy "$NETWORK_PROXY" < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /usr/local/share/ca-certificates/"$domain".crt | ||
echo "Retrieving certificate for $domain..." | ||
openssl s_client -showcerts -connect "$domain:443" -proxy "$HTTPS_PROXY" < /dev/null | \ | ||
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > "/usr/local/share/ca-certificates/${domain}.crt" | ||
done | ||
|
||
# Update the system's certificate store | ||
update-ca-certificates | ||
|
||
echo "Certificates updated successfully." |