starred/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2026-04-26 01:05:52 +03:00
Code Issues 618 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #878] 请问申请完证书后的动作可以配置吗? #465

New issue
Closed
opened 2026-02-26 12:08:26 +03:00 by kerem · 4 comments
kerem commented 2026-02-26 12:08:26 +03:00
Owner
Copy link

Originally created by @easonjim on GitHub (Feb 20, 2025).
Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/878

使用 acme.sh 命令申请完证书后会有重新的 shell 命令可以自定义的,比如上传到 nginx,以及更新 aliyun 的动作,请问 nginx-ui 证书管理里可以配置自定义 shell 吗?

Originally created by @easonjim on GitHub (Feb 20, 2025). Original GitHub issue: https://github.com/0xJacky/nginx-ui/issues/878 使用 acme.sh 命令申请完证书后会有重新的 shell 命令可以自定义的,比如上传到 nginx,以及更新 aliyun 的动作,请问 nginx-ui 证书管理里可以配置自定义 shell 吗?
kerem closed this issue 2026-02-26 12:08:26 +03:00
kerem commented 2026-02-26 12:08:26 +03:00
Author
Owner
Copy link

@0xJacky commented on GitHub (Feb 20, 2025):

你好,出于安全考虑,不会支持自定义 shell 执行,但是上传至 aliyun 可以使用这个项目:https://github.com/0xJacky/cdn_cert

<!-- gh-comment-id:2670433829 --> @0xJacky commented on GitHub (Feb 20, 2025): 你好,出于安全考虑,不会支持自定义 shell 执行,但是上传至 aliyun 可以使用这个项目:https://github.com/0xJacky/cdn_cert
kerem commented 2026-02-26 12:08:26 +03:00
Author
Owner
Copy link

@easonjim commented on GitHub (Feb 20, 2025):

太棒了

<!-- gh-comment-id:2670444026 --> @easonjim commented on GitHub (Feb 20, 2025): 太棒了
kerem commented 2026-02-26 12:08:26 +03:00
Author
Owner
Copy link

@easonjim commented on GitHub (Feb 26, 2025):

@0xJacky 我用脚本完美解决了 alicdn 的变动更新,后续我在这里分享实现脚本

<!-- gh-comment-id:2683740157 --> @easonjim commented on GitHub (Feb 26, 2025): @0xJacky 我用脚本完美解决了 alicdn 的变动更新,后续我在这里分享实现脚本
kerem commented 2026-02-26 12:08:26 +03:00
Author
Owner
Copy link

@easonjim commented on GitHub (Feb 27, 2025):

实现方式:
1、通过使用 inotify-tools 监控文件变化
2、通过 aliyuncli 提交证书并替换

安装 inotify-tools:
shell yum -y install inotify-tools

安装 aliyuncli:
https://help.aliyun.com/zh/cli/install-cli-on-linux

执行脚本:
1、ssl_alicdn_xxx.domain.com.sh:

#!/usr/bin/env bash

# aliyuncli token
AccessKeyId=abc
AccessKeySecret=def
RegionId=hij

# 证书文件
CERT_KEY_PATH=/etc/nginx/ssl/*.xxx.domain.com_xxx.domain.com_2048/private.key
CERT_FULLCHAIN_PATH=/etc/nginx/ssl/*.xxx.domain.com_xxx.domain.com_2048/fullchain.cer

# 获取证书自定义函数
get_cert() {
    # 使用 sed 删除掉证书文件的空行
    sed -e "/^$/d" "$CERT_FULLCHAIN_PATH"
}

# 获取密钥自定义函数
get_key() {
    cat "$CERT_KEY_PATH"
}

# 需要更新证书的 CDN 域名列表
DOMAIN_LIST=(
    "xxx.domain.com"
    "test.xxx.domain.com"
)

# 设置 CDN 域名列表使用新的证书
for _domain in "${DOMAIN_LIST[@]}"; do
    _cert_name="cert--${_domain//./_}--$(date +%Y%m%d%s)"
    # log
    echo aliyun cdn SetCdnDomainSSLCertificate --region \"${RegionId}\" --access-key-id \"${AccessKeyId}\" --access-key-secret \"\" --CertName \"${_cert_name}\" --DomainName \"$_domain\" --SSLPub=\"$(get_cert)\" --SSLPri=\"$(get_key)\"  --CertType upload --SSLProtocol on
    # shell
    aliyun cdn SetCdnDomainSSLCertificate --region "${RegionId}" --access-key-id "${AccessKeyId}" --access-key-secret "${AccessKeySecret}" --CertName "${_cert_name}" --DomainName "$_domain" --SSLPub="$(get_cert)" --SSLPri="$(get_key)"  --CertType upload --SSLProtocol on || exit 103
    sleep .5
done

