From 547c68fe6e472a36cbc8bb26740c715bfcef1a34 Mon Sep 17 00:00:00 2001 From: Keith Irwin Date: Sat, 10 Sep 2022 11:50:07 -0600 Subject: [PATCH] Improvements --- back/lib/ssl_peer_add | 23 ++++++++--------------- back/srv/dashboard/Dockerfile | 2 +- 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/back/lib/ssl_peer_add b/back/lib/ssl_peer_add index 3622d36..3b6f3a7 100755 --- a/back/lib/ssl_peer_add +++ b/back/lib/ssl_peer_add @@ -37,25 +37,20 @@ ipstring="${3}" printf 'Signing SSL certs for %s.%s.%s...\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}" # Make a directory for the new files -which rm >>"${LOGFILE}" -which sudo >>"${LOGFILE}" -which chmod >>"${LOGFILE}" if ! sudo mkdir "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/" >>"${LOGFILE}" 2>/dev/null; then printf 'Failed to create directory %s/%s/%s/\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}" exit 7 fi # Generate key -if ! sudo /usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" >>"${LOGFILE}" 2>&1; then - printf 'Failed to generate SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}" +if ! sudo /usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" >>/dev/null 2>&1; then + printf 'Failed to generate SSL key %s/%s/%s/server.key\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}" exit 7 -fi -if ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" ]; then - printf 'SSL key %s/%s/server.key was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}" +elif ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" ]; then + printf 'SSL key %s/%s/%s/server.key was not generated!\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}" exit 7 -fi -if ! sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >>"${LOGFILE}" 2>&1; then - printf 'Failed to chmod SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}" +elif ! sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >>"${LOGFILE}" 2>&1; then + printf 'Failed to chmod SSL key %s/%s/%s/server.key\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}" exit 7 fi @@ -90,12 +85,10 @@ if ! sudo /usr/bin/openssl x509 -req -sha256 -extensions SAN -CAcreateserial \ -days "${SSL_DAYS}" >>"${LOGFILE}" 2>&1; then printf 'Failed to generate SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}" exit 7 -fi -if ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ]; then +elif ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ]; then printf 'SSL key %s/%s/server.crt was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}" exit 7 -fi -if ! sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"; then +elif ! sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"; then printf 'Failed to chmod SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}" exit 7 fi diff --git a/back/srv/dashboard/Dockerfile b/back/srv/dashboard/Dockerfile index 3f3b7b5..5fcb441 100644 --- a/back/srv/dashboard/Dockerfile +++ b/back/srv/dashboard/Dockerfile @@ -21,7 +21,7 @@ RUN sed -i "s|DocumentRoot .*$|DocumentRoot /var/www/cgi-bin\n\tScriptAlias / /v /etc/apache2/sites-available/000-default.conf # Allow http to run these binaries as root with sudo -RUN echo "www-data ALL=(ALL:ALL) NOPASSWD: /usr/bin/wg, /usr/bin/openssl, /bin/mkdir, /usr/bin/rm, /usr/bin/chmod" \ +RUN echo "www-data ALL=(ALL:ALL) NOPASSWD: /usr/bin/wg, /usr/bin/openssl, /bin/mkdir, /bin/rm, /bin/chmod" \ | sudo EDITOR='tee -a' visudo # Prepare filesystem