free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
freedomboneeee/src/freedombone-app-keyserver

614 lines
23 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# .---. . .
# | | |
# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-.
# | | (.-' (.-' ( | ( )| | | | )( )| | (.-'
# ' ' --' --' -' - -' ' ' -' -' -' ' - --'
#
# Freedom in the Cloud
#
# SKS Keyserver
#
# License
# =======
#
# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
VARIANTS='full full-vim'
IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1
KEYSERVER_WEB_REPO="https://github.com/mattrude/pgpkeyserver-lite"
KEYSERVER_WEB_COMMIT='a038cb79b927c99bf7da62f20d2c6a2f20374339'
KEYSERVER_PORT=11371
KEYSERVER_ONION_PORT=8122
KEYSERVER_DOMAIN_NAME=
KEYSERVER_CODE=
keyserver_variables=(ONION_ONLY
MY_USERNAME
DEFAULT_DOMAIN_NAME
KEYSERVER_DOMAIN_NAME
KEYSERVER_CODE)
function configure_firewall_for_keyserver {
if [[ $ONION_ONLY != "no" ]]; then
return
fi
firewall_add keyserver 11370 tcp
firewall_add keyserver 11371 tcp
firewall_add keyserver 11372 tcp
mark_completed $FUNCNAME
}
function keyserver_reset_database {
if [ -d /var/lib/sks/DB ]; then
rm -rf /var/lib/sks/DB
fi
sks build
chown -Rc debian-sks: /var/lib/sks
systemctl restart sks
}
function logging_on_keyserver {
echo -n ''
}
function logging_off_keyserver {
echo -n ''
}
function reconfigure_keyserver {
echo -n ''
}
function upgrade_keyserver {
CURR_KEYSERVER_WEB_COMMIT=$(get_completion_param "keyserver web commit")
if [[ "$CURR_KEYSERVER_WEB_COMMIT" == "$KEYSERVER_WEB_COMMIT" ]]; then
return
fi
if grep -q "keyserver domain" $COMPLETION_FILE; then
KEYSERVER_DOMAIN_NAME=$(get_completion_param "keyserver domain")
fi
# update to the next commit
function_check set_repo_commit
set_repo_commit /var/www/$KEYSERVER_DOMAIN_NAME/htdocs "keyserver web commit" "$KEYSERVER_WEB_COMMIT" $KEYSERVER_WEB_REPO
read_config_param MY_USERNAME
USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
if [ ! $GPG_ID ]; then
echo $'No GPG ID for admin user'
exit 846336
fi
if [ ${#GPG_ID} -lt 5 ]; then
echo $'GPG ID not retrieved for admin user'
exit 835292
fi
if [[ "$GPG_ID" == *"error"* ]]; then
echo $'GPG ID not retrieved for admin user due to error'
exit 74825
fi
sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html
sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html
sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html
sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html
chown -R www-data:www-data /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
}
function backup_local_keyserver {
source_directory=/var/lib/sks/DB
if [ -d $source_directory ]; then
systemctl stop sks
dest_directory=keyserver
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
systemctl start sks
fi
}
function restore_local_keyserver {
if [ ! -d /var/lib/sks/DB ]; then
return
fi
echo $"Restoring SKS Keyserver"
systemctl stop sks
temp_restore_dir=/root/tempkeyserver
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir keyserver
mv /var/lib/sks/DB /var/lib/sks/DB_prev
cp -r $temp_restore_dir/var/lib/sks/DB /var/lib/sks/DB
if [ ! "$?" = "0" ]; then
# restore the old database
rm -rf /var/lib/sks/DB
mv /var/lib/sks/DB_prev /var/lib/sks/DB
rm -rf $temp_restore_dir
function_check set_user_permissions
set_user_permissions
function_check backup_unmount_drive
backup_unmount_drive
exit 5627294
fi
rm -rf $temp_restore_dir
chown -Rc debian-sks: /var/lib/sks
