Avoid copying xmpp certs

2017-05-07 10:52:00 +01:00 · 2017-05-07 10:52:00 +01:00 · 31671f6194
parent 27907b5d45
commit 31671f6194
2 changed files with 19 additions and 24 deletions
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@ -307,6 +307,9 @@ function update_prosody_modules {
 }
 function upgrade_xmpp_server {
    if [ -d /etc/letsencrypt ]; then
        usermod -a -G ssl-cert prosody
    fi
    function_check update_prosody_modules
    update_prosody_modules
@ -665,29 +668,29 @@ function xmpp_create_config {
    echo 'https_interfaces = { "*" }' >> /etc/prosody/prosody.cfg.lua
    echo 'https_ssl = {' >> /etc/prosody/prosody.cfg.lua
    if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-        echo "    certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
+        echo "    certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
    else
-        echo "    certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
+        echo "    certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
    fi
-    echo "    key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
+    echo "    key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
    echo "    curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
    echo "    ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
    echo '    options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
-    echo "    dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+    echo "    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
    echo "}" >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
-    echo "    key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
+    echo "    key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
    if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-        echo "    certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
+        echo "    certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
    else
-        echo "    certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
+        echo "    certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
    fi
    echo "    curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
    echo '    depth = "1";' >> /etc/prosody/prosody.cfg.lua
    echo "    ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
    echo '    options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
-    echo "    dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+    echo "    dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
    echo '}' >> /etc/prosody/prosody.cfg.lua
    echo '' >> /etc/prosody/prosody.cfg.lua
    echo 'c2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
@ -977,6 +980,9 @@ function install_xmpp_main {
    chown -R prosody /usr/lib/prosody
    chmod -R 700 /etc/prosody/conf.d
    if [ -d /etc/letsencrypt ]; then
        usermod -a -G ssl-cert prosody
    fi
    systemctl restart prosody
    if [[ $ONION_ONLY != 'no' ]]; then
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@ -711,24 +711,13 @@ function update_default_domain {
            fi
            cp /etc/ssl/private/xmpp* /etc/prosody/certs
            cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
            cp /etc/ssl/certs/xmpp* /etc/prosody/certs
-            cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
+            if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-            if [ ! -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
+                sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
-                if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
+                sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
                    cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam
                fi
            fi
            if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
                if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
                    mv /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem
                fi
            else
                sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
                sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
-                sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
+                sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
-                sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
+                sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
            fi
            chown -R prosody:default /etc/prosody
            chmod -R 700 /etc/prosody/certs/*