raspap-webgui/installers/mkcert.sh

#!/bin/bash
#
# RaspAP SSL certificate installation functions
# author: @billz
# license: GNU General Public License v3.0

certname=$HOSTNAME."local"
lighttpd_ssl="/etc/lighttpd/ssl"

### NOTE: all the below functions are overloadable for system-specific installs

function config_installation() {
    install_log "Configure a new SSL certificate"
    echo "Current system hostname is ${certname}"
    echo -n "Create an SSL certificate for ${certname}? (Recommended) [y/N]"
    if [ $assume_yes == 0 ]; then
        read answer
        if [[ $answer != "y" ]]; then
            read -e -p "Enter an alternate certificate name: " -i "${certname}" certname
        fi
    else
        echo -e
    fi

    echo -n "Install to Lighttpd SSL directory: ${lighttpd_ssl}? [y/N]: "
    if [ $assume_yes == 0 ]; then
        read answer
        if [[ $answer != "y" ]]; then
            read -e -p "Enter alternate Lighttpd SSL directory: " -i "${lighttpd_ssl}/" lighttpd_ssl
        fi
    else
        echo -e
    fi
    echo -e "\033[1;32m***************************************************************$*\033[m"
    echo "A new SSL certificate for: ${certname}"
    echo "will be installed to Lighttpd SSL directory: ${lighttpd_ssl}"
    echo -e "\033[1;32m***************************************************************$*\033[m"
    echo -n "Complete installation with these values? [y/N]: "
    if [ $assume_yes == 0 ]; then
        read answer
        if [[ $answer != "y" ]]; then
            echo "Installation aborted."
            exit 0
        fi
    else
        echo -e
    fi
}

# Installs pre-built mkcert binary for Arch Linux ARM
function install_mkcert() {
    install_log "Fetching mkcert binary"
    sudo wget https://github.com/FiloSottile/mkcert/releases/download/v1.3.0/mkcert-v1.3.0-linux-arm -O /usr/local/bin/mkcert || install_error "Unable to download mkcert"
    sudo chmod +x /usr/local/bin/mkcert

    install_log "Installing mkcert"
    mkcert -install || install_error "Failed to install mkcert"
}

# Generate a certificate for host
function generate_certificate() {
    install_log "Generating a new certificate for $certname"
    cd /home/pi
    mkcert $certname "*.${certname}.local" $certname || install_error "Failed to generate certificate for $certname"

    install_log "Combining private key and certificate"
    cat $certname+2-key.pem $certname+2.pem > $certname.pem || install_error "Failed to combine key and certificate"
}

# Create a directory for the combined .pem file in lighttpd
function create_lighttpd_dir() {
    #todo: check for existence
    install_log "Create SLL directory for lighttpd"
    sudo mkdir -p "$lighttpd_ssl" || install_error "Failed to create lighttpd directory"

    install_log "Setting permissions and moving the .pem file"
    chmod 400 /home/pi/"$certname".pem || install_error "Unable to set permissions for .pem file"
    sudo mv /home/pi/"$certname".pem /etc/lighttpd/ssl
}

# Edit the lighttpd configuration
function configure_lighttpd() {
    install_log "Configuring lighttpd for SSL"


}

# Copy rootCA.pem to RaspAP web root
function copy_rootca() {
    install_log "Copying rootCA.pem to RaspAP web root"
    sudo cp /home/pi/.local/share/mkcert/rootCA.pem ${webroot_dir}
}

function install_complete() {
    install_log "Installation completed!"

    if [ "${assume_yes:-}" = 0 ]; then
        # Prompt to reboot if wired ethernet (eth0) is connected.
        # With default_configuration this will create an active AP on restart.
        echo "ok"
    fi
}

function install_certificate() {
    display_welcome
    config_installation
    install_mkcert
    generate_certificate
    create_lighttpd_dir 
    configure_lighttpd
    copy_rootca
    restart_lighttpd
    install_complete
}
Initial commit 2019-11-07 09:39:54 +01:00			`#!/bin/bash`
			`#`
			`# RaspAP SSL certificate installation functions`
			`# author: @billz`
			`# license: GNU General Public License v3.0`

