freenginx-docker/init-ech.sh at master · vincejv/freenginx-docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/bin/bash
# init-ech.sh - Initialize ECH keys, symlinks, and update Cloudflare DNS

set -euo pipefail

DOMAIN="${DOMAIN:?Must set DOMAIN}"
ECH_DIR="${ECH_DIR:-/etc/nginx/echkeys}"
CF_ZONE_URL="https://api.cloudflare.com/client/v4/zones"
CF_ZONE_ID="${CF_ZONE_ID:?Must set CF_ZONE_ID}"
CF_API_TOKEN="${CF_API_TOKEN:?Must set CF_API_TOKEN}"
SUBDOMAINS="${SUBDOMAINS:?Must set SUBDOMAINS (space-separated list)}"
LOGFILE="${LOGFILE:-/var/log/nginx/access.log}"

log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] init-ech.sh: $*" >> "$LOGFILE"
}

# 1. Generate ECH key file
source /usr/local/bin/generate-ech-key.sh
generate_ech_key

# 2. Initialize symlinks (all point to the same key initially)
for l in ech previous.ech stale.ech; do
    ln -sf "$(basename "$NEW_KEY")" "$DOMAIN.$l"
done
log "Symlinks initialized: ech -> $(readlink "$DOMAIN.ech"), previous.ech -> $(readlink "$DOMAIN.previous.ech"), stale.ech -> $(readlink "$DOMAIN.stale.ech")"

# 3-4. Update DNS Records
source /usr/local/bin/update-https-records.sh
update_https_records >>"$LOGFILE" 2>&1 &

log "Initial ECH setup complete, DNS records will be updated in the background"