Switch xmpp cert path

This commit is contained in:
Bob Mottram 2017-05-17 19:05:32 +01:00
parent 4485d92021
commit c85dc2e33c
1 changed files with 13 additions and 18 deletions

View File

@ -638,7 +638,7 @@ function xmpp_create_config {
echo 'https_ports = { 5281 }' >> /etc/prosody/prosody.cfg.lua echo 'https_ports = { 5281 }' >> /etc/prosody/prosody.cfg.lua
echo 'https_interfaces = { "*" }' >> /etc/prosody/prosody.cfg.lua echo 'https_interfaces = { "*" }' >> /etc/prosody/prosody.cfg.lua
echo 'https_ssl = {' >> /etc/prosody/prosody.cfg.lua echo 'https_ssl = {' >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
else else
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
@ -652,7 +652,7 @@ function xmpp_create_config {
echo '' >> /etc/prosody/prosody.cfg.lua echo '' >> /etc/prosody/prosody.cfg.lua
echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
else else
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
@ -686,17 +686,17 @@ function xmpp_create_config {
echo "VirtualHost \"${DEFAULT_DOMAIN_NAME}\"" >> /etc/prosody/prosody.cfg.lua echo "VirtualHost \"${DEFAULT_DOMAIN_NAME}\"" >> /etc/prosody/prosody.cfg.lua
fi fi
echo ' ssl = {' >> /etc/prosody/prosody.cfg.lua echo ' ssl = {' >> /etc/prosody/prosody.cfg.lua
echo " key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua echo " key = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
else else
echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
fi fi
echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
echo ' depth = "2";' >> /etc/prosody/prosody.cfg.lua echo ' depth = "2";' >> /etc/prosody/prosody.cfg.lua
echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
echo " dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua echo " dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
echo ' }' >> /etc/prosody/prosody.cfg.lua echo ' }' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua echo '' >> /etc/prosody/prosody.cfg.lua
echo 'Include "conf.d/*.cfg.lua"' >> /etc/prosody/prosody.cfg.lua echo 'Include "conf.d/*.cfg.lua"' >> /etc/prosody/prosody.cfg.lua
@ -841,22 +841,19 @@ function install_xmpp {
chown root:default /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.* chown root:default /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
if [ ! -d /etc/prosody/certs ]; then
mkdir /etc/prosody/certs
fi
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
sed -i "s|/etc/prosody/certs/example.com.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua sed -i "s|key =.*|key = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i "s|/etc/prosody/certs/example.com.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua sed -i "s|certificate =.*|certificate = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
else else
sed -i 's|/etc/prosody/certs/example.com.key|/etc/prosody/certs/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua sed -i "s|key =.*|key = /etc/ssl/privates/xmpp.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
sed -i 's|/etc/prosody/certs/example.com.crt|/etc/prosody/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua sed -i "s|certificate =.*|certificate = /etc/ssl/certs/xmpp.crt|g" /etc/prosody/conf.avail/xmpp.cfg.lua
fi fi
if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "1" ]]; then if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "1" ]]; then
sed -i "/certificate =/a\ dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua sed -i "/certificate =/a\ dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
else else
sed -i '/certificate =/a\ dhparam = "/etc/prosody/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
fi fi
fi fi
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
@ -935,8 +932,6 @@ function install_xmpp {
configure_firewall_for_xmpp configure_firewall_for_xmpp
xmpp_email_headers xmpp_email_headers
cp /etc/ssl/certs/xmpp.* /etc/prosody/certs
cp /etc/ssl/private/xmpp.* /etc/prosody/certs
update_default_domain update_default_domain
xmpp_create_config xmpp_create_config