mirror of
https://github.com/billz/raspap-webgui.git
synced 2023-10-10 13:37:24 +02:00
Merge branch 'master' into feature/notracking
This commit is contained in:
commit
8fd1677974
17
README.md
17
README.md
@ -1,5 +1,5 @@
|
|||||||
![](https://i.imgur.com/xeKD93p.png)
|
![](https://i.imgur.com/xeKD93p.png)
|
||||||
[![Release 2.3](https://img.shields.io/badge/Release-2.3-green.svg)](https://github.com/billz/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/billz/raspap-webgui/](https://img.shields.io/travis/com/billz/raspap-webgui/master) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
|
[![Release 2.3.1](https://img.shields.io/badge/Release-2.3.1-green.svg)](https://github.com/billz/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/billz/raspap-webgui/](https://img.shields.io/travis/com/billz/raspap-webgui/master) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
|
||||||
|
|
||||||
RaspAP lets you quickly get a WiFi access point up and running to share the internet connectivity of a Raspberry Pi. Our famous [Quick installer](#quick-installer) creates a known-good default configuration that "just works" on all current Raspberry Pis with onboard wireless. A handsome responsive interface gives you control over the relevant services and networking options. OpenVPN client support, SSL, security audits, themes and multilingual options round out the package.
|
RaspAP lets you quickly get a WiFi access point up and running to share the internet connectivity of a Raspberry Pi. Our famous [Quick installer](#quick-installer) creates a known-good default configuration that "just works" on all current Raspberry Pis with onboard wireless. A handsome responsive interface gives you control over the relevant services and networking options. OpenVPN client support, SSL, security audits, themes and multilingual options round out the package.
|
||||||
|
|
||||||
@ -21,6 +21,7 @@ We hope you enjoy using RaspAP as much as we do creating it. Tell us how you use
|
|||||||
- [Support us](#support-us)
|
- [Support us](#support-us)
|
||||||
- [Manual installation](#manual-installation)
|
- [Manual installation](#manual-installation)
|
||||||
- [802.11ac 5GHz support](#80211ac-5ghz-support)
|
- [802.11ac 5GHz support](#80211ac-5ghz-support)
|
||||||
|
- [Supported operating systems](#supported-operating-systems)
|
||||||
- [Multilingual support](#multilingual-support)
|
- [Multilingual support](#multilingual-support)
|
||||||
- [HTTPS support](#https-support)
|
- [HTTPS support](#https-support)
|
||||||
- [OpenVPN support](#openvpn-support)
|
- [OpenVPN support](#openvpn-support)
|
||||||
@ -86,6 +87,20 @@ Detailed manual setup instructions are provided [on our wiki](https://github.com
|
|||||||
## 802.11ac 5GHz support
|
## 802.11ac 5GHz support
|
||||||
RaspAP provides an 802.11ac wireless mode option for supported hardware (currently the RPi 3B+/4) and wireless regulatory domains. See [this FAQ](https://github.com/billz/raspap-webgui/wiki/FAQs#80211ac) for more information.
|
RaspAP provides an 802.11ac wireless mode option for supported hardware (currently the RPi 3B+/4) and wireless regulatory domains. See [this FAQ](https://github.com/billz/raspap-webgui/wiki/FAQs#80211ac) for more information.
|
||||||
|
|
||||||
|
## Supported operating systems
|
||||||
|
RaspAP was originally made for Raspbian, but now also installs on the following Debian-based distros.
|
||||||
|
|
||||||
|
| Distribution | Release | Architecture | Support |
|
||||||
|
|---|:---:|:---:|:---:|
|
||||||
|
| Raspbian | Buster | ARM | Official |
|
||||||
|
| Armbian | Buster | [ARM](https://docs.armbian.com/#supported-chips) | Official |
|
||||||
|
| Debian | Buster | ARM / x86_64 | Beta |
|
||||||
|
| Ubuntu | 18.04 LTS / 19.10 | ARM / x86_64 | Beta |
|
||||||
|
|
||||||
|
![](https://i.imgur.com/luiyYNw.png)
|
||||||
|
|
||||||
|
We find Armbian particularly well-suited for this project. Please note that "supported" is not a guarantee. If you are able to improve support for your preferred distro, we encourage you to [actively contribute](#how-to-contribute) to the project.
|
||||||
|
|
||||||
## Multilingual support
|
## Multilingual support
|
||||||
RaspAP uses [GNU Gettext](https://www.gnu.org/software/gettext/) to manage multilingual messages. In order to use RaspAP with one of our supported translations, you must configure a corresponding language package on your RPi. To list languages currently installed on your system, use `locale -a` at the shell prompt. To generate new locales, run `sudo dpkg-reconfigure locales` and select any other desired locales. Details are provided on our [wiki](https://github.com/billz/raspap-webgui/wiki/Translations#raspap-in-your-language).
|
RaspAP uses [GNU Gettext](https://www.gnu.org/software/gettext/) to manage multilingual messages. In order to use RaspAP with one of our supported translations, you must configure a corresponding language package on your RPi. To list languages currently installed on your system, use `locale -a` at the shell prompt. To generate new locales, run `sudo dpkg-reconfigure locales` and select any other desired locales. Details are provided on our [wiki](https://github.com/billz/raspap-webgui/wiki/Translations#raspap-in-your-language).
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
define('RASPI_VERSION', '2.3');
|
define('RASPI_VERSION', '2.3.1');
|
||||||
define('RASPI_CONFIG', '/etc/raspap');
|
define('RASPI_CONFIG', '/etc/raspap');
|
||||||
define('RASPI_CONFIG_NETWORKING', RASPI_CONFIG.'/networking');
|
define('RASPI_CONFIG_NETWORKING', RASPI_CONFIG.'/networking');
|
||||||
define('RASPI_ADMIN_DETAILS', RASPI_CONFIG.'/raspap.auth');
|
define('RASPI_ADMIN_DETAILS', RASPI_CONFIG.'/raspap.auth');
|
||||||
@ -9,7 +9,7 @@ define('RASPI_CACHE_PATH', sys_get_temp_dir() . '/raspap');
|
|||||||
|
|
||||||
// Constants for configuration file paths.
|
// Constants for configuration file paths.
|
||||||
// These are typical for default RPi installs. Modify if needed.
|
// These are typical for default RPi installs. Modify if needed.
|
||||||
define('RASPI_DNSMASQ_CONFIG', '/etc/dnsmasq.conf');
|
define('RASPI_DNSMASQ_CONFIG', '/etc/dnsmasq.d/090_raspap.conf');
|
||||||
define('RASPI_DNSMASQ_LEASES', '/var/lib/misc/dnsmasq.leases');
|
define('RASPI_DNSMASQ_LEASES', '/var/lib/misc/dnsmasq.leases');
|
||||||
define('RASPI_ADBLOCK_LISTPATH', '/etc/raspap/adblock/');
|
define('RASPI_ADBLOCK_LISTPATH', '/etc/raspap/adblock/');
|
||||||
define('RASPI_ADBLOCK_CONFIG', '/etc/dnsmasq.d/090_adblock.conf');
|
define('RASPI_ADBLOCK_CONFIG', '/etc/dnsmasq.d/090_adblock.conf');
|
||||||
@ -32,7 +32,7 @@ define('RASPI_WIFICLIENT_ENABLED', true);
|
|||||||
define('RASPI_HOTSPOT_ENABLED', true);
|
define('RASPI_HOTSPOT_ENABLED', true);
|
||||||
define('RASPI_NETWORK_ENABLED', true);
|
define('RASPI_NETWORK_ENABLED', true);
|
||||||
define('RASPI_DHCP_ENABLED', true);
|
define('RASPI_DHCP_ENABLED', true);
|
||||||
define('RASPI_ADBLOCK_ENABLED', true);
|
define('RASPI_ADBLOCK_ENABLED', false);
|
||||||
define('RASPI_OPENVPN_ENABLED', false);
|
define('RASPI_OPENVPN_ENABLED', false);
|
||||||
define('RASPI_TORPROXY_ENABLED', false);
|
define('RASPI_TORPROXY_ENABLED', false);
|
||||||
define('RASPI_CONFAUTH_ENABLED', true);
|
define('RASPI_CONFAUTH_ENABLED', true);
|
||||||
|
@ -5,7 +5,7 @@ if (!defined('RASPI_CONFIG')) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$defaults = [
|
$defaults = [
|
||||||
'RASPI_VERSION' => '2.3',
|
'RASPI_VERSION' => '2.3.1',
|
||||||
'RASPI_CONFIG_NETWORKING' => RASPI_CONFIG.'/networking',
|
'RASPI_CONFIG_NETWORKING' => RASPI_CONFIG.'/networking',
|
||||||
'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
|
'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
|
||||||
'RASPI_WIFI_CLIENT_INTERFACE' => 'wlan0',
|
'RASPI_WIFI_CLIENT_INTERFACE' => 'wlan0',
|
||||||
@ -33,7 +33,7 @@ $defaults = [
|
|||||||
'RASPI_HOTSPOT_ENABLED' => true,
|
'RASPI_HOTSPOT_ENABLED' => true,
|
||||||
'RASPI_NETWORK_ENABLED' => true,
|
'RASPI_NETWORK_ENABLED' => true,
|
||||||
'RASPI_DHCP_ENABLED' => true,
|
'RASPI_DHCP_ENABLED' => true,
|
||||||
'RASPI_ADBLOCK_ENABLED' => true,
|
'RASPI_ADBLOCK_ENABLED' => false,
|
||||||
'RASPI_OPENVPN_ENABLED' => false,
|
'RASPI_OPENVPN_ENABLED' => false,
|
||||||
'RASPI_TORPROXY_ENABLED' => false,
|
'RASPI_TORPROXY_ENABLED' => false,
|
||||||
'RASPI_CONFAUTH_ENABLED' => true,
|
'RASPI_CONFAUTH_ENABLED' => true,
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
* @author Lawrence Yau <sirlagz@gmail.com>
|
* @author Lawrence Yau <sirlagz@gmail.com>
|
||||||
* @author Bill Zimmerman <billzimmerman@gmail.com>
|
* @author Bill Zimmerman <billzimmerman@gmail.com>
|
||||||
* @license GNU General Public License, version 3 (GPL-3.0)
|
* @license GNU General Public License, version 3 (GPL-3.0)
|
||||||
* @version 2.3
|
* @version 2.3.1
|
||||||
* @link https://github.com/billz/raspap-webgui
|
* @link https://github.com/billz/raspap-webgui
|
||||||
* @see http://sirlagz.net/2013/02/08/raspap-webgui/
|
* @see http://sirlagz.net/2013/02/08/raspap-webgui/
|
||||||
*/
|
*/
|
||||||
|
@ -1,54 +1,48 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#
|
#
|
||||||
# RaspAP installation functions.
|
# RaspAP installation functions
|
||||||
# author: @billz
|
# Author: @billz <billzimmerman@gmail.com>
|
||||||
# license: GNU General Public License v3.0
|
# License: GNU General Public License v3.0
|
||||||
|
#
|
||||||
|
# You are not obligated to bundle the LICENSE file with your RaspAP projects as long
|
||||||
|
# as you leave these references intact in the header comments of your source files.
|
||||||
|
|
||||||
raspap_dir="/etc/raspap"
|
# Exit on error
|
||||||
raspap_user="www-data"
|
set -o errexit
|
||||||
|
# Exit on error inside functions
|
||||||
|
set -o errtrace
|
||||||
|
# Turn on traces, disabled by default
|
||||||
|
# set -o xtrace
|
||||||
|
|
||||||
|
# Set defaults
|
||||||
|
readonly raspap_dir="/etc/raspap"
|
||||||
|
readonly raspap_user="www-data"
|
||||||
|
readonly raspap_sudoers="/etc/sudoers.d/090_raspap"
|
||||||
|
readonly raspap_dnsmasq="/etc/dnsmasq.d/090_raspap.conf"
|
||||||
|
readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
|
||||||
|
readonly rulesv4="/etc/iptables/rules.v4"
|
||||||
webroot_dir="/var/www/html"
|
webroot_dir="/var/www/html"
|
||||||
version=`sed 's/\..*//' /etc/debian_version`
|
|
||||||
git_source_url="https://github.com/$repo" # $repo from install.raspap.com
|
git_source_url="https://github.com/$repo" # $repo from install.raspap.com
|
||||||
|
|
||||||
# Determine Raspbian version, set default home location for lighttpd and
|
# NOTE: all the below functions are overloadable for system-specific installs
|
||||||
# php package to install
|
|
||||||
if [ "$version" -eq "10" ]; then
|
|
||||||
version_msg="Raspbian 10.0 (Buster)"
|
|
||||||
php_package="php7.3-cgi"
|
|
||||||
elif [ "$version" -eq "9" ]; then
|
|
||||||
version_msg="Raspbian 9.0 (Stretch)"
|
|
||||||
php_package="php7.0-cgi"
|
|
||||||
elif [ "$version" -eq "8" ]; then
|
|
||||||
install_error "Raspbian 8.0 (Jessie) and php5 are deprecated. Please upgrade."
|
|
||||||
elif [ "$version" -lt "8" ]; then
|
|
||||||
install_error "Raspbian ${version} is unsupported. Please upgrade."
|
|
||||||
fi
|
|
||||||
|
|
||||||
phpcgiconf=""
|
# Prompts user to set installation options
|
||||||
if [ "$php_package" = "php7.3-cgi" ]; then
|
function _config_installation() {
|
||||||
phpcgiconf="/etc/php/7.3/cgi/php.ini"
|
_install_log "Configure installation"
|
||||||
elif [ "$php_package" = "php7.0-cgi" ]; then
|
_get_linux_distro
|
||||||
phpcgiconf="/etc/php/7.0/cgi/php.ini"
|
echo "Detected OS: ${DESC}"
|
||||||
fi
|
echo "Using GitHub repository: ${repo} ${branch} branch"
|
||||||
|
|
||||||
### NOTE: all the below functions are overloadable for system-specific installs
|
|
||||||
|
|
||||||
# Prompts user to set options for installation
|
|
||||||
function config_installation() {
|
|
||||||
install_log "Configure installation"
|
|
||||||
echo "Detected ${version_msg}"
|
|
||||||
echo "Install directory: ${raspap_dir}"
|
echo "Install directory: ${raspap_dir}"
|
||||||
echo -n "Install to Lighttpd root directory: ${webroot_dir}? [Y/n]: "
|
echo -n "Install to lighttpd root: ${webroot_dir}? [Y/n]: "
|
||||||
if [ "$assume_yes" == 0 ]; then
|
if [ "$assume_yes" == 0 ]; then
|
||||||
read answer < /dev/tty
|
read answer < /dev/tty
|
||||||
if [ "$answer" != "${answer#[Nn]}" ]; then
|
if [ "$answer" != "${answer#[Nn]}" ]; then
|
||||||
read -e -p < /dev/tty "Enter alternate Lighttpd directory: " -i "/var/www/html" webroot_dir
|
read -e -p < /dev/tty "Enter alternate lighttpd directory: " -i "/var/www/html" webroot_dir
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo -e
|
echo -e
|
||||||
fi
|
fi
|
||||||
echo "Install to Lighttpd directory: ${webroot_dir}"
|
echo "Installing to lighttpd directory: ${webroot_dir}"
|
||||||
|
|
||||||
echo -n "Complete installation with these values? [Y/n]: "
|
echo -n "Complete installation with these values? [Y/n]: "
|
||||||
if [ "$assume_yes" == 0 ]; then
|
if [ "$assume_yes" == 0 ]; then
|
||||||
read answer < /dev/tty
|
read answer < /dev/tty
|
||||||
@ -61,132 +55,230 @@ function config_installation() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Determines host Linux distrubtion details
|
||||||
|
function _get_linux_distro() {
|
||||||
|
if type lsb_release >/dev/null 2>&1; then # linuxbase.org
|
||||||
|
OS=$(lsb_release -si)
|
||||||
|
RELEASE=$(lsb_release -sr)
|
||||||
|
CODENAME=$(lsb_release -sc)
|
||||||
|
DESC=$(lsb_release -sd)
|
||||||
|
elif [ -f /etc/os-release ]; then # freedesktop.org
|
||||||
|
. /etc/os-release
|
||||||
|
OS=$ID
|
||||||
|
RELEASE=$VERSION_ID
|
||||||
|
CODENAME=$VERSION_CODENAME
|
||||||
|
DESC=$PRETTY_NAME
|
||||||
|
else
|
||||||
|
_install_error "Unsupported Linux distribution"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Sets php package option based on Linux version, abort if unsupported distro
|
||||||
|
function _set_php_package() {
|
||||||
|
case $RELEASE in
|
||||||
|
"18.04"|"19.10") # Ubuntu Server
|
||||||
|
php_package="php7.4-cgi"
|
||||||
|
phpcgiconf="/etc/php/7.4/cgi/php.ini" ;;
|
||||||
|
"10")
|
||||||
|
php_package="php7.3-cgi"
|
||||||
|
phpcgiconf="/etc/php/7.3/cgi/php.ini" ;;
|
||||||
|
"9")
|
||||||
|
php_package="php7.0-cgi"
|
||||||
|
phpcgiconf="/etc/php/7.0/cgi/php.ini" ;;
|
||||||
|
"8")
|
||||||
|
_install_error "${DESC} and php5 are not supported. Please upgrade." ;;
|
||||||
|
*)
|
||||||
|
_install_error "${DESC} is unsupported. Please install on a supported distro." ;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
# Runs a system software update to make sure we're using all fresh packages
|
# Runs a system software update to make sure we're using all fresh packages
|
||||||
function install_dependencies() {
|
function _install_dependencies() {
|
||||||
install_log "Installing required packages"
|
_install_log "Installing required packages"
|
||||||
sudo apt-get install $apt_option lighttpd $php_package git hostapd dnsmasq vnstat qrencode || install_error "Unable to install dependencies"
|
_set_php_package
|
||||||
|
if [ "$php_package" = "php7.4-cgi" ]; then
|
||||||
|
echo "Adding apt-repository ppa:ondrej/php"
|
||||||
|
sudo apt-get install software-properties-common || _install_error "Unable to install dependency"
|
||||||
|
sudo add-apt-repository ppa:ondrej/php || _install_error "Unable to add-apt-repository ppa:ondrej/php"
|
||||||
|
fi
|
||||||
|
if [ ${OS,,} = "debian" ] || [ ${OS,,} = "ubuntu" ]; then
|
||||||
|
dhcpcd_package="dhcpcd5"
|
||||||
|
fi
|
||||||
|
# Set dconf-set-selections
|
||||||
|
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
|
||||||
|
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
|
||||||
|
sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_error "Unable to install dependencies"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Enables PHP for lighttpd and restarts service for settings to take effect
|
# Enables PHP for lighttpd and restarts service for settings to take effect
|
||||||
function enable_php_lighttpd() {
|
function _enable_php_lighttpd() {
|
||||||
install_log "Enabling PHP for lighttpd"
|
_install_log "Enabling PHP for lighttpd"
|
||||||
|
|
||||||
sudo lighttpd-enable-mod fastcgi-php
|
sudo lighttpd-enable-mod fastcgi-php
|
||||||
sudo service lighttpd force-reload
|
sudo service lighttpd force-reload
|
||||||
sudo systemctl restart lighttpd.service || install_error "Unable to restart lighttpd"
|
sudo systemctl restart lighttpd.service || _install_error "Unable to restart lighttpd"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Verifies existence and permissions of RaspAP directory
|
# Verifies existence and permissions of RaspAP directory
|
||||||
function create_raspap_directories() {
|
function _create_raspap_directories() {
|
||||||
install_log "Creating RaspAP directories"
|
_install_log "Creating RaspAP directories"
|
||||||
if [ -d "$raspap_dir" ]; then
|
if [ -d "$raspap_dir" ]; then
|
||||||
sudo mv $raspap_dir "$raspap_dir.`date +%F-%R`" || install_error "Unable to move old '$raspap_dir' out of the way"
|
sudo mv $raspap_dir "$raspap_dir.`date +%F-%R`" || _install_error "Unable to move old '$raspap_dir' out of the way"
|
||||||
fi
|
fi
|
||||||
sudo mkdir -p "$raspap_dir" || install_error "Unable to create directory '$raspap_dir'"
|
sudo mkdir -p "$raspap_dir" || _install_error "Unable to create directory '$raspap_dir'"
|
||||||
|
|
||||||
# Create a directory for existing file backups.
|
# Create a directory for existing file backups.
|
||||||
sudo mkdir -p "$raspap_dir/backups"
|
sudo mkdir -p "$raspap_dir/backups"
|
||||||
|
|
||||||
# Create a directory to store networking configs
|
# Create a directory to store networking configs
|
||||||
|
echo "Creating $raspap_dir/networking"
|
||||||
sudo mkdir -p "$raspap_dir/networking"
|
sudo mkdir -p "$raspap_dir/networking"
|
||||||
# Copy existing dhcpcd.conf to use as base config
|
# Copy existing dhcpcd.conf to use as base config
|
||||||
cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults
|
echo "Adding /etc/dhcpcd.conf as base configuration"
|
||||||
|
cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults > /dev/null
|
||||||
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'"
|
echo "Changing file ownership of $raspap_dir"
|
||||||
|
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_error "Unable to change file ownership for '$raspap_dir'"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Generate hostapd logging and service control scripts
|
# Generate hostapd logging and service control scripts
|
||||||
function create_hostapd_scripts() {
|
function _create_hostapd_scripts() {
|
||||||
install_log "Creating hostapd logging & control scripts"
|
_install_log "Creating hostapd logging & control scripts"
|
||||||
sudo mkdir $raspap_dir/hostapd || install_error "Unable to create directory '$raspap_dir/hostapd'"
|
sudo mkdir $raspap_dir/hostapd || _install_error "Unable to create directory '$raspap_dir/hostapd'"
|
||||||
|
|
||||||
# Move logging shell scripts
|
# Move logging shell scripts
|
||||||
sudo cp "$webroot_dir/installers/"*log.sh "$raspap_dir/hostapd" || install_error "Unable to move logging scripts"
|
sudo cp "$webroot_dir/installers/"*log.sh "$raspap_dir/hostapd" || _install_error "Unable to move logging scripts"
|
||||||
# Move service control shell scripts
|
# Move service control shell scripts
|
||||||
sudo cp "$webroot_dir/installers/"service*.sh "$raspap_dir/hostapd" || install_error "Unable to move service control scripts"
|
sudo cp "$webroot_dir/installers/"service*.sh "$raspap_dir/hostapd" || _install_error "Unable to move service control scripts"
|
||||||
# Make enablelog.sh and disablelog.sh not writable by www-data group.
|
# Make enablelog.sh and disablelog.sh not writable by www-data group.
|
||||||
sudo chown -c root:"$raspap_user" "$raspap_dir/hostapd/"*.sh || install_error "Unable change owner and/or group"
|
sudo chown -c root:"$raspap_user" "$raspap_dir/hostapd/"*.sh || _install_error "Unable change owner and/or group"
|
||||||
sudo chmod 750 "$raspap_dir/hostapd/"*.sh || install_error "Unable to change file permissions"
|
sudo chmod 750 "$raspap_dir/hostapd/"*.sh || _install_error "Unable to change file permissions"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Generate lighttpd service control scripts
|
# Generate lighttpd service control scripts
|
||||||
function create_lighttpd_scripts() {
|
function _create_lighttpd_scripts() {
|
||||||
install_log "Creating lighttpd control scripts"
|
_install_log "Creating lighttpd control scripts"
|
||||||
sudo mkdir $raspap_dir/lighttpd || install_error "Unable to create directory '$raspap_dir/lighttpd"
|
sudo mkdir $raspap_dir/lighttpd || _install_error "Unable to create directory '$raspap_dir/lighttpd"
|
||||||
|
|
||||||
# Move service control shell scripts
|
# Move service control shell scripts
|
||||||
sudo cp "$webroot_dir/installers/"configport.sh "$raspap_dir/lighttpd" || install_error "Unable to move service control scripts"
|
sudo cp "$webroot_dir/installers/"configport.sh "$raspap_dir/lighttpd" || _install_error "Unable to move service control scripts"
|
||||||
# Make configport.sh writable by www-data group
|
# Make configport.sh writable by www-data group
|
||||||
sudo chown -c root:"$raspap_user" "$raspap_dir/lighttpd/"*.sh || install_error "Unable change owner and/or group"
|
sudo chown -c root:"$raspap_user" "$raspap_dir/lighttpd/"*.sh || _install_error "Unable change owner and/or group"
|
||||||
sudo chmod 750 "$raspap_dir/lighttpd/"*.sh || install_error "Unable to change file permissions"
|
sudo chmod 750 "$raspap_dir/lighttpd/"*.sh || _install_error "Unable to change file permissions"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Prompt to install adblock
|
||||||
|
function _prompt_install_adblock() {
|
||||||
|
if [ "$install_adblock" == 1 ]; then
|
||||||
|
_install_log "Configure ad blocking (Beta)"
|
||||||
|
echo -n "Download blocklists and enable ad blocking? [Y/n]: "
|
||||||
|
if [ "$assume_yes" == 0 ]; then
|
||||||
|
read answer < /dev/tty
|
||||||
|
if [ "$answer" != "${answer#[Nn]}" ]; then
|
||||||
|
echo -e
|
||||||
|
else
|
||||||
|
_install_adblock
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Download notracking adblock lists and enable option
|
||||||
|
function _install_adblock() {
|
||||||
|
_install_log "Creating ad block base configuration (Beta)"
|
||||||
|
notracking_url="https://raw.githubusercontent.com/notracking/hosts-blocklists/master/"
|
||||||
|
if [ ! -d "$raspap_dir/adblock" ]; then
|
||||||
|
echo "Creating $raspap_dir/adblock"
|
||||||
|
sudo mkdir -p "$raspap_dir/adblock"
|
||||||
|
fi
|
||||||
|
if [ ! -f /tmp/hostnames.txt ]; then
|
||||||
|
echo "Fetching latest hostnames list"
|
||||||
|
wget ${notracking_url}hostnames.txt -O /tmp/hostnames.txt || _install_error "Unable to download notracking hostnames"
|
||||||
|
fi
|
||||||
|
if [ ! -f /tmp/domains.txt ]; then
|
||||||
|
echo "Fetching latest domains list"
|
||||||
|
wget ${notracking_url}domains.txt -O /tmp/domains.txt || _install_error "Unable to download notracking domains"
|
||||||
|
fi
|
||||||
|
echo "Adding blocklists to $raspap_dir/adblock"
|
||||||
|
sudo cp /tmp/hostnames.txt $raspap_dir/adblock || _install_error "Unable to move notracking hostnames"
|
||||||
|
sudo cp /tmp/domains.txt $raspap_dir/adblock || _install_error "Unable to move notracking domains"
|
||||||
|
|
||||||
|
echo "Moving and setting permissions for blocklist update script"
|
||||||
|
sudo cp "$webroot_dir/installers/"update_blocklist.sh "$raspap_dir/adblock" || _install_error "Unable to move blocklist update script"
|
||||||
|
|
||||||
|
# Make blocklists and update script writable by www-data group
|
||||||
|
sudo chown -c root:"$raspap_user" "$raspap_dir/adblock/"*.* || _install_error "Unable to change owner/group"
|
||||||
|
sudo chmod 750 "$raspap_dir/adblock/"*.sh || install_error "Unable to change file permissions"
|
||||||
|
|
||||||
|
echo "Enabling ad blocking management option"
|
||||||
|
sudo sed -i "s/\('RASPI_ADBLOCK_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_error "Unable to modify config.php"
|
||||||
|
echo "Done."
|
||||||
}
|
}
|
||||||
|
|
||||||
# Prompt to install openvpn
|
# Prompt to install openvpn
|
||||||
function prompt_install_openvpn() {
|
function _prompt_install_openvpn() {
|
||||||
install_log "Setting up OpenVPN support (beta)"
|
_install_log "Setting up OpenVPN support"
|
||||||
echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
|
echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
|
||||||
if [ "$assume_yes" == 0 ]; then
|
if [ "$assume_yes" == 0 ]; then
|
||||||
read answer < /dev/tty
|
read answer < /dev/tty
|
||||||
if [ "$answer" != "${answer#[Nn]}" ]; then
|
if [ "$answer" != "${answer#[Nn]}" ]; then
|
||||||
echo -e
|
echo -e
|
||||||
else
|
else
|
||||||
install_openvpn
|
_install_openvpn
|
||||||
fi
|
fi
|
||||||
elif [ "$ovpn_option" == 1 ]; then
|
elif [ "$ovpn_option" == 1 ]; then
|
||||||
install_openvpn
|
_install_openvpn
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Install openvpn and enable client configuration option
|
# Install openvpn and enable client configuration option
|
||||||
function install_openvpn() {
|
function _install_openvpn() {
|
||||||
install_log "Installing OpenVPN and enabling client configuration"
|
_install_log "Installing OpenVPN and enabling client configuration"
|
||||||
sudo apt-get install -y openvpn || install_error "Unable to install openvpn"
|
sudo apt-get install -y openvpn || _install_error "Unable to install openvpn"
|
||||||
sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || install_error "Unable to modify config.php"
|
sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_error "Unable to modify config.php"
|
||||||
echo "Enabling openvpn-client service on boot"
|
echo "Enabling openvpn-client service on boot"
|
||||||
sudo systemctl enable openvpn-client@client || install_error "Unable to enable openvpn-client daemon"
|
sudo systemctl enable openvpn-client@client || _install_error "Unable to enable openvpn-client daemon"
|
||||||
create_openvpn_scripts || install_error "Unable to create openvpn control scripts"
|
_create_openvpn_scripts || _install_error "Unable to create openvpn control scripts"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Generate openvpn logging and auth control scripts
|
# Generate openvpn logging and auth control scripts
|
||||||
function create_openvpn_scripts() {
|
function _create_openvpn_scripts() {
|
||||||
install_log "Creating OpenVPN control scripts"
|
_install_log "Creating OpenVPN control scripts"
|
||||||
sudo mkdir $raspap_dir/openvpn || install_error "Unable to create directory '$raspap_dir/openvpn'"
|
sudo mkdir $raspap_dir/openvpn || _install_error "Unable to create directory '$raspap_dir/openvpn'"
|
||||||
|
|
||||||
# Move service auth control shell scripts
|
# Move service auth control shell scripts
|
||||||
sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || install_error "Unable to move auth control script"
|
sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || _install_error "Unable to move auth control script"
|
||||||
# Make configauth.sh writable by www-data group
|
# Make configauth.sh writable by www-data group
|
||||||
sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || install_error "Unable change owner and/or group"
|
sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || _install_error "Unable change owner and/or group"
|
||||||
sudo chmod 750 "$raspap_dir/openvpn/"*.sh || install_error "Unable to change file permissions"
|
sudo chmod 750 "$raspap_dir/openvpn/"*.sh || _install_error "Unable to change file permissions"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Fetches latest files from github to webroot
|
# Fetches latest files from github to webroot
|
||||||
function download_latest_files() {
|
function _download_latest_files() {
|
||||||
if [ ! -d "$webroot_dir" ]; then
|
if [ ! -d "$webroot_dir" ]; then
|
||||||
sudo mkdir -p $webroot_dir || install_error "Unable to create new webroot directory"
|
sudo mkdir -p $webroot_dir || _install_error "Unable to create new webroot directory"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -d "$webroot_dir" ]; then
|
if [ -d "$webroot_dir" ]; then
|
||||||
sudo mv $webroot_dir "$webroot_dir.`date +%F-%R`" || install_error "Unable to remove old webroot directory"
|
sudo mv $webroot_dir "$webroot_dir.`date +%F-%R`" || _install_error "Unable to remove old webroot directory"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
install_log "Cloning latest files from github"
|
_install_log "Cloning latest files from github"
|
||||||
git clone --branch $branch --depth 1 $git_source_url /tmp/raspap-webgui || install_error "Unable to download files from github"
|
git clone --branch $branch --depth 1 $git_source_url /tmp/raspap-webgui || _install_error "Unable to download files from github"
|
||||||
|
|
||||||
sudo mv /tmp/raspap-webgui $webroot_dir || install_error "Unable to move raspap-webgui to web root"
|
sudo mv /tmp/raspap-webgui $webroot_dir || _install_error "Unable to move raspap-webgui to web root"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Sets files ownership in web root directory
|
# Sets files ownership in web root directory
|
||||||
function change_file_ownership() {
|
function _change_file_ownership() {
|
||||||
if [ ! -d "$webroot_dir" ]; then
|
if [ ! -d "$webroot_dir" ]; then
|
||||||
install_error "Web root directory doesn't exist"
|
_install_error "Web root directory doesn't exist"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
install_log "Changing file ownership in web root directory"
|
_install_log "Changing file ownership in web root directory"
|
||||||
sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || install_error "Unable to change file ownership for '$webroot_dir'"
|
sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || _install_error "Unable to change file ownership for '$webroot_dir'"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Check for existing /etc/network/interfaces and /etc/hostapd/hostapd.conf files
|
# Check for existing configuration files
|
||||||
function check_for_old_configs() {
|
function _check_for_old_configs() {
|
||||||
if [ -f /etc/network/interfaces ]; then
|
if [ -f /etc/network/interfaces ]; then
|
||||||
sudo cp /etc/network/interfaces "$raspap_dir/backups/interfaces.`date +%F-%R`"
|
sudo cp /etc/network/interfaces "$raspap_dir/backups/interfaces.`date +%F-%R`"
|
||||||
sudo ln -sf "$raspap_dir/backups/interfaces.`date +%F-%R`" "$raspap_dir/backups/interfaces"
|
sudo ln -sf "$raspap_dir/backups/interfaces.`date +%F-%R`" "$raspap_dir/backups/interfaces"
|
||||||
@ -197,8 +289,8 @@ function check_for_old_configs() {
|
|||||||
sudo ln -sf "$raspap_dir/backups/hostapd.conf.`date +%F-%R`" "$raspap_dir/backups/hostapd.conf"
|
sudo ln -sf "$raspap_dir/backups/hostapd.conf.`date +%F-%R`" "$raspap_dir/backups/hostapd.conf"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f /etc/dnsmasq.conf ]; then
|
if [ -f $raspap_dnsmasq ]; then
|
||||||
sudo cp /etc/dnsmasq.conf "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`"
|
sudo cp $raspap_dnsmasq "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`"
|
||||||
sudo ln -sf "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`" "$raspap_dir/backups/dnsmasq.conf"
|
sudo ln -sf "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`" "$raspap_dir/backups/dnsmasq.conf"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -207,11 +299,6 @@ function check_for_old_configs() {
|
|||||||
sudo ln -sf "$raspap_dir/backups/dhcpcd.conf.`date +%F-%R`" "$raspap_dir/backups/dhcpcd.conf"
|
sudo ln -sf "$raspap_dir/backups/dhcpcd.conf.`date +%F-%R`" "$raspap_dir/backups/dhcpcd.conf"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -f /etc/rc.local ]; then
|
|
||||||
sudo cp /etc/rc.local "$raspap_dir/backups/rc.local.`date +%F-%R`"
|
|
||||||
sudo ln -sf "$raspap_dir/backups/rc.local.`date +%F-%R`" "$raspap_dir/backups/rc.local"
|
|
||||||
fi
|
|
||||||
|
|
||||||
for file in /etc/systemd/network/raspap-*.net*; do
|
for file in /etc/systemd/network/raspap-*.net*; do
|
||||||
if [ -f "${file}" ]; then
|
if [ -f "${file}" ]; then
|
||||||
filename=$(basename $file)
|
filename=$(basename $file)
|
||||||
@ -222,58 +309,76 @@ function check_for_old_configs() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# Move configuration file to the correct location
|
# Move configuration file to the correct location
|
||||||
function move_config_file() {
|
function _move_config_file() {
|
||||||
if [ ! -d "$raspap_dir" ]; then
|
if [ ! -d "$raspap_dir" ]; then
|
||||||
install_error "'$raspap_dir' directory doesn't exist"
|
_install_error "'$raspap_dir' directory doesn't exist"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
install_log "Moving configuration file to '$raspap_dir'"
|
_install_log "Moving configuration file to '$raspap_dir'"
|
||||||
sudo cp "$webroot_dir"/raspap.php "$raspap_dir" || install_error "Unable to move files to '$raspap_dir'"
|
sudo cp "$webroot_dir"/raspap.php "$raspap_dir" || _install_error "Unable to move files to '$raspap_dir'"
|
||||||
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'"
|
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_error "Unable to change file ownership for '$raspap_dir'"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Set up default configuration
|
# Set up default configuration
|
||||||
function default_configuration() {
|
function _default_configuration() {
|
||||||
install_log "Setting up hostapd"
|
_install_log "Applying default configuration to installed services"
|
||||||
if [ -f /etc/default/hostapd ]; then
|
if [ -f /etc/default/hostapd ]; then
|
||||||
sudo mv /etc/default/hostapd /tmp/default_hostapd.old || install_error "Unable to remove old /etc/default/hostapd file"
|
sudo mv /etc/default/hostapd /tmp/default_hostapd.old || _install_error "Unable to remove old /etc/default/hostapd file"
|
||||||
fi
|
fi
|
||||||
sudo cp $webroot_dir/config/default_hostapd /etc/default/hostapd || install_error "Unable to move hostapd defaults file"
|
sudo cp $webroot_dir/config/default_hostapd /etc/default/hostapd || _install_error "Unable to move hostapd defaults file"
|
||||||
sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || install_error "Unable to move hostapd configuration file"
|
sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || _install_error "Unable to move hostapd configuration file"
|
||||||
sudo cp $webroot_dir/config/dnsmasq.conf /etc/dnsmasq.conf || install_error "Unable to move dnsmasq configuration file"
|
sudo cp $webroot_dir/config/dnsmasq.conf $raspap_dnsmasq || _install_error "Unable to move dnsmasq configuration file"
|
||||||
sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || install_error "Unable to move dhcpcd configuration file"
|
sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || _install_error "Unable to move dhcpcd configuration file"
|
||||||
|
|
||||||
[ -d /etc/dnsmasq.d ] || sudo mkdir /etc/dnsmasq.d
|
[ -d /etc/dnsmasq.d ] || sudo mkdir /etc/dnsmasq.d
|
||||||
|
|
||||||
sudo systemctl stop systemd-networkd
|
sudo systemctl stop systemd-networkd
|
||||||
sudo systemctl disable systemd-networkd
|
sudo systemctl disable systemd-networkd
|
||||||
sudo cp $webroot_dir/config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev || install_error "Unable to move br0 netdev file"
|
sudo cp $webroot_dir/config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev || _install_error "Unable to move br0 netdev file"
|
||||||
sudo cp $webroot_dir/config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network || install_error "Unable to move br0 member file"
|
sudo cp $webroot_dir/config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network || _install_error "Unable to move br0 member file"
|
||||||
|
|
||||||
if [ ! -f "$webroot_dir/includes/config.php" ]; then
|
if [ ! -f "$webroot_dir/includes/config.php" ]; then
|
||||||
sudo cp "$webroot_dir/config/config.php" "$webroot_dir/includes/config.php"
|
sudo cp "$webroot_dir/config/config.php" "$webroot_dir/includes/config.php"
|
||||||
fi
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# Generate required lines for Rasp AP to place into rc.local file.
