Use letsencrypt cert for mumble
This commit is contained in:
parent
d41fb6f08c
commit
ce071bcc7b
|
@ -613,13 +613,10 @@ function install_matrix {
|
||||||
if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
|
if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
|
||||||
rm /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
|
rm /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
|
||||||
fi
|
fi
|
||||||
echo $'Obtaining certificate for the main domain'
|
echo $'Obtaining certificate for the matrix domain'
|
||||||
function_check create_site_certificate
|
function_check create_site_certificate
|
||||||
create_site_certificate ${MATRIX_DOMAIN_NAME} 'yes'
|
create_site_certificate ${MATRIX_DOMAIN_NAME} 'yes'
|
||||||
|
|
||||||
if [[ $ONION_ONLY == "no" ]]; then
|
|
||||||
chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
|
chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.crt ]; then
|
if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.crt ]; then
|
||||||
echo $'Incorrect certificate generated'
|
echo $'Incorrect certificate generated'
|
||||||
|
|
|
@ -65,7 +65,9 @@ function reconfigure_mumble {
|
||||||
}
|
}
|
||||||
|
|
||||||
function upgrade_mumble {
|
function upgrade_mumble {
|
||||||
echo -n ''
|
if [ -d /etc/letsencrypt ]; then
|
||||||
|
usermod -a -G ssl-cert mumble-server
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function backup_local_mumble {
|
function backup_local_mumble {
|
||||||
|
@ -200,12 +202,40 @@ function install_mumble {
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ ${ONION_ONLY} == 'no' ]]; then
|
||||||
|
if [ ! -d /var/www/${DEFAULT_DOMAIN_NAME}/htdocs ]; then
|
||||||
|
mkdir /var/www/${DEFAULT_DOMAIN_NAME}/htdocs
|
||||||
|
fi
|
||||||
|
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
||||||
|
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
|
||||||
|
rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt
|
||||||
|
fi
|
||||||
|
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
|
||||||
|
rm /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam
|
||||||
|
fi
|
||||||
|
echo $'Obtaining certificate for the main domain'
|
||||||
|
function_check create_site_certificate
|
||||||
|
create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
|
||||||
|
chmod 755 /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam
|
||||||
|
|
||||||
|
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
|
||||||
|
echo $'Incorrect certificate generated'
|
||||||
|
exit 78352
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
chgrp -R ssl-cert /etc/letsencrypt
|
||||||
|
chmod -R g=rX /etc/letsencrypt
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
# Make an ssl cert for the server
|
# Make an ssl cert for the server
|
||||||
|
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
||||||
if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
|
if [ ! -f /etc/ssl/certs/mumble.dhparam ]; then
|
||||||
${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
|
${PROJECT_NAME}-addcert -h mumble --dhkey $DH_KEYLENGTH
|
||||||
function_check check_certificates
|
function_check check_certificates
|
||||||
check_certificates mumble
|
check_certificates mumble
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
# Check that the cert was created
|
# Check that the cert was created
|
||||||
if [ ! -f /etc/ssl/certs/mumble.crt ]; then
|
if [ ! -f /etc/ssl/certs/mumble.crt ]; then
|
||||||
|
@ -241,8 +271,13 @@ function install_mumble {
|
||||||
echo 'allowping=False' >> /etc/mumble-server.ini
|
echo 'allowping=False' >> /etc/mumble-server.ini
|
||||||
fi
|
fi
|
||||||
sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
|
sed -i 's|allowping=.*|allowping=False|g' /etc/mumble-server.ini
|
||||||
|
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
||||||
sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
|
sed -i 's|#sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
|
||||||
sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
|
sed -i 's|#sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
|
||||||
|
else
|
||||||
|
sed -i "s|#sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini
|
||||||
|
sed -i "s|#sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini
|
||||||
|
fi
|
||||||
sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
|
sed -i 's|#certrequired=.*|certrequired=True|g' /etc/mumble-server.ini
|
||||||
sed -i 's|users=100|users=10|g' /etc/mumble-server.ini
|
sed -i 's|users=100|users=10|g' /etc/mumble-server.ini
|
||||||
sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini
|
sed -i 's|#channelnestinglimit=10|channelnestinglimit=10|g' /etc/mumble-server.ini
|
||||||
|
@ -258,6 +293,10 @@ function install_mumble {
|
||||||
# turn off logs by default
|
# turn off logs by default
|
||||||
sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini
|
sed -i 's|logfile=.*|logfile=/dev/null|g' /etc/mumble-server.ini
|
||||||
|
|
||||||
|
if [ -d /etc/letsencrypt ]; then
|
||||||
|
usermod -a -G ssl-cert mumble-server
|
||||||
|
fi
|
||||||
|
|
||||||
update_default_domain
|
update_default_domain
|
||||||
systemctl restart mumble-server
|
systemctl restart mumble-server
|
||||||
|
|
||||||
|
|
|
@ -706,13 +706,30 @@ function update_default_domain {
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -f /etc/mumble-server.ini ]; then
|
||||||
|
if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
||||||
|
if ! grep -q "mumble.pem" /etc/mumble-server.ini; then
|
||||||
|
sed -i 's|sslCert=.*|sslCert=/var/lib/mumble-server/mumble.pem|g' /etc/mumble-server.ini
|
||||||
|
sed -i 's|sslKey=.*|sslKey=/var/lib/mumble-server/mumble.key|g' /etc/mumble-server.ini
|
||||||
|
systemctl restart mumble
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if ! grep -q "${DEFAULT_DOMAIN_NAME}.pem" /etc/mumble-server.ini; then
|
||||||
|
usermod -a -G ssl-cert mumble-server
|
||||||
|
sed -i "s|sslCert=.*|sslCert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/mumble-server.ini
|
||||||
|
sed -i "s|sslKey=.*|sslKey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/mumble-server.ini
|
||||||
|
systemctl restart mumble
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
if [ ! -d /etc/prosody/certs ]; then
|
if [ ! -d /etc/prosody/certs ]; then
|
||||||
mkdir /etc/prosody/certs
|
mkdir /etc/prosody/certs
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cp /etc/ssl/private/xmpp* /etc/prosody/certs
|
cp /etc/ssl/private/xmpp* /etc/prosody/certs
|
||||||
cp /etc/ssl/certs/xmpp* /etc/prosody/certs
|
cp /etc/ssl/certs/xmpp* /etc/prosody/certs
|
||||||
if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
||||||
|
usermod -a -G ssl-cert prosody
|
||||||
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
||||||
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
||||||
|
|
||||||
|
@ -742,19 +759,6 @@ function update_default_domain {
|
||||||
systemctl reload prosody
|
systemctl reload prosody
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -d /var/lib/mumble-server ]; then
|
|
||||||
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
|
|
||||||
cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem /var/lib/mumble-server/mumble.pem
|
|
||||||
cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam /var/lib/mumble-server/mumble.dhparam
|
|
||||||
cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key /var/lib/mumble-server/mumble.key
|
|
||||||
chown -R mumble-server:mumble-server /var/lib/mumble-server
|
|
||||||
chmod -R 700 /var/lib/mumble-server/*.pem
|
|
||||||
chmod -R 700 /var/lib/mumble-server/*.key
|
|
||||||
chmod -R 700 /var/lib/mumble-server/*.dhparam
|
|
||||||
systemctl restart mumble-server
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -d /home/znc/.znc ]; then
|
if [ -d /home/znc/.znc ]; then
|
||||||
echo $'znc found'
|
echo $'znc found'
|
||||||
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
|
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
|
||||||
|
|
Loading…
Reference in New Issue