2、ssl_watchdog.sh

#!/bin/sh

# 监视的文件或目录
filename=$1

# 监视发现有增、删、改时执行的脚本
script=$2

inotifywait -mrq --format '%e' --event create,delete,modify  $filename | while read event
  do
      case $event in
          MODIFY|CREATE)
              echo `date "+%Y%m%d%s"`-$event && bash $script
          ;;
          DELETE)
              echo `date "+%Y%m%d%s"`-$event
          ;;
      esac
  done

3、监控文件变化并执行:

nohup bash /path/ssl_watchdog.sh /etc/nginx/ssl/*.xxx.domain.com_xxx.domain.com_2048/fullchain.cer /path/ssl_alicdn_xxx.domain.com.sh >> /path/ssl_watchdog.sh.log 2>&1 &
<!-- gh-comment-id:2686612217 --> @easonjim commented on GitHub (Feb 27, 2025): 实现方式: 1、通过使用 inotify-tools 监控文件变化 2、通过 aliyuncli 提交证书并替换 安装 inotify-tools: `shell yum -y install inotify-tools ` 安装 aliyuncli: [https://help.aliyun.com/zh/cli/install-cli-on-linux](url) 执行脚本: 1、ssl_alicdn_xxx.domain.com.sh: ```shell #!/usr/bin/env bash # aliyuncli token AccessKeyId=abc AccessKeySecret=def RegionId=hij # 证书文件 CERT_KEY_PATH=/etc/nginx/ssl/*.xxx.domain.com_xxx.domain.com_2048/private.key CERT_FULLCHAIN_PATH=/etc/nginx/ssl/*.xxx.domain.com_xxx.domain.com_2048/fullchain.cer # 获取证书自定义函数 get_cert() { # 使用 sed 删除掉证书文件的空行 sed -e "/^$/d" "$CERT_FULLCHAIN_PATH" } # 获取密钥自定义函数 get_key() { cat "$CERT_KEY_PATH" } # 需要更新证书的 CDN 域名列表 DOMAIN_LIST=( "xxx.domain.com" "test.xxx.domain.com" ) # 设置 CDN 域名列表使用新的证书 for _domain in "${DOMAIN_LIST[@]}"; do _cert_name="cert--${_domain//./_}--$(date +%Y%m%d%s)" # log echo aliyun cdn SetCdnDomainSSLCertificate --region \"${RegionId}\" --access-key-id \"${AccessKeyId}\" --access-key-secret \"\" --CertName \"${_cert_name}\" --DomainName \"$_domain\" --SSLPub=\"$(get_cert)\" --SSLPri=\"$(get_key)\" --CertType upload --SSLProtocol on # shell aliyun cdn SetCdnDomainSSLCertificate --region "${RegionId}" --access-key-id "${AccessKeyId}" --access-key-secret "${AccessKeySecret}" --CertName "${_cert_name}" --DomainName "$_domain" --SSLPub="$(get_cert)" --SSLPri="$(get_key)" --CertType upload --SSLProtocol on || exit 103 sleep .5 done ``` 2、ssl_watchdog.sh ```shell #!/bin/sh # 监视的文件或目录 filename=$1 # 监视发现有增、删、改时执行的脚本 script=$2 inotifywait -mrq --format '%e' --event create,delete,modify $filename | while read event do case $event in MODIFY|CREATE) echo `date "+%Y%m%d%s"`-$event && bash $script ;; DELETE) echo `date "+%Y%m%d%s"`-$event ;; esac done ``` 3、监控文件变化并执行: ```shell nohup bash /path/ssl_watchdog.sh /etc/nginx/ssl/*.xxx.domain.com_xxx.domain.com_2048/fullchain.cer /path/ssl_alicdn_xxx.domain.com.sh >> /path/ssl_watchdog.sh.log 2>&1 & ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
weblate
main
renovate/uuid-14.x
renovate/typescript-6.x
renovate/all-minor-patch
cursor/interface-conversion-error-36ec
cursor/docker-api-stat-path-27ca
cursor/nginx-ui-disk-i-o-3d99
cursor/cloudflare-dns-comments-299c
cursor/access-log-dark-mode-font-dfdc
copilot/fix-ai-chat-title-error
cursor/propfind-method-logging-33b5
cursor/docker-client-version-update-d1b4
copilot/fix-nginx-ui-api-errors
cursor/update-x-forwarded-proto-header-handling-1223
cursor/fix-nginx-ui-issue-1455-gpt-5.1-codex-high-079c
cursor/update-nginx-ui-to-vue-3-gpt-5.1-codex-high-3100
cursor/investigate-nginx-ui-issue-1446-gpt-5.1-codex-high-2be0
v1
v2.3.8
v2.3.7
v2.3.6
