gf4
/
wagon
2
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Wiki Activity

Improvements

master
Keith Irwin 2022-09-10 11:50:07 -06:00
parent 99e47b6355
commit 547c68fe6e
Signed by: ki9
GPG Key ID: DF773B3F4A88DA86
2 changed files with 9 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
back/lib/ssl_peer_add
View File

@ -37,25 +37,20 @@ ipstring="${3}"
printf 'Signing SSL certs for %s.%s.%s...\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
# Make a directory for the new files
which rm >>"${LOGFILE}"
which sudo >>"${LOGFILE}"
which chmod >>"${LOGFILE}"
if ! sudo mkdir "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/" >>"${LOGFILE}" 2>/dev/null; then
printf 'Failed to create directory %s/%s/%s/\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
exit 7
fi
# Generate key
if ! sudo /usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" >>"${LOGFILE}" 2>&1; then
printf 'Failed to generate SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}"
if ! sudo /usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" >>/dev/null 2>&1; then
printf 'Failed to generate SSL key %s/%s/%s/server.key\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
exit 7
fi
if ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" ]; then
printf 'SSL key %s/%s/server.key was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
elif ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" ]; then
printf 'SSL key %s/%s/%s/server.key was not generated!\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
exit 7
fi
if ! sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >>"${LOGFILE}" 2>&1; then
printf 'Failed to chmod SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}"
elif ! sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >>"${LOGFILE}" 2>&1; then
printf 'Failed to chmod SSL key %s/%s/%s/server.key\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
exit 7
fi
@ -90,12 +85,10 @@ if ! sudo /usr/bin/openssl x509 -req -sha256 -extensions SAN -CAcreateserial \
-days "${SSL_DAYS}" >>"${LOGFILE}" 2>&1; then
printf 'Failed to generate SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
exit 7
fi
if ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ]; then
elif ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ]; then
printf 'SSL key %s/%s/server.crt was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
exit 7
fi
if ! sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"; then
elif ! sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"; then
printf 'Failed to chmod SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
exit 7
fi

2
back/srv/dashboard/Dockerfile
View File

@ -21,7 +21,7 @@ RUN sed -i "s|DocumentRoot .*$|DocumentRoot /var/www/cgi-bin\n\tScriptAlias / /v
/etc/apache2/sites-available/000-default.conf
# Allow http to run these binaries as root with sudo
RUN echo "www-data ALL=(ALL:ALL) NOPASSWD: /usr/bin/wg, /usr/bin/openssl, /bin/mkdir, /usr/bin/rm, /usr/bin/chmod" \
RUN echo "www-data ALL=(ALL:ALL) NOPASSWD: /usr/bin/wg, /usr/bin/openssl, /bin/mkdir, /bin/rm, /bin/chmod" \
| sudo EDITOR='tee -a' visudo
# Prepare filesystem