|
# Install and enable RaspAP daemon
|
||||||
# #RASPAP is for removal script
|
function _enable_raspap_daemon() {
|
||||||
lines=(
|
_install_log "Enabling RaspAP daemon"
|
||||||
'echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward #RASPAP'
|
echo "Disable with: sudo systemctl disable raspapd.service"
|
||||||
'iptables -t nat -A POSTROUTING -j MASQUERADE #RASPAP'
|
sudo cp $webroot_dir/installers/raspapd.service /lib/systemd/system/ || _install_error "Unable to move raspap.service file"
|
||||||
'iptables -t nat -A POSTROUTING -s 192.168.50.0\/24 ! -d 192.168.50.0\/24 -j MASQUERADE #RASPAP'
|
sudo systemctl daemon-reload
|
||||||
|
sudo systemctl enable raspapd.service || _install_error "Failed to enable raspap.service"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon
|
||||||
|
function _configure_networking() {
|
||||||
|
_install_log "Configuring networking"
|
||||||
|
echo "Enabling IP forwarding"
|
||||||
|
echo "net.ipv4.ip_forward=1" | sudo tee $raspap_sysctl > /dev/null || _install_error "Unable to set IP forwarding"
|
||||||
|
sudo sysctl -p $raspap_sysctl || _install_error "Unable to execute sysctl"
|
||||||
|
sudo /etc/init.d/procps restart || _install_error "Unable to execute procps"
|
||||||
|
|
||||||
|
echo "Checking iptables rules"
|
||||||
|
rules=(
|
||||||
|
"-A POSTROUTING -j MASQUERADE"
|
||||||
|
"-A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE"
|
||||||
)
|
)
|
||||||
|
for rule in "${rules[@]}"; do
|
||||||
for line in "${lines[@]}"; do
|
if grep -- "$rule" $rulesv4 > /dev/null; then
|
||||||
if grep "$line" /etc/rc.local > /dev/null; then
|
echo "Rule already exits: ${rule}"
|
||||||
echo "$line: Line already added"
|
|
||||||
else
|
else
|
||||||
sudo sed -i "s/^exit 0$/$line\nexit 0/" /etc/rc.local
|
rule=$(sed -e 's/^\(-A POSTROUTING\)/-t nat \1/' <<< $rule)
|
||||||
echo "Adding line $line"
|
echo "Adding rule: ${rule}"
|
||||||
|
sudo iptables $rule || _install_error "Unable to execute iptables"
|
||||||
|
added=true
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
# Persist rules if added
|
||||||
# Force a reload of new settings in /etc/rc.local
|
if [ "$added" = true ]; then
|
||||||
sudo systemctl restart rc-local.service
|
echo "Persisting IP tables rules"
|
||||||
sudo systemctl daemon-reload
|
sudo iptables-save | sudo tee $rulesv4 > /dev/null || _install_error "Unable to execute iptables-save"
|
||||||
|
fi
|
||||||
|
|
||||||
# Prompt to install RaspAP daemon
|
# Prompt to install RaspAP daemon
|
||||||
echo -n "Enable RaspAP control service (Recommended)? [Y/n]: "
|
echo -n "Enable RaspAP control service (Recommended)? [Y/n]: "
|
||||||
@ -282,106 +387,42 @@ function default_configuration() {
|
|||||||
if [ "$answer" != "${answer#[Nn]}" ]; then
|
if [ "$answer" != "${answer#[Nn]}" ]; then
|
||||||
echo -e
|
echo -e
|
||||||
else
|
else
|
||||||
enable_raspap_daemon
|
_enable_raspap_daemon
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo -e
|
echo -e
|
||||||
enable_raspap_daemon
|
_enable_raspap_daemon
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# Install and enable RaspAP daemon
|
# Add sudoers file to /etc/sudoers.d/ and set file permissions
|
||||||
function enable_raspap_daemon() {
|
function _patch_system_files() {
|
||||||
install_log "Enabling RaspAP daemon"
|
|
||||||
echo "Disable with: sudo systemctl disable raspap.service"
|
|
||||||
sudo cp $webroot_dir/installers/raspap.service /lib/systemd/system/ || install_error "Unable to move raspap.service file"
|
|
||||||
sudo systemctl enable raspap.service || install_error "Failed to enable raspap.service"
|
|
||||||
}
|
|
||||||
|
|
||||||
# Add a single entry to the sudoers file
|
# Create sudoers if not present
|
||||||
function sudo_add() {
|
if [ ! -f $raspap_sudoers ]; then
|
||||||
sudo bash -c "echo \"$raspap_user ALL=(ALL) NOPASSWD:$1\" | (EDITOR=\"tee -a\" visudo)" \
|
_install_log "Adding raspap.sudoers to ${raspap_sudoers}"
|
||||||
|| install_error "Unable to patch /etc/sudoers"
|
sudo cp "$webroot_dir/installers/raspap.sudoers" $raspap_sudoers || _install_error "Unable to apply raspap.sudoers to $raspap_sudoers"
|
||||||
}
|
sudo chmod 0440 $raspap_sudoers || _install_error "Unable to change file permissions for $raspap_sudoers"
|
||||||
|
|
||||||
# Adds www-data user to the sudoers file with restrictions on what the user can execute
|
|
||||||
function patch_system_files() {
|
|
||||||
|
|
||||||
# Set commands array
|
|
||||||
cmds=(
|
|
||||||
"/sbin/ifdown"
|
|
||||||
"/sbin/ifup"
|
|
||||||
"/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf"
|
|
||||||
"/bin/cat /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf"
|
|
||||||
"/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf"
|
|
||||||
"/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf"
|
|
||||||
"/sbin/wpa_cli -i wlan[0-9] scan_results"
|
|
||||||
"/sbin/wpa_cli -i wlan[0-9] scan"
|
|
||||||
"/sbin/wpa_cli -i wlan[0-9] reconfigure"
|
|
||||||
"/sbin/wpa_cli -i wlan[0-9] select_network"
|
|
||||||
"/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf"
|
|
||||||
"/bin/systemctl start hostapd.service"
|
|
||||||
"/bin/systemctl stop hostapd.service"
|
|
||||||
"/bin/systemctl start dnsmasq.service"
|
|
||||||
"/bin/systemctl stop dnsmasq.service"
|
|
||||||
"/bin/systemctl start openvpn-client@client"
|
|
||||||
"/bin/systemctl enable openvpn-client@client"
|
|
||||||
"/bin/systemctl stop openvpn-client@client"
|
|
||||||
"/bin/systemctl disable openvpn-client@client"
|
|
||||||
"/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf"
|
|
||||||
"/bin/cp /tmp/authdata /etc/openvpn/client/login.conf"
|
|
||||||
"/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.conf"
|
|
||||||
"/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf"
|
|
||||||
"/sbin/shutdown -h now"
|
|
||||||
"/sbin/reboot"
|
|
||||||
"/sbin/ip link set wlan[0-9] down"
|
|
||||||
"/sbin/ip link set wlan[0-9] up"
|
|
||||||
"/sbin/ip -s a f label wlan[0-9]"
|
|
||||||
"/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf"
|
|
||||||
"/etc/raspap/hostapd/enablelog.sh"
|
|
||||||
"/etc/raspap/hostapd/disablelog.sh"
|
|
||||||
"/etc/raspap/hostapd/servicestart.sh"
|
|
||||||
"/etc/raspap/lighttpd/configport.sh"
|
|
||||||
"/etc/raspap/openvpn/configauth.sh"
|
|
||||||
"/bin/chmod o+r /tmp/hostapd.log"
|
|
||||||
"/bin/chmod o+r /tmp/dnsmasq.log"
|
|
||||||
)
|
|
||||||
|
|
||||||
# Check if sudoers needs patching
|
|
||||||
if [ $(sudo grep -c $raspap_user /etc/sudoers) -ne ${#cmds[@]} ]
|
|
||||||
then
|
|
||||||
# Sudoers file has incorrect number of commands. Wiping them out.
|
|
||||||
install_log "Cleaning system sudoers file"
|
|
||||||
sudo sed -i "/$raspap_user/d" /etc/sudoers
|
|
||||||
install_log "Patching system sudoers file"
|
|
||||||
# patch /etc/sudoers file
|
|
||||||
for cmd in "${cmds[@]}"
|
|
||||||
do
|
|
||||||
sudo_add $cmd
|
|
||||||
IFS=$'\n'
|
|
||||||
done
|
|
||||||
else
|
|
||||||
install_log "Sudoers file already patched"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Add symlink to prevent wpa_cli cmds from breaking with multiple wlan interfaces
|
# Add symlink to prevent wpa_cli cmds from breaking with multiple wlan interfaces
|
||||||
install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces"
|
_install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces"
|
||||||
if [ ! -f /usr/share/dhcpcd/hooks/10-wpa_supplicant ]; then
|
if [ ! -f /usr/share/dhcpcd/hooks/10-wpa_supplicant ]; then
|
||||||
sudo ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /etc/dhcp/dhclient-enter-hooks.d/
|
sudo ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /etc/dhcp/dhclient-enter-hooks.d/
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Unmask and enable hostapd.service
|
# Unmask and enable hostapd.service
|
||||||
install_log "Unmasking and enabling hostapd service"
|
_install_log "Unmasking and enabling hostapd service"
|
||||||
sudo systemctl unmask hostapd.service
|
sudo systemctl unmask hostapd.service
|
||||||
sudo systemctl enable hostapd.service
|
sudo systemctl enable hostapd.service
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
# Optimize configuration of php-cgi.
|
# Optimize configuration of php-cgi.
|
||||||
function optimize_php() {
|
function _optimize_php() {
|
||||||
install_log "Optimize PHP configuration"
|
_install_log "Optimize PHP configuration"
|
||||||
if [ ! -f "$phpcgiconf" ]; then
|
if [ ! -f "$phpcgiconf" ]; then
|
||||||
install_warning "PHP configuration could not be found."
|
_install_warning "PHP configuration could not be found."