v2.3.5
v2.3.4
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.1
v2.2.0-patch.1
v2.2.0
v2.1.17
v2.1.16
v2.1.15
v2.1.14
v2.1.13
v2.1.12
v2.1.11
v2.1.10
v2.1.9
v2.1.8
v2.1.7
v2.1.6
v2.1.5
v2.1.4-patch.1
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0-patch.1
v2.1.0
v2.1.0-rc.3
v2.1.0-rc.2
v2.1.0-rc.1
v2.1.0-beta.1
v2.0.2
v2.0.1
v2.0.0
v2.0.0-rc.8-patch.1
v2.0.0-rc.8
v2.0.0-rc.7-patch.6
v2.0.0-rc.7-patch.7
v2.0.0-rc.7-patch.8
v2.0.0-rc.7-patch.5
v2.0.0-rc.7-patch.4
v2.0.0-rc.7-patch.3
v2.0.0-rc.7-patch.2
v2.0.0-rc.7-patch.1
v2.0.0-rc.7
v2.0.0-rc.6-patch.5
v2.0.0-rc.6-patch.4
v2.0.0-rc.6-patch.3
v2.0.0-rc.6-patch.2
v2.0.0-rc.6-patch.1
v2.0.0-rc.6
v2.0.0-rc.5
v2.0.0-rc.4-patch.3
v2.0.0-rc.4-patch.2
v2.0.0-rc.4-patch.1
v2.0.0-rc.4
v2.0.0-rc.3-patch.1
v2.0.0-rc.3
v2.0.0-rc.2
v2.0.0-rc.1-patch.2
v2.0.0-rc.1-patch.1
v2.0.0-rc.1
v2.0.0-beta.42
v2.0.0-beta.41
v2.0.0-beta.40
v2.0.0-beta.39-risefront.6
v2.0.0-beta.39-risefront.5
v2.0.0-beta.39-risefront.4
v2.0.0-beta.39-risefront.3
v2.0.0-beta.39-risefront.2
v2.0.0-beta.39-risefront
v2.0.0-beta.39
v2.0.0-beta.38
v2.0.0-beta.37-patch.5
v2.0.0-beta.37-patch.3
v2.0.0-beta.37-patch.4
v2.0.0-beta.37-patch.2
v2.0.0-beta.37-patch.1
v2.0.0-beta.37
v2.0.0-beta.36
v2.0.0-beta.35
v2.0.0-beta.34
v2.0.0-beta.33
v2.0.0-beta.32-patch.1
v2.0.0-beta.32
v2.0.0-beta.31
v2.0.0-beta.30
v2.0.0-beta.29
v2.0.0-beta.28
v2.0.0-beta.27
v2.0.0-beta.26
v2.0.0-beta.25-patch.2
v2.0.0-beta.25-patch.1
v2.0.0-beta.25
v2.0.0-beta.24
v2.0.0-beta.23-patch.2
v2.0.0-beta.23-patch.1
v2.0.0-beta.23
v2.0.0-beta.22
v2.0.0-beta.21
v2.0.0-beta.20
v2.0.0-beta.19
v2.0.0-beta.18-patch.2
v2.0.0-beta.18-patch.1
v2.0.0-beta.18
v2.0.0-beta.17
v2.0.0-beta.16
v2.0.0-beta.15
v2.0.0-beta.14
v2.0.0-beta.13-patch
v2.0.0-beta.13
v2.0.0-beta.12
v2.0.0-beta.11
v2.0.0-beta.10-patch
v2.0.0-beta.10
v2.0.0-beta.9
v2.0.0-beta.8-patch
v2.0.0-beta.8
v2.0.0-beta.7
v2.0.0-beta.6-patch.2
v2.0.0-beta.6-patch
v2.0.0-beta.6
v2.0.0-beta.5-patch
v2.0.0-beta.5
v2.0.0-beta.4-patch
v2.0.0-beta.4
v2.0.0-beta.3
v2.0.0-beta.2
v2.0.0-beta.1
v1.9.9-4
v1.9.9-3
v1.9.9-2
v1.9.9
v1.9.9-1
v1.8.4-patch
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.9
v1.7.8
v1.7.7
v1.7.6
v1.7.5
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0-patch
v1.7.0
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.3
v1.6.2
v1.6.1
v1.6.0-fix
v1.6.0
v1.5.2
v1.5.1
v1.5.0
v1.5.0-beta9
v1.5.0-beta8
v1.5.0-beta7
v1.5.0-beta6
v1.5.0-beta5
v1.5.0-beta4-fix
v1.5.0-beta4
v1.5.0-beta3
v1.5.0-beta2
v1.5.0-beta1
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc1
v1.3.3-rc1
v1.3.2
v1.3.1-fix
v1.3.1
v1.3.0
v1.3.0-rc1
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc.3
v1.2.0-rc.2
v1.2.0-rc.1
v1.2.0-alpha.4
v1.2.0-alpha.3
v1.2.0-alpha.2
v1.1.0
Labels
Clear labels   
Q/A

   
bug

   
casdoor

   
dependencies

   
docker

   
documentation

   
duplicate

   
enhancement

   
help wanted

   
invalid

   
lego

   
platform:openwrt

   
platform:windows

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wontfix
No labels
Q/A
bug
casdoor
dependencies
docker
documentation
duplicate
enhancement
help wanted
invalid
lego
platform:openwrt
platform:windows
pull-request
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-ui#465
No description provided.