Permissions and certs for prosody
This commit is contained in:
parent
1a3b57b0f0
commit
6a176f021e
|
@ -371,6 +371,9 @@ function install_xmpp_main {
|
||||||
chown root:default /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*
|
chown root:default /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*
|
||||||
|
|
||||||
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
|
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
|
||||||
|
if [ ! -d /etc/prosody/certs ]; then
|
||||||
|
mkdir /etc/prosody/certs
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
|
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
|
||||||
sed -i "s|/etc/prosody/certs/example.com.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
sed -i "s|/etc/prosody/certs/example.com.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
||||||
|
@ -474,8 +477,6 @@ function install_xmpp_main {
|
||||||
fi
|
fi
|
||||||
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
|
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
|
||||||
|
|
||||||
update_default_domain
|
|
||||||
|
|
||||||
if [ ! -d /var/lib/tor ]; then
|
if [ ! -d /var/lib/tor ]; then
|
||||||
echo $'No Tor installation found. xmpp onion site cannot be configured.'
|
echo $'No Tor installation found. xmpp onion site cannot be configured.'
|
||||||
exit 877367
|
exit 877367
|
||||||
|
@ -517,6 +518,13 @@ function install_xmpp_main {
|
||||||
configure_firewall_for_xmpp
|
configure_firewall_for_xmpp
|
||||||
xmpp_email_headers
|
xmpp_email_headers
|
||||||
|
|
||||||
|
cp /etc/ssl/certs/xmpp.* /etc/prosody/certs
|
||||||
|
cp /etc/ssl/private/xmpp.* /etc/prosody/certs
|
||||||
|
chown -R prosody:default /etc/prosody
|
||||||
|
update_default_domain
|
||||||
|
|
||||||
|
systemctl restart prosody
|
||||||
|
|
||||||
install_completed xmpp_main
|
install_completed xmpp_main
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -714,6 +714,11 @@ function update_default_domain {
|
||||||
cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
|
cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
|
||||||
cp /etc/ssl/certs/xmpp* /etc/prosody/certs
|
cp /etc/ssl/certs/xmpp* /etc/prosody/certs
|
||||||
cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
|
cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
|
||||||
|
if [ ! -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
|
||||||
|
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
|
||||||
|
cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam
|
||||||
|
fi
|
||||||
|
fi
|
||||||
if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
||||||
if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
|
if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
|
||||||
mv /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem
|
mv /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem
|
||||||
|
@ -725,8 +730,9 @@ function update_default_domain {
|
||||||
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
|
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
|
||||||
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
|
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
|
||||||
fi
|
fi
|
||||||
chown -R prosody:prosody /etc/prosody
|
chown -R prosody:default /etc/prosody
|
||||||
chmod -R 700 /etc/prosody/certs/*
|
chmod -R 700 /etc/prosody/certs/*
|
||||||
|
chmod 600 /etc/prosody/prosody.cfg.lua
|
||||||
systemctl reload prosody
|
systemctl reload prosody
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue