free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Avoid copying xmpp certs

This commit is contained in:
Bob Mottram 2017-05-07 10:52:00 +01:00
parent 27907b5d45
commit 31671f6194
2 changed files with 19 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/freedombone-app-xmpp
View File

@ -307,6 +307,9 @@ function update_prosody_modules {
}
function upgrade_xmpp_server {
if [ -d /etc/letsencrypt ]; then
usermod -a -G ssl-cert prosody
fi
function_check update_prosody_modules
update_prosody_modules
@ -665,29 +668,29 @@ function xmpp_create_config {
echo 'https_interfaces = { "*" }' >> /etc/prosody/prosody.cfg.lua
echo 'https_ssl = {' >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
else
echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
fi
echo " key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
echo " dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
echo " dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
echo "}" >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
echo " key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
else
echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
fi
echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
echo ' depth = "1";' >> /etc/prosody/prosody.cfg.lua
echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
echo " dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
echo " dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
echo '}' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'c2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
@ -977,6 +980,9 @@ function install_xmpp_main {
chown -R prosody /usr/lib/prosody
chmod -R 700 /etc/prosody/conf.d
if [ -d /etc/letsencrypt ]; then
usermod -a -G ssl-cert prosody
fi
systemctl restart prosody
if [[ $ONION_ONLY != 'no' ]]; then

21
src/freedombone-utils-web
View File

@ -711,24 +711,13 @@ function update_default_domain {
fi
cp /etc/ssl/private/xmpp* /etc/prosody/certs
cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
cp /etc/ssl/certs/xmpp* /etc/prosody/certs
cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
if [ ! -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam
fi
fi
if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
mv /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem
fi
else
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
fi
chown -R prosody:default /etc/prosody
chmod -R 700 /etc/prosody/certs/*