# remove the old database
rm -rf /var/lib/sks/DB_prev
systemctl start sks
}
function backup_remote_keyserver {
source_directory=/var/lib/sks/DB
if [ -d $source_directory ]; then
systemctl stop sks
dest_directory=keyserver
function_check backup_directory_to_friend
backup_directory_to_friend $source_directory $dest_directory
systemctl start sks
fi
}
function restore_remote_keyserver {
if [ ! -d /var/lib/sks/DB ]; then
return
fi
echo $"Restoring SKS Keyserver"
systemctl stop sks
temp_restore_dir=/root/tempkeyserver
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir keyserver
mv /var/lib/sks/DB /var/lib/sks/DB_prev
cp -r $temp_restore_dir/var/lib/sks/DB /var/lib/sks/DB
if [ ! "$?" = "0" ]; then
# restore the old database
rm -rf /var/lib/sks/DB
mv /var/lib/sks/DB_prev /var/lib/sks/DB
rm -rf $temp_restore_dir
function_check set_user_permissions
set_user_permissions
return
fi
rm -rf $temp_restore_dir
chown -Rc debian-sks: /var/lib/sks
# remove the old database
rm -rf /var/lib/sks/DB_prev
systemctl start sks
}
function remove_keyserver {
systemctl stop sks
apt-get -qy remove sks dirmngr
read_config_param "KEYSERVER_DOMAIN_NAME"
nginx_dissite $KEYSERVER_DOMAIN_NAME
remove_certs ${KEYSERVER_DOMAIN_NAME}
if [ -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME ]; then
rm -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME
fi
if [ -d /var/www/$KEYSERVER_DOMAIN_NAME ]; then
rm -rf /var/www/$KEYSERVER_DOMAIN_NAME
fi
function_check remove_ddns_domain
remove_ddns_domain $KEYSERVER_DOMAIN_NAME
remove_config_param KEYSERVER_DOMAIN_NAME
remove_config_param KEYSERVER_CODE
function_check remove_onion_service
remove_onion_service keyserver ${KEYSERVER_ONION_PORT}
remove_onion_service sks 11370 11371 11372
remove_completion_param "install_keyserver"
firewall_remove 11370 tcp
firewall_remove 11371 tcp
firewall_remove 11372 tcp
sed -i '/keyserver/d' $COMPLETION_FILE
sed -i '/sks onion/d' $COMPLETION_FILE
if [ -d /var/lib/sks ]; then
rm -rf /var/lib/sks
fi
}
function install_interactive_keyserver {
if [ ! $ONION_ONLY ]; then
ONION_ONLY='no'
fi
if [[ $ONION_ONLY != "no" ]]; then
KEYSERVER_DOMAIN_NAME='keyserver.local'
write_config_param "KEYSERVER_DOMAIN_NAME" "$KEYSERVER_DOMAIN_NAME"
else
function_check interactive_site_details
interactive_site_details "keyserver" "KEYSERVER_DOMAIN_NAME" "KEYSERVER_CODE"
fi
APP_INSTALLED=1
}
function keyserver_import_keys {
dialog --title $"Import public keys database" \
--backtitle $"Freedombone Control Panel" \
--defaultno \
--yesno $"\nThis will download many gigabytes of data and so depending on your bandwidth it could take several days.\n\nContinue?" 10 60
sel=$?
case $sel in
1) return;;
255) return;;
esac
if [ ! -d /var/lib/sks/dump ]; then
mkdir -p /var/lib/sks/dump
fi
cd /var/lib/sks/dump
echo $'Getting keyserver dump. This may take a few days or longer, so be patient.'
rm -rf /var/lib/sks/dump/*
KEYSERVER_DUMP_URL="https://keyserver.mattrude.com/dump/$(date +%F)/"
wget -crp -e robots=off --level=1 --cut-dirs=3 -nH \
-A pgp,txt $KEYSERVER_DUMP_URL
cd /var/lib/sks
echo $'Building the keyserver database from the downloaded dump'
keyserver_reset_database
}
function keyserver_sync {
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"Sync with other keyserver" \
--form "\nDetails for the other server:" 10 50 3 \
$"Domain:" 1 1 "" 1 18 32 32 \
$"Port:" 2 1 "11370" 2 18 8 8 \
2> $data
sel=$?
