first commit
This commit is contained in:
Mateusz Gruszczyński
72
README.md
Normal file
72
README.md
Normal file
@@ -0,0 +1,72 @@
|
||||
# CertPusher
|
||||
|
||||
Automated SSL certificate distribution tool for deploying certificates to multiple remote servers via SSH/SCP.
|
||||
|
||||
## Features
|
||||
|
||||
- **Multi-server deployment**: Deploy certificates to unlimited number of servers
|
||||
- **Smart certificate comparison**: Checks if remote certificate needs updating via HTTPS
|
||||
- **Flexible SSH authentication**: Global or per-host SSH key configuration
|
||||
- **Post-deployment commands**: Execute commands after certificate upload (reload services, etc.)
|
||||
- **Comprehensive logging**: Debug-level logging with timestamped log files
|
||||
- **Safe execution**: Compares certificates before uploading to avoid unnecessary restarts
|
||||
|
||||
## Installation
|
||||
|
||||
git clone https://github.com/yourusername/certpusher.git
|
||||
cd certpusher
|
||||
pip install -r requirements.txt
|
||||
|
||||
## Configuration
|
||||
|
||||
1. Copy the example configuration:
|
||||
|
||||
cp config.ini.example config.ini
|
||||
|
||||
2. Edit `config.ini` with your server details:
|
||||
|
||||
### Global Section
|
||||
- `source_cert_path`: Path to the SSL certificate to distribute
|
||||
- `default_ssh_key`: Default SSH private key path
|
||||
|
||||
### Host Sections
|
||||
Each host requires:
|
||||
- `hostname`: IP address or hostname
|
||||
- `port`: SSH port (default: 22)
|
||||
- `username`: SSH username
|
||||
- `remote_cert_path`: Destination path for the certificate
|
||||
- `post_upload_command`: Command to run after upload (optional)
|
||||
- `check_url`: HTTPS URL to check current certificate (optional)
|
||||
- `ssh_key_path`: Override default SSH key (optional)
|
||||
|
||||
## Usage
|
||||
|
||||
python certpusher.py config.ini
|
||||
|
||||
|
||||
## SSH Key Setup
|
||||
|
||||
Generate SSH key for authentication:
|
||||
|
||||
ssh-keygen -t ed25519 -f ~/.ssh/certpusher_key
|
||||
|
||||
ssh-copy-id -i ~/.ssh/certpusher_key.pub user@remote-host
|
||||
|
||||
2025-10-26 22:00:00 - CertPusher - INFO - ============================================================
|
||||
2025-10-26 22:00:00 - CertPusher - INFO - CertPusher - SSL Certificate Distribution Tool
|
||||
2025-10-26 22:00:00 - CertPusher - INFO - ============================================================
|
||||
2025-10-26 22:00:01 - CertPusher - INFO - Processing host: webserver1
|
||||
2025-10-26 22:00:02 - CertPusher - INFO - ✓ Successfully processed webserver1
|
||||
|
||||
|
||||
## Security Considerations
|
||||
|
||||
- Store SSH private keys securely with proper permissions (chmod 600)
|
||||
- Use dedicated SSH keys for certificate deployment
|
||||
- Limit SSH key access with `authorized_keys` restrictions
|
||||
- Consider using SSH certificates for enhanced security
|
||||
- Rotate SSH keys regularly
|
||||
|
||||
## License
|
||||
|
||||
MIT License
|
||||
Reference in New Issue
Block a user