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -423,15 +464,14 @@ function optimize_php() {
|
|||||||
if [ -f "/usr/sbin/phpenmod" ]; then
|
if [ -f "/usr/sbin/phpenmod" ]; then
|
||||||
sudo phpenmod opcache
|
sudo phpenmod opcache
|
||||||
else
|
else
|
||||||
install_warning "phpenmod not found."
|
_install_warning "phpenmod not found."
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function install_complete() {
|
function _install_complete() {
|
||||||
install_log "Installation completed!"
|
_install_log "Installation completed!"
|
||||||
|
|
||||||
if [ "$assume_yes" == 0 ]; then
|
if [ "$assume_yes" == 0 ]; then
|
||||||
# Prompt to reboot if wired ethernet (eth0) is connected.
|
# Prompt to reboot if wired ethernet (eth0) is connected.
|
||||||
# With default_configuration this will create an active AP on restart.
|
# With default_configuration this will create an active AP on restart.
|
||||||
@ -442,27 +482,29 @@ function install_complete() {
|
|||||||
echo "Installation reboot aborted."
|
echo "Installation reboot aborted."
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
sudo shutdown -r now || install_error "Unable to execute shutdown"
|
sudo shutdown -r now || _install_error "Unable to execute shutdown"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function install_raspap() {
|
function _install_raspap() {
|
||||||
display_welcome
|
_display_welcome
|
||||||
config_installation
|
_config_installation
|
||||||
update_system_packages
|
_update_system_packages
|
||||||
install_dependencies
|
_install_dependencies
|
||||||
enable_php_lighttpd
|
_enable_php_lighttpd
|
||||||
create_raspap_directories
|
_create_raspap_directories
|
||||||
optimize_php
|
_optimize_php
|
||||||
check_for_old_configs
|
_check_for_old_configs
|
||||||
download_latest_files
|
_download_latest_files
|
||||||
change_file_ownership
|
_change_file_ownership
|
||||||
create_hostapd_scripts
|
_create_hostapd_scripts
|
||||||
create_lighttpd_scripts
|
_create_lighttpd_scripts
|
||||||
move_config_file
|
_move_config_file
|
||||||
default_configuration
|
_default_configuration
|
||||||
prompt_install_openvpn
|
_configure_networking
|
||||||
patch_system_files
|
_prompt_install_openvpn
|
||||||
install_complete
|
_prompt_install_adblock
|
||||||
|
_patch_system_files
|
||||||
|
_install_complete
|
||||||
}
|
}
|
||||||
|
@ -6,9 +6,17 @@
|
|||||||
# @author billz
|
# @author billz
|
||||||
# license: GNU General Public License v3.0
|
# license: GNU General Public License v3.0
|
||||||
|
|
||||||
|
# Exit on error
|
||||||
|
set -o errexit
|
||||||
|
# Exit on error inside functions
|
||||||
|
set -o errtrace
|
||||||
|
# Turn on traces, disabled by default
|
||||||
|
#set -o xtrace
|
||||||
|
|
||||||
file=$1
|
file=$1
|
||||||
auth=$2
|
auth=$2
|
||||||
interface=$3
|
interface=$3
|
||||||
|
readonly rulesv4="/etc/iptables/rules.v4"
|
||||||
|
|
||||||
if [ "$auth" = 1 ]; then
|
if [ "$auth" = 1 ]; then
|
||||||
echo "Enabling auth-user-pass in OpenVPN client.conf"
|
echo "Enabling auth-user-pass in OpenVPN client.conf"
|
||||||
@ -22,26 +30,27 @@ if [ "$auth" = 1 ]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Generate iptables entries to place into rc.local file.
|
# Configure NAT and forwarding with iptables
|
||||||
# #RASPAP is for uninstall script
|
echo "Checking iptables rules"
|
||||||
echo "Checking iptables rules for $interface"
|
rules=(
|
||||||
|
"-A POSTROUTING -o tun0 -j MASQUERADE"
|
||||||
lines=(
|
"-A FORWARD -i tun0 -o ${interface} -m state --state RELATED,ESTABLISHED -j ACCEPT"
|
||||||
"iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE #RASPAP"
|
"-A FORWARD -i wlan0 -o tun0 -j ACCEPT"
|
||||||
"iptables -A FORWARD -i tun0 -o $interface -m state --state RELATED,ESTABLISHED -j ACCEPT #RASPAP"
|
|
||||||
"iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT #RASPAP"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
for line in "${lines[@]}"; do
|
for rule in "${rules[@]}"; do
|
||||||
if grep "$line" /etc/rc.local > /dev/null; then
|
if grep -- "$rule" $rulesv4 > /dev/null; then
|
||||||
echo "$line: Line already added"
|
echo "Rule already exits: ${rule}"
|
||||||
else
|
else
|
||||||
sudo sed -i "s/^exit 0$/$line\nexit 0/" /etc/rc.local
|
rule=$(sed -e 's/^\(-A POSTROUTING\)/-t nat \1/' <<< $rule)
|
||||||
echo "Adding rule: $line"
|
echo "Adding rule: ${rule}"
|
||||||
|
sudo iptables $rule
|
||||||
|
added=true
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
# Force a reload of new settings in /etc/rc.local
|
if [ "$added" = true ]; then
|
||||||
sudo systemctl restart rc-local.service
|
echo "Persisting IP tables rules"
|
||||||
sudo systemctl daemon-reload
|
sudo iptables-save | sudo tee $rulesv4 > /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
@ -1,19 +1,31 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#
|
#
|
||||||
# RaspAP SSL certificate installation functions
|
# RaspAP SSL certificate installation functions
|
||||||
# author: @billz
|
# Author: @billz <billzimmerman@gmail.com>
|
||||||
# license: GNU General Public License v3.0
|
# License: GNU General Public License v3.0
|
||||||
|
#
|
||||||
|
# You are not obligated to bundle the LICENSE file with your RaspAP projects as long
|
||||||
|
# as you leave these references intact in the header comments of your source files.
|
||||||
|
|
||||||
|
# Exit on error
|
||||||
|
set -o errexit
|
||||||
|
# Exit on error inside functions
|
||||||
|
set -o errtrace
|
||||||
|
# Turn on traces, disabled by default
|
||||||
|
# set -o xtrace
|
||||||
|
|
||||||
|
# Set defaults
|
||||||
certname=$HOSTNAME."local"
|
certname=$HOSTNAME."local"
|
||||||
lighttpd_ssl="/etc/lighttpd/ssl"
|
lighttpd_ssl="/etc/lighttpd/ssl"
|
||||||
lighttpd_conf="/etc/lighttpd/lighttpd.conf"
|
lighttpd_conf="/etc/lighttpd/lighttpd.conf"
|
||||||
webroot_dir="/var/www/html"
|
webroot_dir="/var/www/html"
|
||||||
mkcert_version="1.4.1"
|
readonly mkcert_version="1.4.1"
|
||||||
|
readonly git_source_url="https://github.com/FiloSottile/mkcert/releases/download/v${mkcert_version}"
|
||||||
|
|
||||||
### NOTE: all the below functions are overloadable for system-specific installs
|
### NOTE: all the below functions are overloadable for system-specific installs
|
||||||
|
|
||||||
function config_installation() {
|
function _config_installation() {
|
||||||
install_log "Configure a new SSL certificate"
|
_install_log "Configure a new SSL certificate"
|
||||||
echo "Current system hostname is $HOSTNAME"
|
echo "Current system hostname is $HOSTNAME"
|
||||||
echo -n "Create an SSL certificate for ${certname}? (Recommended) [y/N]"
|
echo -n "Create an SSL certificate for ${certname}? (Recommended) [y/N]"
|
||||||
if [ $assume_yes == 0 ]; then
|
if [ $assume_yes == 0 ]; then
|
||||||
@ -35,10 +47,10 @@ function config_installation() {
|
|||||||
echo -e
|
echo -e
|
||||||
fi
|
fi
|
||||||
|
|
||||||
install_divider
|
_install_divider
|
||||||
echo "A new SSL certificate for: ${certname}"
|
echo "A new SSL certificate for: ${certname}"
|
||||||
echo "will be installed to lighttpd SSL directory: ${lighttpd_ssl}"
|
echo "will be installed to lighttpd SSL directory: ${lighttpd_ssl}"
|
||||||
install_divider
|
_install_divider
|
||||||
echo -n "Complete installation with these values? [y/N]: "
|
echo -n "Complete installation with these values? [y/N]: "
|
||||||
if [ $assume_yes == 0 ]; then
|
if [ $assume_yes == 0 ]; then
|
||||||
read answer < /dev/tty
|
read answer < /dev/tty
|
||||||
@ -52,43 +64,43 @@ function config_installation() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# Installs pre-built mkcert binary for Arch Linux ARM
|
# Installs pre-built mkcert binary for Arch Linux ARM
|
||||||
function install_mkcert() {
|
function _install_mkcert() {
|
||||||
install_log "Fetching mkcert binary"
|
_install_log "Fetching mkcert binary"
|
||||||
sudo wget -q https://github.com/FiloSottile/mkcert/releases/download/v${mkcert_version}/mkcert-v${mkcert_version}-linux-arm -O /usr/local/bin/mkcert || install_error "Unable to download mkcert"
|
sudo wget -q ${git_source_url}/mkcert-v${mkcert_version}-linux-arm -O /usr/local/bin/mkcert || _install_error "Unable to download mkcert"
|
||||||
sudo chmod +x /usr/local/bin/mkcert
|
sudo chmod +x /usr/local/bin/mkcert
|
||||||
|
|
||||||
install_log "Installing mkcert"
|
_install_log "Installing mkcert"
|
||||||
mkcert -install || install_error "Failed to install mkcert"
|