case $sel in
1) return;;
255) return;;
esac
other_keyserver_domain=$(cat $data | sed -n 1p)
other_keyserver_port=$(cat $data | sed -n 2p)
if [[ "$other_keyserver_domain" != *'.'* ]]; then
return
fi
if [[ "$other_keyserver_domain" == *' '* ]]; then
return
fi
if [[ "$other_keyserver_port" == *'.'* ]]; then
return
fi
if [[ "$other_keyserver_port" == *' '* ]]; then
return
fi
if [ ${#other_keyserver_domain} -lt 4 ]; then
return
fi
if [ ${#other_keyserver_port} -lt 4 ]; then
return
fi
if grep -q "$other_keyserver_domain $other_keyserver_port" /etc/sks/membership; then
return
fi
if grep -q "$other_keyserver_domain " /etc/sks/membership; then
sed -i "s|$other_keyserver_domain .*|$other_keyserver_domain $other_keyserver_port|g" /etc/sks/membership
else
echo "$other_keyserver_domain $other_keyserver_port" >> /etc/sks/membership
fi
chown -Rc debian-sks: /etc/sks/membership
systemctl restart sks
dialog --title $"Sync with other keyserver" \
--msgbox $"Keyserver added" 6 40
}
function keyserver_edit {
editor /etc/sks/membership
chown -Rc debian-sks: /etc/sks/membership
systemctl restart sks
}
function configure_interactive_keyserver {
while true
do
data=$(tempfile 2>/dev/null)
trap "rm -f $data" 0 1 2 5 15
dialog --backtitle $"Freedombone Control Panel" \
--title $"SKS Keyserver" \
--radiolist $"Choose an operation:" 12 70 4 \
1 $"Sync with other keyserver" off \
2 $"Edit sync keyservers" off \
3 $"Import public keys database" off \
4 $"Exit" on 2> $data
sel=$?
case $sel in
1) return;;
255) return;;
esac
case $(cat $data) in
1) keyserver_sync;;
2) keyserver_edit;;
3) keyserver_import_keys;;
4) break;;
esac
done
}
function install_keyserver {
apt-get -qy install build-essential gcc ocaml libdb-dev wget sks
keyserver_reset_database
sed -i 's|initstart=.*|initstart=yes|g' /etc/default/sks
apt-get -qy install dirmngr
systemctl restart sks
if [ ! -d /var/www/$KEYSERVER_DOMAIN_NAME ]; then
mkdir /var/www/$KEYSERVER_DOMAIN_NAME
fi
cd /var/www/$KEYSERVER_DOMAIN_NAME
if [ -d /var/www/$KEYSERVER_DOMAIN_NAME/htdocs ]; then
rm -rf /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
fi
if [ -d /repos/keyserverweb ]; then
mkdir htdocs
cp -r -p /repos/keyserverweb/. htdocs
cd htdocs
git pull
else
git_clone $KEYSERVER_WEB_REPO htdocs
fi
if [ ! -d /var/www/$KEYSERVER_DOMAIN_NAME/htdocs ]; then
echo $"/var/www/$KEYSERVER_DOMAIN_NAME/htdocs not found"
exit 6539230
fi
cd /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
git checkout $KEYSERVER_WEB_COMMIT -b $KEYSERVER_WEB_COMMIT
set_completion_param "keyserver web commit" "$KEYSERVER_WEB_COMMIT"
USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
if [ ! $GPG_ID ]; then
echo $'No GPG ID for admin user'
exit 846336
fi
if [ ${#GPG_ID} -lt 5 ]; then
echo $'GPG ID not retrieved for admin user'
exit 835292
fi
if [[ "$GPG_ID" == *"error"* ]]; then
echo $'GPG ID not retrieved for admin user due to error'
exit 74825
fi
sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html
sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html
sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html
sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html
sksconf_file=/etc/sks/sksconf
sed -i "s|#hostname:.*|hostname: $KEYSERVER_DOMAIN_NAME|g" $sksconf_file
sed -i "s|hostname:.*|hostname: $KEYSERVER_DOMAIN_NAME|g" $sksconf_file
sed -i "s|#hkp_port:.*|hkp_port: 11373|g" $sksconf_file
sed -i "s|hkp_port:.*|hkp_port: 11373|g" $sksconf_file
sed -i "s|#recon_port:.*|recon_port: 11370|g" $sksconf_file
sed -i "s|recon_port:.*|recon_port: 11370|g" $sksconf_file
sed -i "s|#recon_address:.*|recon_address: 0.0.0.0|g" $sksconf_file
