Merge pull request #124 from mvdriel/let-pem-ocsp-files-inherit-permi…

…ssions-from-directory Let pem and ocsp files inherit permissions from directory
Oefenweb · Feb 12, 2021 · 4521b5d · 4521b5d
2 parents 0fefce8 + 58186cb
commit 4521b5d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/templates/usr/local/bin/haproxy-letsencrypt-ocsp-deploy.j2 b/templates/usr/local/bin/haproxy-letsencrypt-ocsp-deploy.j2
@@ -28,6 +28,10 @@ for path in $(ls -1d {{ haproxy_letsencrypt_ssl_src_path }}/*/); do
     -cert "${path}{{ haproxy_letsencrypt_ssl_cert_name }}" \
     -url "${ocspUrl}";
 
+  chown --reference="{{ haproxy_global_crt_base }}" "{{ haproxy_global_crt_base }}/${prefix}-${cert}.pem.ocsp";
+  chmod --reference="{{ haproxy_global_crt_base }}" "{{ haproxy_global_crt_base }}/${prefix}-${cert}.pem.ocsp";
+  chmod -x "{{ haproxy_global_crt_base }}/${prefix}-${cert}.pem.ocsp";
+
   rm -f "{{ haproxy_global_crt_base }}/${removePrefix}-${cert}.pem.ocsp";
 done
 

diff --git a/templates/usr/local/bin/haproxy-letsencrypt-ssl-deploy.j2 b/templates/usr/local/bin/haproxy-letsencrypt-ssl-deploy.j2
@@ -22,6 +22,10 @@ for path in $(ls -1d {{ haproxy_letsencrypt_ssl_src_path }}/*/); do
 
   cat "${path}{{ haproxy_letsencrypt_ssl_fullchain_name }}" "${path}{{ haproxy_letsencrypt_ssl_privkey_name }}" > "{{ haproxy_global_crt_base }}/${prefix}-${cert}.pem";
 
+  chown --reference="{{ haproxy_global_crt_base }}" "{{ haproxy_global_crt_base }}/${prefix}-${cert}.pem";
+  chmod --reference="{{ haproxy_global_crt_base }}" "{{ haproxy_global_crt_base }}/${prefix}-${cert}.pem";
+  chmod -x "{{ haproxy_global_crt_base }}/${prefix}-${cert}.pem";
+
   rm -f "{{ haproxy_global_crt_base }}/${removePrefix}-${cert}.pem";
 done