mkcert -install || _install_error "Failed to install mkcert"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Generate a certificate for host
|
# Generate a certificate for host
|
||||||
function generate_certificate() {
|
function _generate_certificate() {
|
||||||
install_log "Generating a new certificate for $certname"
|
_install_log "Generating a new certificate for $certname"
|
||||||
cd $HOME
|
cd $HOME
|
||||||
mkcert $certname "*.${certname}.local" $certname || install_error "Failed to generate certificate for $certname"
|
mkcert $certname "*.${certname}.local" $certname || _install_error "Failed to generate certificate for $certname"
|
||||||
|
|
||||||
install_log "Combining private key and certificate"
|
_install_log "Combining private key and certificate"
|
||||||
cat $certname+2-key.pem $certname+2.pem > $certname.pem || install_error "Failed to combine key and certificate"
|
cat $certname+2-key.pem $certname+2.pem > $certname.pem || _install_error "Failed to combine key and certificate"
|
||||||
echo "OK"
|
echo "OK"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create a directory for the combined .pem file in lighttpd
|
# Create a directory for the combined .pem file in lighttpd
|
||||||
function create_lighttpd_dir() {
|
function _create_lighttpd_dir() {
|
||||||
install_log "Creating SLL directory for lighttpd"
|
_install_log "Creating SLL directory for lighttpd"
|
||||||
if [ ! -d "$lighttpd_ssl" ]; then
|
if [ ! -d "$lighttpd_ssl" ]; then
|
||||||
sudo mkdir -p "$lighttpd_ssl" || install_error "Failed to create lighttpd directory"
|
sudo mkdir -p "$lighttpd_ssl" || _install_error "Failed to create lighttpd directory"
|
||||||
fi
|
fi
|
||||||
echo "OK"
|
echo "OK"
|
||||||
|
|
||||||
install_log "Setting permissions and moving .pem file"
|
_install_log "Setting permissions and moving .pem file"
|
||||||
chmod 400 "$HOME/$certname".pem || install_error "Unable to set permissions for .pem file"
|
chmod 400 "$HOME/$certname".pem || _install_error "Unable to set permissions for .pem file"
|
||||||
sudo mv "$HOME/$certname".pem /etc/lighttpd/ssl || install_error "Unable to move .pem file"
|
sudo mv "$HOME/$certname".pem /etc/lighttpd/ssl || _install_error "Unable to move .pem file"
|
||||||
echo "OK"
|
echo "OK"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Generate config to enable SSL in lighttpd
|
# Generate config to enable SSL in lighttpd
|
||||||
function configure_lighttpd() {
|
function _configure_lighttpd() {
|
||||||
install_log "Configuring lighttpd for SSL"
|
_install_log "Configuring lighttpd for SSL"
|
||||||
lines=(
|
lines=(
|
||||||
'server.modules += ("mod_openssl")'
|
'server.modules += ("mod_openssl")'
|
||||||
'$SERVER["socket"] == ":443" {'
|
'$SERVER["socket"] == ":443" {'
|
||||||
@ -110,22 +122,22 @@ function configure_lighttpd() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# Copy rootCA.pem to RaspAP web root
|
# Copy rootCA.pem to RaspAP web root
|
||||||
function copy_rootca() {
|
function _copy_rootca() {
|
||||||
install_log "Copying rootCA.pem to RaspAP web root"
|
_install_log "Copying rootCA.pem to RaspAP web root"
|
||||||
sudo cp ${HOME}/.local/share/mkcert/rootCA.pem ${webroot_dir} || install_error "Unable to copy rootCA.pem to ${webroot_dir}"
|
sudo cp ${HOME}/.local/share/mkcert/rootCA.pem ${webroot_dir} || _install_error "Unable to copy rootCA.pem to ${webroot_dir}"
|
||||||
echo "OK"
|
echo "OK"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Restart lighttpd service
|
# Restart lighttpd service
|
||||||
function restart_lighttpd() {
|
function _restart_lighttpd() {
|
||||||
install_log "Restarting lighttpd service"
|
_install_log "Restarting lighttpd service"
|
||||||
sudo systemctl restart lighttpd.service || install_error "Unable to restart lighttpd service"
|
sudo systemctl restart lighttpd.service || _install_error "Unable to restart lighttpd service"
|
||||||
sudo systemctl status lighttpd.service
|
sudo systemctl status lighttpd.service
|
||||||
}
|
}
|
||||||
|
|
||||||
function install_complete() {
|
function _install_complete() {
|
||||||
install_log "SSL certificate install completed!"
|
_install_log "SSL certificate install completed!"
|
||||||
install_divider
|
_install_divider
|
||||||
printf '%s\n' \
|
printf '%s\n' \
|
||||||
"Open a browser and enter the address: http://$certname/rootCA.pem" \
|
"Open a browser and enter the address: http://$certname/rootCA.pem" \
|
||||||
"Download the root certificate to your client and add it to your system keychain." \
|
"Download the root certificate to your client and add it to your system keychain." \
|
||||||
@ -133,18 +145,18 @@ function install_complete() {
|
|||||||
"Finally, enter the address https://$certname in your browser." \
|
"Finally, enter the address https://$certname in your browser." \
|
||||||
"Enjoy an encrypted SSL connection to RaspAP 🔒" \
|
"Enjoy an encrypted SSL connection to RaspAP 🔒" \
|
||||||
"For advanced options, run mkcert -help"
|
"For advanced options, run mkcert -help"
|
||||||
install_divider
|
_install_divider
|
||||||
}
|
}
|
||||||
|
|
||||||
function install_certificate() {
|
function _install_certificate() {
|
||||||
display_welcome
|
_display_welcome
|
||||||
config_installation
|
_config_installation
|
||||||
install_mkcert
|
_install_mkcert
|
||||||
generate_certificate
|
_generate_certificate
|
||||||
create_lighttpd_dir
|
_create_lighttpd_dir
|
||||||
configure_lighttpd
|
_configure_lighttpd
|
||||||
copy_rootca
|
_copy_rootca
|
||||||
restart_lighttpd
|
_restart_lighttpd
|
||||||
install_complete
|
_install_complete
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,10 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=RaspAP daemon
|
|
||||||
After=multi-user.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=idle
|
|
||||||
ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
40
installers/raspap.sudoers
Normal file
40
installers/raspap.sudoers
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
www-data ALL=(ALL) NOPASSWD:/sbin/ifdown
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/sbin/ifup
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan_results
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] reconfigure
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] select_network
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/systemctl start hostapd.service
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop hostapd.service
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/systemctl start dnsmasq.service
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop dnsmasq.service
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/systemctl restart dnsmasq.service
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/systemctl start openvpn-client@client
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/systemctl enable openvpn-client@client
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop openvpn-client@client
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/systemctl disable openvpn-client@client
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/login.conf
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_raspap.conf
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/sbin/shutdown -h now
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/sbin/reboot
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] down
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] up
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/sbin/ip -s a f label wlan[0-9]
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/enablelog.sh
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/disablelog.sh
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/servicestart.sh
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
|
||||||
|
www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh
|
||||||
|
|
24
installers/raspapd.service
Normal file
24
installers/raspapd.service
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
### BEGIN INIT INFO
|
||||||
|
# Provides: raspapd
|
||||||
|
# Required-Start: $remote_fs $syslog
|
||||||
|
# Required-Stop: $remote_fs $syslog
|
||||||
|
# Default-Start: S 2 3 4 5
|
||||||
|
# Default-Stop: 0 1 6
|
||||||
|
# Short-Description: Start RaspAP daemon at boot time
|
||||||
|
# Description: Enable service provided by daemon
|
||||||
|
### END INIT INFO
|
||||||
|
# Author: BillZ <billzimmerman@gmail.com>
|
||||||
|
|
||||||
|
[Unit]
|
||||||
|
Description=RaspAP Service Daemon
|
||||||
|
DefaultDependencies=no
|
||||||
|
After=multi-user.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3
|
||||||
|
RemainAfterExit=no
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
@ -1,8 +1,8 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#
|
#
|
||||||
# RaspAP Quick Installer
|
# RaspAP Quick Installer
|
||||||
# author: @billz
|
# Author: @billz <billzimmerman@gmail.com>
|
||||||
# license: GNU General Public License v3.0
|
# License: GNU General Public License v3.0
|
||||||
#
|
#
|
||||||
# Usage:
|
# Usage:
|
||||||
#
|
#
|
||||||
@ -27,13 +27,16 @@
|
|||||||
# https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/common.sh
|
# https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/common.sh
|
||||||
# - or -
|
# - or -
|
||||||
# https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/mkcert.sh
|
# https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/mkcert.sh
|
||||||
|
#
|
||||||
|
# You are not obligated to bundle the LICENSE file with your RaspAP projects as long
|
||||||
|
# as you leave these references intact in the header comments of your source files.
|
||||||
|
|
||||||
# Set defaults
|
# Set defaults
|
||||||
repo="billz/raspap-webgui"
|
repo="billz/raspap-webgui"
|
||||||
branch="master"
|
branch="master"
|
||||||
VERSION=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
|
|
||||||
assume_yes=0
|
assume_yes=0
|
||||||
ovpn_option=1
|
ovpn_option=1
|
||||||
|
readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
|
||||||
|
|
||||||
# Define usage notes
|
# Define usage notes
|
||||||
usage=$(cat << EOF
|
usage=$(cat << EOF
|
||||||
@ -59,6 +62,9 @@ while :; do
|
|||||||
ovpn_option="$2"
|
ovpn_option="$2"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
|
-a|--adblock)
|
||||||
|
install_adblock=1
|
||||||
|
;;
|
||||||
-c|--cert|--certificate)
|
-c|--cert|--certificate)
|
||||||
install_cert=1
|
install_cert=1
|
||||||
;;
|
;;
|
||||||
@ -75,7 +81,7 @@ while :; do
|
|||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
-v|--version)
|
-v|--version)
|
||||||
printf "RaspAP v${VERSION} - simple AP setup and wifi mangement for the RaspberryPi\n"
|
printf "RaspAP v${RASPAP_LATEST} - simple AP setup and wifi mangement for the RaspberryPi\n"
|
||||||
exit 1
|
exit 1
|
||||||
;;
|
;;
|
||||||
-*|--*)
|
-*|--*)
|
||||||
@ -93,7 +99,7 @@ done
|
|||||||
UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
|
UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
|
||||||
|
|
||||||
# Outputs a welcome message
|
# Outputs a welcome message
|
||||||
function display_welcome() {
|
function _display_welcome() {
|
||||||
raspberry='\033[0;35m'
|
raspberry='\033[0;35m'
|
||||||
green='\033[1;32m'
|
green='\033[1;32m'
|
||||||
|
|
||||||
@ -105,35 +111,35 @@ function display_welcome() {
|
|||||||
echo -e " 88 88 88. .88 88 88. .88 88 88 88"
|
echo -e " 88 88 88. .88 88 88. .88 88 88 88"
|
||||||
echo -e " dP dP 88888P8 88888P 88Y888P 88 88 dP"
|
echo -e " dP dP 88888P8 88888P 88Y888P 88 88 dP"
|
||||||
echo -e " 88"
|
echo -e " 88"
|
||||||
echo -e " dP version ${VERSION}"
|
echo -e " dP version ${RASPAP_LATEST}"
|
||||||
echo -e "${green}"
|
echo -e "${green}"
|
||||||
echo -e "The Quick Installer will guide you through a few easy steps\n\n"
|
echo -e "The Quick Installer will guide you through a few easy steps\n\n"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Outputs a RaspAP Install log line
|
# Outputs a RaspAP Install log line
|
||||||
function install_log() {
|
function _install_log() {
|
||||||
echo -e "\033[1;32mRaspAP Install: $*\033[m"
|
echo -e "\033[1;32mRaspAP Install: $*\033[m"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Outputs a RaspAP Install Error log line and exits with status code 1
|
# Outputs a RaspAP Install Error log line and exits with status code 1
|
||||||
function install_error() {
|
function _install_error() {
|
||||||
echo -e "\033[1;37;41mRaspAP Install Error: $*\033[m"
|
echo -e "\033[1;37;41mRaspAP Install Error: $*\033[m"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
# Outputs a RaspAP Warning line
|
# Outputs a RaspAP Warning line
|
||||||
function install_warning() {
|
function _install_warning() {
|
||||||
echo -e "\033[1;33mWarning: $*\033[m"
|
echo -e "\033[1;33mWarning: $*\033[m"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Outputs a RaspAP divider
|
# Outputs a RaspAP divider
|
||||||
function install_divider() {
|
function _install_divider() {
|
||||||
echo -e "\033[1;32m***************************************************************$*\033[m"
|
echo -e "\033[1;32m***************************************************************$*\033[m"
|
||||||
}
|
}
|
||||||
|
|
||||||
function update_system_packages() {
|
function _update_system_packages() {
|
||||||
install_log "Updating sources"
|
_install_log "Updating sources"
|
||||||
sudo apt-get update || install_error "Unable to update package list"
|
sudo apt-get update || _install_error "Unable to update package list"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Fetch required installer functions
|
# Fetch required installer functions
|
||||||
@ -141,11 +147,11 @@ if [ "${install_cert:-}" = 1 ]; then
|
|||||||
source="mkcert"
|
source="mkcert"
|
||||||
wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
|
wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
|
||||||
source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
|
source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
|
||||||
install_certificate || install_error "Unable to install certificate"
|
_install_certificate || _install_error "Unable to install certificate"
|
||||||
else
|
else
|
||||||
source="common"
|
source="common"
|
||||||
wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
|
wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
|
||||||
source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
|
source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
|
||||||
install_raspap || install_error "Unable to install RaspAP"
|
_install_raspap || _install_error "Unable to install RaspAP"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# When wireless client AP mode is enabled, this script handles starting
|
# When wireless client AP or Bridge mode is enabled, this script handles starting
|
||||||
# up network services in a specific order and timing to avoid race conditions.
|
# up network services in a specific order and timing to avoid race conditions.
|
||||||
|
|
||||||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
NAME=raspap
|
NAME=raspapd
|
||||||
DESC="Service control for RaspAP"
|
DESC="Service control for RaspAP"
|
||||||
CONFIGFILE="/etc/raspap/hostapd.ini"
|
CONFIGFILE="/etc/raspap/hostapd.ini"
|
||||||
DAEMONPATH="/lib/systemd/system/raspap.service"
|
DAEMONPATH="/lib/systemd/system/raspapd.service"
|
||||||
OPENVPNENABLED=$(pidof openvpn | wc -l)
|
OPENVPNENABLED=$(pidof openvpn | wc -l)
|
||||||
|
|
||||||
positional=()
|
positional=()
|
||||||
@ -22,21 +22,33 @@ case $key in
|
|||||||
;;
|
;;
|
||||||
-s|--seconds)
|
-s|--seconds)
|
||||||
seconds="$2"
|
seconds="$2"
|
||||||
shift # past argument
|
shift
|
||||||
shift # past value
|
shift
|
||||||
|
;;
|
||||||
|
-a|--action)
|
||||||
|
action="$2"
|
||||||
|
shift
|
||||||
|
shift
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
set -- "${positional[@]}"
|
set -- "${positional[@]}"
|
||||||
|
|
||||||
echo "Stopping network services..."
|
echo "Stopping network services..."
|
||||||
systemctl stop openvpn-client@client
|
if [ $OPENVPNENABLED -eq 1 ]; then
|
||||||
|
systemctl stop openvpn-client@client
|
||||||
|
fi
|
||||||
systemctl stop systemd-networkd
|
systemctl stop systemd-networkd
|
||||||
systemctl stop hostapd.service
|
systemctl stop hostapd.service
|
||||||
systemctl stop dnsmasq.service
|
systemctl stop dnsmasq.service
|
||||||
systemctl stop dhcpcd.service
|
systemctl stop dhcpcd.service
|
||||||
|
|
||||||
if [ -f "$DAEMONPATH" ]; then
|
if [ "${action}" = "stop" ]; then
|
||||||
|
echo "Services stopped. Exiting."
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f "$DAEMONPATH" ] && [ ! -z "$interface" ]; then
|
||||||
echo "Changing RaspAP Daemon --interface to $interface"
|
echo "Changing RaspAP Daemon --interface to $interface"
|
||||||
sed -i "s/\(--interface \)[[:alnum:]]*/\1$interface/" "$DAEMONPATH"
|
sed -i "s/\(--interface \)[[:alnum:]]*/\1$interface/" "$DAEMONPATH"
|
||||||
fi
|
fi
|
||||||
@ -49,6 +61,9 @@ if [ -r "$CONFIGFILE" ]; then
|
|||||||
|
|
||||||
if [ "${config[BridgedEnable]}" = 1 ]; then
|
if [ "${config[BridgedEnable]}" = 1 ]; then
|
||||||
if [ "${interface}" = "br0" ]; then
|
if [ "${interface}" = "br0" ]; then
|
||||||
|
echo "Stopping systemd-networkd"
|
||||||
|
systemctl stop systemd-networkd
|
||||||
|
|
||||||
echo "Restarting eth0 interface..."
|
echo "Restarting eth0 interface..."
|
||||||
ip link set down eth0
|
ip link set down eth0
|
||||||
ip link set up eth0
|
ip link set up eth0
|
||||||
@ -64,14 +79,21 @@ if [ -r "$CONFIGFILE" ]; then
|
|||||||
echo "Disabling systemd-networkd"
|
echo "Disabling systemd-networkd"
|
||||||
systemctl disable systemd-networkd
|
systemctl disable systemd-networkd
|
||||||
|
|
||||||
echo "Removing br0 interface..."
|
ip link ls up | grep -q 'br0' &> /dev/null
|
||||||
ip link set down br0
|
if [ $? == 0 ]; then
|
||||||
ip link del dev br0
|
echo "Removing br0 interface..."
|
||||||
|
ip link set down br0
|
||||||
|
ip link del dev br0
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "${config[WifiAPEnable]}" = 1 ]; then
|
if [ "${config[WifiAPEnable]}" = 1 ]; then
|
||||||
if [ "${interface}" = "uap0" ]; then
|
if [ "${interface}" = "uap0" ]; then
|
||||||
echo "Removing uap0 interface..."
|
|
||||||
iw dev uap0 del
|
ip link ls up | grep -q 'uap0' &> /dev/null
|
||||||
|
if [ $? == 0 ]; then
|
||||||
|
echo "Removing uap0 interface..."
|
||||||
|
iw dev uap0 del
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Adding uap0 interface to ${config[WifiManaged]}"
|
echo "Adding uap0 interface to ${config[WifiManaged]}"
|
||||||
iw dev ${config[WifiManaged]} interface add uap0 type __ap
|
iw dev ${config[WifiManaged]} interface add uap0 type __ap
|
||||||
|
Loading…
Reference in New Issue
Block a user