sed -i "s|recon_address:.*|recon_address: 0.0.0.0|g" $sksconf_file
sed -i 's|#hkp_address:.*|hkp_address: 127.0.0.1|g' $sksconf_file
sed -i 's|hkp_address:.*|hkp_address: 127.0.0.1|g' $sksconf_file
if ! grep -q "disable_mailsync" $sksconf_file; then
echo 'disable_mailsync:' >> $sksconf_file
else
sed -i 's|#disable_mailsync:|disable_mailsync:|g' $sksconf_file
fi
if ! grep -q "membership_reload_interval:" $sksconf_file; then
echo 'membership_reload_interval: 1' >> $sksconf_file
else
sed -i 's|#membership_reload_interval:.*|membership_reload_interval: 1|g' $sksconf_file
sed -i 's|membership_reload_interval:.*|membership_reload_interval: 1|g' $sksconf_file
fi
chown debian-sks: $sksconf_file
if ! grep -q "hidden_service_sks" /etc/tor/torrc; then
echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/' >> /etc/tor/torrc
echo "HiddenServicePort 11370 127.0.0.1:11370" >> /etc/tor/torrc
echo "HiddenServicePort 11373 127.0.0.1:11371" >> /etc/tor/torrc
echo "HiddenServicePort 11372 127.0.0.1:11372" >> /etc/tor/torrc
echo $'Added onion site for sks'
fi
onion_update
wait_for_onion_service 'sks'
if [ ! -f /var/lib/tor/hidden_service_sks/hostname ]; then
echo $'sks onion site hostname not found'
exit 8352982
fi
SKS_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_sks/hostname)
KEYSERVER_ONION_HOSTNAME=$(add_onion_service keyserver 80 ${KEYSERVER_ONION_PORT})
keyserver_nginx_site=/etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
# NOTE: without http active on port 80 the keyserver doesn't work
# from the commandline
echo 'server {' > $keyserver_nginx_site
echo ' listen 80;' >> $keyserver_nginx_site
echo ' listen 0.0.0.0:11371;' >> $keyserver_nginx_site
echo ' listen [::]:80;' >> $keyserver_nginx_site
echo " server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' # Logs' >> $keyserver_nginx_site
echo ' access_log /dev/null;' >> $keyserver_nginx_site
echo ' error_log /dev/null;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' # Root' >> $keyserver_nginx_site
echo " root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
echo ' rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' location /pks {' >> $keyserver_nginx_site
echo ' proxy_pass http://127.0.0.1:11373;' >> $keyserver_nginx_site
echo ' proxy_pass_header Server;' >> $keyserver_nginx_site
echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11371 (nginx)\";" >> $keyserver_nginx_site
echo ' proxy_ignore_client_abort on;' >> $keyserver_nginx_site
echo ' client_max_body_size 8m;' >> $keyserver_nginx_site
echo ' }' >> $keyserver_nginx_site
echo '}' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo 'server {' >> $keyserver_nginx_site
echo ' listen 443 ssl;' >> $keyserver_nginx_site
echo ' listen 0.0.0.0:11372 ssl;' >> $keyserver_nginx_site
echo ' listen [::]:443 ssl;' >> $keyserver_nginx_site
echo " server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' error_page 404 /404.html;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site
echo ' deny all;' >> $keyserver_nginx_site
echo ' return 404;' >> $keyserver_nginx_site
echo ' }' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' # Security' >> $keyserver_nginx_site
function_check nginx_ssl
nginx_ssl $KEYSERVER_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
echo ' add_header Strict-Transport-Security max-age=15768000;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' # Logs' >> $keyserver_nginx_site
echo ' access_log /dev/null;' >> $keyserver_nginx_site
echo ' error_log /dev/null;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' # Root' >> $keyserver_nginx_site
