Improvements
parent
99e47b6355
commit
547c68fe6e
|
@ -37,25 +37,20 @@ ipstring="${3}"
|
|||
printf 'Signing SSL certs for %s.%s.%s...\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
||||
|
||||
# Make a directory for the new files
|
||||
which rm >>"${LOGFILE}"
|
||||
which sudo >>"${LOGFILE}"
|
||||
which chmod >>"${LOGFILE}"
|
||||
if ! sudo mkdir "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/" >>"${LOGFILE}" 2>/dev/null; then
|
||||
printf 'Failed to create directory %s/%s/%s/\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
exit 7
|
||||
fi
|
||||
|
||||
# Generate key
|
||||
if ! sudo /usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" >>"${LOGFILE}" 2>&1; then
|
||||
printf 'Failed to generate SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
if ! sudo /usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" >>/dev/null 2>&1; then
|
||||
printf 'Failed to generate SSL key %s/%s/%s/server.key\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
exit 7
|
||||
fi
|
||||
if ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" ]; then
|
||||
printf 'SSL key %s/%s/server.key was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
elif ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" ]; then
|
||||
printf 'SSL key %s/%s/%s/server.key was not generated!\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
exit 7
|
||||
fi
|
||||
if ! sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >>"${LOGFILE}" 2>&1; then
|
||||
printf 'Failed to chmod SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
elif ! sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >>"${LOGFILE}" 2>&1; then
|
||||
printf 'Failed to chmod SSL key %s/%s/%s/server.key\n' "${SSL_CONFIG_DIR}" "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
exit 7
|
||||
fi
|
||||
|
||||
|
@ -90,12 +85,10 @@ if ! sudo /usr/bin/openssl x509 -req -sha256 -extensions SAN -CAcreateserial \
|
|||
-days "${SSL_DAYS}" >>"${LOGFILE}" 2>&1; then
|
||||
printf 'Failed to generate SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
exit 7
|
||||
fi
|
||||
if ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ]; then
|
||||
elif ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ]; then
|
||||
printf 'SSL key %s/%s/server.crt was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
exit 7
|
||||
fi
|
||||
if ! sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"; then
|
||||
elif ! sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"; then
|
||||
printf 'Failed to chmod SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
exit 7
|
||||
fi
|
||||
|
|
|
@ -21,7 +21,7 @@ RUN sed -i "s|DocumentRoot .*$|DocumentRoot /var/www/cgi-bin\n\tScriptAlias / /v
|
|||
/etc/apache2/sites-available/000-default.conf
|
||||
|
||||
# Allow http to run these binaries as root with sudo
|
||||
RUN echo "www-data ALL=(ALL:ALL) NOPASSWD: /usr/bin/wg, /usr/bin/openssl, /bin/mkdir, /usr/bin/rm, /usr/bin/chmod" \
|
||||
RUN echo "www-data ALL=(ALL:ALL) NOPASSWD: /usr/bin/wg, /usr/bin/openssl, /bin/mkdir, /bin/rm, /bin/chmod" \
|
||||
| sudo EDITOR='tee -a' visudo
|
||||
|
||||
# Prepare filesystem
|
||||
|
|
Loading…
Reference in New Issue