Use letsencrypt cert for mumble

This commit is contained in:
Bob Mottram 2017-05-07 12:55:02 +01:00
parent d41fb6f08c
commit ce071bcc7b
3 changed files with 66 additions and 26 deletions

View File

@ -613,13 +613,10 @@ function install_matrix {
if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
rm /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam rm /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
fi fi
echo $'Obtaining certificate for the main domain' echo $'Obtaining certificate for the matrix domain'
function_check create_site_certificate function_check create_site_certificate
create_site_certificate ${MATRIX_DOMAIN_NAME} 'yes' create_site_certificate ${MATRIX_DOMAIN_NAME} 'yes'
if [[ $ONION_ONLY == "no" ]]; then
chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
fi
if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.crt ]; then if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.crt ]; then
echo $'Incorrect certificate generated' echo $'Incorrect certificate generated'

View File

@ -65,7 +65,9 @@ function reconfigure_mumble {
} }
function upgrade_mumble { function upgrade_mumble {
echo -n '' if [ -d /etc/letsencrypt ]; then
usermod -a -G ssl-cert mumble-server
fi
} }
function backup_local_mumble { function backup_local_mumble {
@ -200,12 +202,40 @@ function install_mumble {
fi fi
fi fi
if [[ ${ONION_ONLY} == 'no' ]]; then
if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then
mkdir /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
fi
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt
fi
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam
fi
echo $'Obtaining certificate for the main domain'
function_check create_site_certificate
create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
chmod 755 /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
echo $'Incorrect certificate generated'
exit 78352
fi
fi
chgrp -R ssl-cert /etc/letsencrypt
chmod -R g=rX /etc/letsencrypt
fi
# Make an ssl cert for the server # Make an ssl cert for the server
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH ${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
function_check check_certificates function_check check_certificates
check_certificates mumble check_certificates mumble
fi fi
fi
# Check that the cert was created # Check that the cert was created
if [ ! -f /etc/ssl/certs/mumble.crt ]; then if [ ! -f /etc/ssl/certs/mumble.crt ]; then
@ -241,8 +271,13 @@ function install_mumble {
echo 'allowping=False' >> /etc/mumble-server.ini echo 'allowping=False' >> /etc/mumble-server.ini
fi fi
sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
else
sed -i "s|#sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini
sed -i "s|#sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini
fi
sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
sed -i 's|users=100|users=10|g' /etc/mumble-server.ini sed -i 's|users=100|users=10|g' /etc/mumble-server.ini
sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini
@ -258,6 +293,10 @@ function install_mumble {
# turn off logs by default # turn off logs by default
sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini
if [ -d /etc/letsencrypt ]; then
usermod -a -G ssl-cert mumble-server
fi
update_default_domain update_default_domain
systemctl restart mumble-server systemctl restart mumble-server

View File

@ -706,13 +706,30 @@ function update_default_domain {
fi fi
fi fi
if [ -f /etc/mumble-server.ini ]; then
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
systemctl restart mumble
fi
else
if ! grep -q "${DEFAULT_DOMAIN_NAME}.pem" /etc/mumble-server.ini; then
usermod -a -G ssl-cert mumble-server
sed -i "s|sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini
sed -i "s|sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini
systemctl restart mumble
fi
fi
fi
if [ ! -d /etc/prosody/certs ]; then if [ ! -d /etc/prosody/certs ]; then
mkdir /etc/prosody/certs mkdir /etc/prosody/certs
fi fi
cp /etc/ssl/private/xmpp* /etc/prosody/certs cp /etc/ssl/private/xmpp* /etc/prosody/certs
cp /etc/ssl/certs/xmpp* /etc/prosody/certs cp /etc/ssl/certs/xmpp* /etc/prosody/certs
if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
usermod -a -G ssl-cert prosody
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
@ -742,19 +759,6 @@ function update_default_domain {
systemctl reload prosody systemctl reload prosody
fi fi
if [ -d /var/lib/mumble-server ]; then
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /var/lib/mumble-server/mumble.pem
cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam /var/lib/mumble-server/mumble.dhparam
cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key /var/lib/mumble-server/mumble.key
chown -R mumble-server:mumble-server /var/lib/mumble-server
chmod -R 700 /var/lib/mumble-server/*.pem
chmod -R 700 /var/lib/mumble-server/*.key
chmod -R 700 /var/lib/mumble-server/*.dhparam
systemctl restart mumble-server
fi
fi
if [ -d /home/znc/.znc ]; then if [ -d /home/znc/.znc ]; then
echo $'znc found' echo $'znc found'
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then