echo " root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
echo ' rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' location /pks {' >> $keyserver_nginx_site
echo " proxy_pass http://127.0.0.1:11373;" >> $keyserver_nginx_site
echo ' proxy_pass_header Server;' >> $keyserver_nginx_site
echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11372 (nginx)\";" >> $keyserver_nginx_site
echo ' proxy_ignore_client_abort on;' >> $keyserver_nginx_site
echo ' client_max_body_size 8m;' >> $keyserver_nginx_site
echo ' }' >> $keyserver_nginx_site
echo '}' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
else
echo -n '' > $keyserver_nginx_site
fi
echo 'server {' >> $keyserver_nginx_site
echo " listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;" >> $keyserver_nginx_site
echo " server_name $KEYSERVER_ONION_HOSTNAME;" >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' error_page 404 /404.html;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site
echo ' deny all;' >> $keyserver_nginx_site
echo ' return 404;' >> $keyserver_nginx_site
echo ' }' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
function_check nginx_disable_sniffing
nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
echo '' >> $keyserver_nginx_site
echo ' # Logs' >> $keyserver_nginx_site
echo ' access_log /dev/null;' >> $keyserver_nginx_site
echo ' error_log /dev/null;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' # Root' >> $keyserver_nginx_site
echo " root /var/www/$KEYSERVER_DOMAIN_NAME/mail;" >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
echo ' rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
echo ' rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
echo '' >> $keyserver_nginx_site
echo ' location /pks {' >> $keyserver_nginx_site
echo " proxy_pass http://127.0.0.1:11373;" >> $keyserver_nginx_site
echo ' proxy_pass_header Server;' >> $keyserver_nginx_site
echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_ONION_PORT (nginx)\";" >> $keyserver_nginx_site
echo ' proxy_ignore_client_abort on;' >> $keyserver_nginx_site
echo ' client_max_body_size 8m;' >> $keyserver_nginx_site
echo ' }' >> $keyserver_nginx_site
echo '}' >> $keyserver_nginx_site
function_check create_site_certificate
if [ ! -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem ]; then
create_site_certificate $KEYSERVER_DOMAIN_NAME 'yes'
fi
if [ -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.crt ]; then
mv /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.crt /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem
fi
if [ -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem ]; then
chown root:root /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem
sed -i "s|.crt|.pem|g" /etc/nginx/sites-available/${KEYSERVER_DOMAIN_NAME}
fi
if [ -f /etc/ssl/private/${KEYSERVER_DOMAIN_NAME}.key ]; then
chown root:root /etc/ssl/private/${KEYSERVER_DOMAIN_NAME}.key
fi
chown -R www-data:www-data /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
function_check nginx_ensite
nginx_ensite $KEYSERVER_DOMAIN_NAME
configure_firewall_for_keyserver
# remove membership file - don't try to sync with other keyservers
if [ -f /etc/sks/membership ]; then
rm /etc/sks/membership
fi
systemctl enable sks
systemctl restart sks
systemctl restart nginx
set_completion_param "keyserver domain" "$KEYSERVER_DOMAIN_NAME"
set_completion_param "keyserver onion domain" "$KEYSERVER_ONION_HOSTNAME"
set_completion_param "sks onion domain" "$SKS_ONION_HOSTNAME"
APP_INSTALLED=1
}
# NOTE: deliberately no exit 0
Reference in New Issue View Git Blame Copy Permalink