mirror of
https://github.com/billz/raspap-webgui.git
synced 2025-03-01 10:31:47 +00:00
Update comments, apply best practices
This commit is contained in:
billz
@@ -1,19 +1,31 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# RaspAP SSL certificate installation functions
|
||||
# author: @billz
|
||||
# license: GNU General Public License v3.0
|
||||
# Author: @billz <billzimmerman@gmail.com>
|
||||
# License: GNU General Public License v3.0
|
||||
#
|
||||
# You are not obligated to bundle the LICENSE file with your RaspAP projects as long
|
||||
# as you leave these references intact in the header comments of your source files.
|
||||
|
||||
# Exit on error
|
||||
set -o errexit
|
||||
# Exit on error inside functions
|
||||
set -o errtrace
|
||||
# Turn on traces, disabled by default
|
||||
# set -o xtrace
|
||||
|
||||
# Set defaults
|
||||
certname=$HOSTNAME."local"
|
||||
lighttpd_ssl="/etc/lighttpd/ssl"
|
||||
lighttpd_conf="/etc/lighttpd/lighttpd.conf"
|
||||
webroot_dir="/var/www/html"
|
||||
mkcert_version="1.4.1"
|
||||
readonly mkcert_version="1.4.1"
|
||||
readonly git_source_url="https://github.com/FiloSottile/mkcert/releases/download/v${mkcert_version}"
|
||||
|
||||
### NOTE: all the below functions are overloadable for system-specific installs
|
||||
|
||||
function config_installation() {
|
||||
install_log "Configure a new SSL certificate"
|
||||
function _config_installation() {
|
||||
_install_log "Configure a new SSL certificate"
|
||||
echo "Current system hostname is $HOSTNAME"
|
||||
echo -n "Create an SSL certificate for ${certname}? (Recommended) [y/N]"
|
||||
if [ $assume_yes == 0 ]; then
|
||||
@@ -35,10 +47,10 @@ function config_installation() {
|
||||
echo -e
|
||||
fi
|
||||
|
||||
install_divider
|
||||
_install_divider
|
||||
echo "A new SSL certificate for: ${certname}"
|
||||
echo "will be installed to lighttpd SSL directory: ${lighttpd_ssl}"
|
||||
install_divider
|
||||
_install_divider
|
||||
echo -n "Complete installation with these values? [y/N]: "
|
||||
if [ $assume_yes == 0 ]; then
|
||||
read answer < /dev/tty
|
||||
@@ -52,43 +64,43 @@ function config_installation() {
|
||||
}
|
||||
|
||||
# Installs pre-built mkcert binary for Arch Linux ARM
|
||||
function install_mkcert() {
|
||||
install_log "Fetching mkcert binary"
|
||||
sudo wget -q https://github.com/FiloSottile/mkcert/releases/download/v${mkcert_version}/mkcert-v${mkcert_version}-linux-arm -O /usr/local/bin/mkcert || install_error "Unable to download mkcert"
|
||||
function _install_mkcert() {
|
||||
_install_log "Fetching mkcert binary"
|
||||
sudo wget -q ${git_source_url}/mkcert-v${mkcert_version}-linux-arm -O /usr/local/bin/mkcert || _install_error "Unable to download mkcert"
|
||||
sudo chmod +x /usr/local/bin/mkcert
|
||||
|
||||
install_log "Installing mkcert"
|
||||
mkcert -install || install_error "Failed to install mkcert"
|
||||
_install_log "Installing mkcert"
|
||||
mkcert -install || _install_error "Failed to install mkcert"
|
||||
}
|
||||
|
||||
# Generate a certificate for host
|
||||
function generate_certificate() {
|
||||
install_log "Generating a new certificate for $certname"
|
||||
function _generate_certificate() {
|
||||
_install_log "Generating a new certificate for $certname"
|
||||
cd $HOME
|
||||
mkcert $certname "*.${certname}.local" $certname || install_error "Failed to generate certificate for $certname"
|
||||
mkcert $certname "*.${certname}.local" $certname || _install_error "Failed to generate certificate for $certname"
|
||||
|
||||
install_log "Combining private key and certificate"
|
||||
cat $certname+2-key.pem $certname+2.pem > $certname.pem || install_error "Failed to combine key and certificate"
|
||||
_install_log "Combining private key and certificate"
|
||||
cat $certname+2-key.pem $certname+2.pem > $certname.pem || _install_error "Failed to combine key and certificate"
