Permissions and certs for prosody
This commit is contained in:
Bob Mottram
parent
1a3b57b0f0
commit
6a176f021e
|
|
@ -371,6 +371,9 @@ function install_xmpp_main {
|
|||
chown root:default /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*
|
||||
|
||||
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
|
||||
if [ ! -d /etc/prosody/certs ]; then
|
||||
mkdir /etc/prosody/certs
|
||||
fi
|
||||
|
||||
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
|
||||
sed -i "s|/etc/prosody/certs/example.com.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
||||
|
|
@ -474,8 +477,6 @@ function install_xmpp_main {
|
|||
fi
|
||||
sed -i "s/example.com/$DEFAULT_DOMAIN_NAME/g" /etc/prosody/prosody.cfg.lua
|
||||
|
||||
update_default_domain
|
||||
|
||||
if [ ! -d /var/lib/tor ]; then
|
||||
echo $'No Tor installation found. xmpp onion site cannot be configured.'
|
||||
exit 877367
|
||||
|
|
@ -517,6 +518,13 @@ function install_xmpp_main {
|
|||
configure_firewall_for_xmpp
|
||||
xmpp_email_headers
|
||||
|
||||
cp /etc/ssl/certs/xmpp.* /etc/prosody/certs
|
||||
cp /etc/ssl/private/xmpp.* /etc/prosody/certs
|
||||
chown -R prosody:default /etc/prosody
|
||||
update_default_domain
|
||||
|
||||
systemctl restart prosody
|
||||
|
||||
install_completed xmpp_main
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -714,6 +714,11 @@ function update_default_domain {
|
|||
cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
|
||||
cp /etc/ssl/certs/xmpp* /etc/prosody/certs
|
||||
cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
|
||||
if [ ! -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
|
||||
if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
|
||||
cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam
|
||||
fi
|
||||
fi
|
||||
if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
||||
if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
|
||||
mv /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem
|
||||
|
|
@ -725,8 +730,9 @@ function update_default_domain {
|
|||
sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
|
||||
sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
|
||||
fi
|
||||
chown -R prosody:prosody /etc/prosody
|
||||
chown -R prosody:default /etc/prosody
|
||||
chmod -R 700 /etc/prosody/certs/*
|
||||
chmod 600 /etc/prosody/prosody.cfg.lua
|
||||
systemctl reload prosody
|
||||
fi
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue