failover DNS to fishfinger

author: Paul Buetow <paul@buetow.org> 2024-03-13 09:00:12 +0200
committer: Paul Buetow <paul@buetow.org> 2024-03-14 23:57:14 +0200
commit: 438f47bccab4fa8128e085131fbd9dc499fd07b3 (patch)
tree: 3d4f20b3aa1c9270835f0b7bf1c83d38b6488f45 /frontends/scripts/acme.sh.tpl
parent: b2958427dee916d933f2b4c51f4fe22e307a8cf1 (diff)
1 files changed, 9 insertions, 4 deletions
diff --git a/frontends/scripts/acme.sh.tpl b/frontends/scripts/acme.sh.tpl
index 0d2dd3c..2b588f4 100644
--- a/frontends/scripts/acme.sh.tpl
+++ b/frontends/scripts/acme.sh.tpl
@@ -1,12 +1,15 @@
 #!/bin/sh
 
-<%
-  our $primary = $is_primary->($vio0_ip);
-  our $prefix = $primary ? '' : 'www.';
--%>
+MY_IP=`ifconfig vio0 | awk '$1 == "inet" { print $2 }'`
 
 function handle_cert {
     host=$1
+    host_ip=`host $host | awk '/has address/ { print $(NF) }'`
+    if [ "$MY_IP" != "$host_ip" ]; then
+        echo "Not serving $host, skipping..."
+        return
+    fi
+
     # Create symlink, so that relayd also can read it.
     crt_path=/etc/ssl/$host
     if [ -e $crt_path.crt ]; then
@@ -19,10 +22,12 @@ function handle_cert {
 
 has_update=no
 <% for my $host (@$acme_hosts) { -%>
+<%   for my $prefix ('', 'www.', 'mirror.') { -%>
 handle_cert <%= $prefix.$host %>
 if [ $? -eq 0 ]; then
     has_update=yes
 fi
+<%   } -%>
 <% } -%>
 
 # Current server's FQDN (e.g. for mail server certs)
author	Paul Buetow <paul@buetow.org>	2024-03-13 09:00:12 +0200
committer	Paul Buetow <paul@buetow.org>	2024-03-14 23:57:14 +0200
commit	438f47bccab4fa8128e085131fbd9dc499fd07b3 (patch)
tree	3d4f20b3aa1c9270835f0b7bf1c83d38b6488f45 /frontends/scripts/acme.sh.tpl
parent	b2958427dee916d933f2b4c51f4fe22e307a8cf1 (diff)