|
||||
echo "OK"
|
||||
}
|
||||
|
||||
# Create a directory for the combined .pem file in lighttpd
|
||||
function create_lighttpd_dir() {
|
||||
install_log "Creating SLL directory for lighttpd"
|
||||
function _create_lighttpd_dir() {
|
||||
_install_log "Creating SLL directory for lighttpd"
|
||||
if [ ! -d "$lighttpd_ssl" ]; then
|
||||
sudo mkdir -p "$lighttpd_ssl" || install_error "Failed to create lighttpd directory"
|
||||
sudo mkdir -p "$lighttpd_ssl" || _install_error "Failed to create lighttpd directory"
|
||||
fi
|
||||
echo "OK"
|
||||
|
||||
install_log "Setting permissions and moving .pem file"
|
||||
chmod 400 "$HOME/$certname".pem || install_error "Unable to set permissions for .pem file"
|
||||
sudo mv "$HOME/$certname".pem /etc/lighttpd/ssl || install_error "Unable to move .pem file"
|
||||
_install_log "Setting permissions and moving .pem file"
|
||||
chmod 400 "$HOME/$certname".pem || _install_error "Unable to set permissions for .pem file"
|
||||
sudo mv "$HOME/$certname".pem /etc/lighttpd/ssl || _install_error "Unable to move .pem file"
|
||||
echo "OK"
|
||||
}
|
||||
|
||||
# Generate config to enable SSL in lighttpd
|
||||
function configure_lighttpd() {
|
||||
install_log "Configuring lighttpd for SSL"
|
||||
function _configure_lighttpd() {
|
||||
_install_log "Configuring lighttpd for SSL"
|
||||
lines=(
|
||||
'server.modules += ("mod_openssl")'
|
||||
'$SERVER["socket"] == ":443" {'
|
||||
@@ -110,22 +122,22 @@ function configure_lighttpd() {
|
||||
}
|
||||
|
||||
# Copy rootCA.pem to RaspAP web root
|
||||
function copy_rootca() {
|
||||
install_log "Copying rootCA.pem to RaspAP web root"
|
||||
sudo cp ${HOME}/.local/share/mkcert/rootCA.pem ${webroot_dir} || install_error "Unable to copy rootCA.pem to ${webroot_dir}"
|
||||
function _copy_rootca() {
|
||||
_install_log "Copying rootCA.pem to RaspAP web root"
|
||||
sudo cp ${HOME}/.local/share/mkcert/rootCA.pem ${webroot_dir} || _install_error "Unable to copy rootCA.pem to ${webroot_dir}"
|
||||
echo "OK"
|
||||
}
|
||||
|
||||
# Restart lighttpd service
|
||||
function restart_lighttpd() {
|
||||
install_log "Restarting lighttpd service"
|
||||
sudo systemctl restart lighttpd.service || install_error "Unable to restart lighttpd service"
|
||||
function _restart_lighttpd() {
|
||||
_install_log "Restarting lighttpd service"
|
||||
sudo systemctl restart lighttpd.service || _install_error "Unable to restart lighttpd service"
|
||||
sudo systemctl status lighttpd.service
|
||||
}
|
||||
|
||||
function install_complete() {
|
||||
install_log "SSL certificate install completed!"
|
||||
install_divider
|
||||
function _install_complete() {
|
||||
_install_log "SSL certificate install completed!"
|
||||
_install_divider
|
||||
printf '%s\n' \
|
||||
"Open a browser and enter the address: http://$certname/rootCA.pem" \
|
||||
"Download the root certificate to your client and add it to your system keychain." \
|
||||
@@ -133,18 +145,18 @@ function install_complete() {
|
||||
"Finally, enter the address https://$certname in your browser." \
|
||||
"Enjoy an encrypted SSL connection to RaspAP 🔒" \
|
||||
"For advanced options, run mkcert -help"
|
||||
install_divider
|
||||
_install_divider
|
||||
}
|
||||
|
||||
function install_certificate() {
|
||||
display_welcome
|
||||
config_installation
|
||||
install_mkcert
|
||||
generate_certificate
|
||||
create_lighttpd_dir
|
||||
configure_lighttpd
|
||||
copy_rootca
|
||||
restart_lighttpd
|
||||
install_complete
|
||||
function _install_certificate() {
|
||||
_display_welcome
|
||||
_config_installation
|
||||
_install_mkcert
|
||||
_generate_certificate
|
||||
_create_lighttpd_dir
|
||||
_configure_lighttpd
|
||||
_copy_rootca
|
||||
_restart_lighttpd
|
||||
_install_complete
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user