			`certname=$HOSTNAME."local"`
			`lighttpd_ssl="/etc/lighttpd/ssl"`

			`### NOTE: all the below functions are overloadable for system-specific installs`

			`function config_installation() {`
			`install_log "Configure a new SSL certificate"`
			`echo "Current system hostname is ${certname}"`
			`echo -n "Create an SSL certificate for ${certname}? (Recommended) [y/N]"`
			`if [ $assume_yes == 0 ]; then`
			`read answer`
			`if [[ $answer != "y" ]]; then`
			`read -e -p "Enter an alternate certificate name: " -i "${certname}" certname`
			`fi`
			`else`
			`echo -e`
			`fi`

			`echo -n "Install to Lighttpd SSL directory: ${lighttpd_ssl}? [y/N]: "`
			`if [ $assume_yes == 0 ]; then`
			`read answer`
			`if [[ $answer != "y" ]]; then`
			`read -e -p "Enter alternate Lighttpd SSL directory: " -i "${lighttpd_ssl}/" lighttpd_ssl`
			`fi`
			`else`
			`echo -e`
			`fi`
			`echo -e "\033[1;32m**************************************************************$\033[m"`
			`echo "A new SSL certificate for: ${certname}"`
			`echo "will be installed to Lighttpd SSL directory: ${lighttpd_ssl}"`
			`echo -e "\033[1;32m**************************************************************$\033[m"`
			`echo -n "Complete installation with these values? [y/N]: "`
			`if [ $assume_yes == 0 ]; then`
			`read answer`
			`if [[ $answer != "y" ]]; then`
			`echo "Installation aborted."`
			`exit 0`
			`fi`
			`else`
			`echo -e`
			`fi`
			`}`

			`# Installs pre-built mkcert binary for Arch Linux ARM`
			`function install_mkcert() {`
			`install_log "Fetching mkcert binary"`
			`sudo wget https://github.com/FiloSottile/mkcert/releases/download/v1.3.0/mkcert-v1.3.0-linux-arm -O /usr/local/bin/mkcert \|\| install_error "Unable to download mkcert"`
			`sudo chmod +x /usr/local/bin/mkcert`

			`install_log "Installing mkcert"`
			`mkcert -install \|\| install_error "Failed to install mkcert"`
			`}`

			`# Generate a certificate for host`
			`function generate_certificate() {`
			`install_log "Generating a new certificate for $certname"`
			`cd /home/pi`
			`mkcert $certname "*.${certname}.local" $certname \|\| install_error "Failed to generate certificate for $certname"`

			`install_log "Combining private key and certificate"`
			`cat $certname+2-key.pem $certname+2.pem > $certname.pem \|\| install_error "Failed to combine key and certificate"`
			`}`

			`# Create a directory for the combined .pem file in lighttpd`
			`function create_lighttpd_dir() {`
			`#todo: check for existence`
			`install_log "Create SLL directory for lighttpd"`
			`sudo mkdir -p "$lighttpd_ssl" \|\| install_error "Failed to create lighttpd directory"`

			`install_log "Setting permissions and moving the .pem file"`
			`chmod 400 /home/pi/"$certname".pem \|\| install_error "Unable to set permissions for .pem file"`
			`sudo mv /home/pi/"$certname".pem /etc/lighttpd/ssl`
			`}`

			`# Edit the lighttpd configuration`
			`function configure_lighttpd() {`
			`install_log "Configuring lighttpd for SSL"`


			`}`

			`# Copy rootCA.pem to RaspAP web root`
			`function copy_rootca() {`
			`install_log "Copying rootCA.pem to RaspAP web root"`
			`sudo cp /home/pi/.local/share/mkcert/rootCA.pem ${webroot_dir}`
			`}`

			`function install_complete() {`
			`install_log "Installation completed!"`

			`if [ "${assume_yes:-}" = 0 ]; then`
			`# Prompt to reboot if wired ethernet (eth0) is connected.`
			`# With default_configuration this will create an active AP on restart.`
			`echo "ok"`
			`fi`
			`}`

			`function install_certificate() {`
			`display_welcome`
			`config_installation`
			`install_mkcert`
			`generate_certificate`
			`create_lighttpd_dir`
			`configure_lighttpd`
			`copy_rootca`
			`restart_lighttpd`
			`install_complete`
			`}`