kris/kx-waf-le
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
kx-waf-le/le_notif.sh

273 lines
6.7 KiB
Bash
Raw Permalink Normal View History

Add le_notif.sh
2026-02-11 16:24:09 +00:00
#!/bin/bash
# Configuration
PASSIVE_SERVER="passive.example.com"
PASSIVE_USER="certbot"
REMOTE_LETSENCRYPT_DIR="/etc/letsencrypt"
LOCAL_LETSENCRYPT_DIR="/etc/letsencrypt"
WEB_SERVER="nginx"
HOSTNAME=$(hostname)
# Email Configuration
EMAIL_ENABLED=false
EMAIL_TO="admin@example.com" # Comma Separate for multiple accounts
EMAIL_FROM="certbot@$(hostname -f)"
# Slack Configuration
SLACK_ENABLED=true
SLACK_WEBHOOK_URL="https://hooks.slack.com/services/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"
# Teams Configuration
TEAMS_ENABLED=false
TEAMS_WEBHOOK_URL=""
# Log function
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a /var/log/letsencrypt/sync.log
}
# Send email notification
send_email_notification() {
local status=$1
local message=$2
local details=$3
if [ "$EMAIL_ENABLED" != "true" ]; then
return
fi
local subject="[${status}] Let's Encrypt Certificate Sync - ${HOSTNAME}"
local email_body=$(cat <<EOF
Let's Encrypt Certificate Sync Notification
============================================
Status: ${status}
Message: ${message}
Server Details:
---------------
Source Server: ${HOSTNAME}
Target Server: ${PASSIVE_SERVER}
Web Server: ${WEB_SERVER}
Timestamp: $(date '+%Y-%m-%d %H:%M:%S')
${details}
Log File: /var/log/letsencrypt/sync.log
EOF
)
# Send email using mail command
echo "$email_body" | mail -s "$subject" -r "$EMAIL_FROM" "$EMAIL_TO"
if [ $? -eq 0 ]; then
log "Email notification sent to ${EMAIL_TO}"
else
log "WARNING: Failed to send email notification"
fi
}
# Send notification to Slack
send_slack_notification() {
local status=$1
local message=$2
local color=$3
if [ "$SLACK_ENABLED" != "true" ] || [ -z "$SLACK_WEBHOOK_URL" ]; then
return
fi
local payload=$(cat <<EOF
{
"attachments": [
{
"color": "${color}",
"title": "Let's Encrypt Certificate Sync - ${status}",
"text": "${message}",
"fields": [
{
"title": "Server",
"value": "${HOSTNAME}",
"short": true
},
{
"title": "Target",
"value": "${PASSIVE_SERVER}",
"short": true
},
{
"title": "Timestamp",
"value": "$(date '+%Y-%m-%d %H:%M:%S')",
"short": false
}
]
}
]
}
EOF
)
curl -X POST -H 'Content-type: application/json' \
--data "$payload" \
"$SLACK_WEBHOOK_URL" -s > /dev/null
if [ $? -eq 0 ]; then
log "Slack notification sent"
else
log "WARNING: Failed to send Slack notification"
fi
}
# Send notification to Teams
send_teams_notification() {
local status=$1
local message=$2
local color=$3
if [ "$TEAMS_ENABLED" != "true" ] || [ -z "$TEAMS_WEBHOOK_URL" ]; then
return
fi
local payload=$(cat <<EOF
{
"@type": "MessageCard",
"@context": "https://schema.org/extensions",
"summary": "Let's Encrypt Certificate Sync - ${status}",
"themeColor": "${color}",
"title": "Let's Encrypt Certificate Sync - ${status}",
"sections": [
{
"activityTitle": "${message}",
"facts": [
{
"name": "Server:",
"value": "${HOSTNAME}"
},
{
"name": "Target:",
"value": "${PASSIVE_SERVER}"
},
{
"name": "Timestamp:",
"value": "$(date '+%Y-%m-%d %H:%M:%S')"
}
]
}
]
}
EOF
)
curl -X POST -H 'Content-type: application/json' \
--data "$payload" \
"$TEAMS_WEBHOOK_URL" -s > /dev/null
if [ $? -eq 0 ]; then
log "Teams notification sent"
else
log "WARNING: Failed to send Teams notification"
fi
}
# Unified notification function - sends to all enabled channels
send_notification() {
local status=$1
local message=$2
local color=$3
local details=$4
# Send to email
send_email_notification "$status" "$message" "$details"
# Send to Slack
send_slack_notification "$status" "$message" "$color"
# Send to Teams
send_teams_notification "$status" "$message" "$color"
}
log "Starting certificate sync to passive server..."
# Sync certificates using rsync over SSH with sudo on remote side
RSYNC_OUTPUT=$(rsync -azv --delete \
--rsync-path="sudo rsync" \
-e "ssh -o StrictHostKeyChecking=no" \
"${LOCAL_LETSENCRYPT_DIR}/" \
"${PASSIVE_USER}@${PASSIVE_SERVER}:${REMOTE_LETSENCRYPT_DIR}/" 2>&1)
RSYNC_EXIT_CODE=$?
if [ $RSYNC_EXIT_CODE -eq 0 ]; then
log "Certificate sync successful"
# Reload web server on passive server using sudo
log "Reloading ${WEB_SERVER} on passive server..."
RELOAD_OUTPUT=$(ssh -o StrictHostKeyChecking=no "${PASSIVE_USER}@${PASSIVE_SERVER}" \
"sudo systemctl reload ${WEB_SERVER}" 2>&1)
RELOAD_EXIT_CODE=$?
if [ $RELOAD_EXIT_CODE -eq 0 ]; then
log "Web server reload successful"
# Count synced files
SYNCED_FILES=$(echo "$RSYNC_OUTPUT" | grep -v "^$" | wc -l)
send_notification "SUCCESS" \
"Certificates synced successfully and ${WEB_SERVER} reloaded on passive server." \
"good" \
"Files Synced: ${SYNCED_FILES}
Sync Output:
------------
${RSYNC_OUTPUT}
Reload Output:
--------------
${RELOAD_OUTPUT}"
log "Certificate sync completed successfully"
exit 0
else
log "ERROR: Failed to reload web server on passive server"
send_notification "FAILURE" \
"Certificates synced but failed to reload ${WEB_SERVER} on passive server." \
"danger" \
"Error Details:
--------------
${RELOAD_OUTPUT}
Sync Output:
------------
${RSYNC_OUTPUT}
Action Required:
----------------
Please manually reload ${WEB_SERVER} on ${PASSIVE_SERVER} or investigate the error."
exit 1
fi
else
log "ERROR: Certificate sync failed"
send_notification "FAILURE" \
"Failed to sync certificates to passive server ${PASSIVE_SERVER}." \
"danger" \
"Error Details:
--------------
${RSYNC_OUTPUT}
Exit Code: ${RSYNC_EXIT_CODE}
Action Required:
----------------
Please check:
1. SSH connectivity between servers
2. Sudo permissions on passive server
3. Network connectivity
4. Disk space on passive server"
exit 1
fi
Reference in New Issue Copy Permalink