Add easy config for letsencrypt
This commit is contained in:
parent
b53c6891aa
commit
fba529ef91
|
@ -0,0 +1,12 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
/* Set paths for fullchain.pem abnd privkey.pem */
|
||||||
|
$letsencrypt['fullchain'] = file_get_contents("/etc/letsencrypt/live/<domain>/fullchain.pem");
|
||||||
|
$letsencrypt['privkey'] = file_get_contents("/etc/letsencrypt/live/<domain>/privkey.pem");
|
||||||
|
|
||||||
|
/* Please do not change anything below */
|
||||||
|
$letsencrypt['pem_private_key'] = openssl_pkey_get_private($letsencrypt['privkey']);
|
||||||
|
$pem_public_key = openssl_pkey_get_details($letsencrypt['pem_private_key'])['key'];
|
||||||
|
|
||||||
|
$letsencrypt['server.pem'] = $letsencrypt['fullchain'];
|
||||||
|
$letsencrypt['pubkey.pem'] = $pem_public_key;
|
|
@ -46,7 +46,9 @@
|
||||||
@chown($ssldir, $uinfo["uid"]);
|
@chown($ssldir, $uinfo["uid"]);
|
||||||
@chgrp($ssldir, $uinfo["gid"]);
|
@chgrp($ssldir, $uinfo["gid"]);
|
||||||
|
|
||||||
# Fix this. It shouldn't be necessary
|
$pemfile = $ssldir.'/server.pem';
|
||||||
|
create_node_ssl_cert($pemfile);
|
||||||
|
|
||||||
$overview = $spooldir.'/articles-overview.db3';
|
$overview = $spooldir.'/articles-overview.db3';
|
||||||
touch($overview);
|
touch($overview);
|
||||||
@chown($overview, $uinfo["uid"]);
|
@chown($overview, $uinfo["uid"]);
|
||||||
|
@ -59,16 +61,6 @@
|
||||||
@mkdir($logdir,0755,'recursive');
|
@mkdir($logdir,0755,'recursive');
|
||||||
@mkdir($lockdir,0755,'recursive');
|
@mkdir($lockdir,0755,'recursive');
|
||||||
|
|
||||||
$pemfile = $ssldir.'/server.pem';
|
|
||||||
$pubkeyfile = $ssldir.'/pubkey.pem';
|
|
||||||
if((!is_file($pemfile)) || (!is_file($pubkeyfile))) {
|
|
||||||
create_certificate($pemfile, $pubkeyfile);
|
|
||||||
}
|
|
||||||
if(!is_file($webtmp.'/pubkey.txt') && is_file($config_dir.'/ssl/pubkey.pem')) {
|
|
||||||
echo 'Writing pubkey.txt to: '.$webtmp."/pubkey.txt\n";
|
|
||||||
copy($config_dir.'/ssl/pubkey.pem', $webtmp.'/pubkey.txt');
|
|
||||||
}
|
|
||||||
|
|
||||||
if(isset($CONFIG['enable_nocem']) && $CONFIG['enable_nocem'] == true) {
|
if(isset($CONFIG['enable_nocem']) && $CONFIG['enable_nocem'] == true) {
|
||||||
@mkdir($spooldir."nocem",0755,'recursive');
|
@mkdir($spooldir."nocem",0755,'recursive');
|
||||||
exec($CONFIG['php_exec']." ".$config_dir."/scripts/nocem.php");
|
exec($CONFIG['php_exec']." ".$config_dir."/scripts/nocem.php");
|
||||||
|
|
|
@ -73,11 +73,10 @@ $config_path,$groupconfig,$workpath,$path,$spooldir,$nntp_group,$auth_ok;
|
||||||
$auth_ok = 0;
|
$auth_ok = 0;
|
||||||
$user = "";
|
$user = "";
|
||||||
$pass = "";
|
$pass = "";
|
||||||
|
|
||||||
$pemfile = $ssldir.'/server.pem';
|
$pemfile = $ssldir.'/server.pem';
|
||||||
$pubkeyfile = $ssldir.'/pubkey.pem';
|
create_node_ssl_cert($pemfile);
|
||||||
if((!is_file($pemfile)) || (!is_file($pubkeyfile))) {
|
|
||||||
create_certificate($pemfile, $pubkeyfile);
|
|
||||||
}
|
|
||||||
$context = stream_context_create();
|
$context = stream_context_create();
|
||||||
stream_context_set_option($context, 'ssl', 'local_cert', $pemfile);
|
stream_context_set_option($context, 'ssl', 'local_cert', $pemfile);
|
||||||
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
|
stream_context_set_option($context, 'ssl', 'allow_self_signed', true);
|
||||||
|
|
|
@ -1212,6 +1212,52 @@ function get_article_list($thisgroup) {
|
||||||
return(array_unique($ok_article));
|
return(array_unique($ok_article));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function create_node_ssl_cert($pemfile) {
|
||||||
|
global $CONFIG, $ssldir, $webtmp, $config_dir;
|
||||||
|
include $config_dir.'/letsencrypt.inc.php';
|
||||||
|
$pubkeyfile = $ssldir.'/pubkey.pem';
|
||||||
|
|
||||||
|
if((is_file($pemfile)) && (is_file($pubkeyfile)) && (is_file($webtmp.'/pubkey.txt'))) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
/* Use letsencrypt */
|
||||||
|
if((isset($letsencrypt['server.pem'])) && (isset($letsencrypt['pubkey.pem']))) {
|
||||||
|
file_put_contents($pemfile, $letsencrypt['server.pem'].$letsencrypt['privkey']);
|
||||||
|
file_put_contents($pubkeyfile, $letsencrypt['pubkey.pem']);
|
||||||
|
copy($pubkeyfile, $webtmp.'/pubkey.txt');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
/* Create self signed cert */
|
||||||
|
$certificateData = array(
|
||||||
|
"countryName" => "US",
|
||||||
|
"stateOrProvinceName" => "New York",
|
||||||
|
"localityName" => "New York City",
|
||||||
|
"organizationName" => "Rocksolid",
|
||||||
|
"organizationalUnitName" => "Rocksolid Light",
|
||||||
|
"commonName" => $CONFIG['organization'],
|
||||||
|
"emailAddress" => "rocksolid@example.com"
|
||||||
|
);
|
||||||
|
|
||||||
|
// Generate certificate
|
||||||
|
$privateKey = openssl_pkey_new();
|
||||||
|
$certificate = openssl_csr_new($certificateData, $privateKey);
|
||||||
|
$certificate = openssl_csr_sign($certificate, null, $privateKey, 365);
|
||||||
|
|
||||||
|
// Generate PEM file
|
||||||
|
$pem_passphrase = null; // empty for no passphrase
|
||||||
|
$pem = array();
|
||||||
|
openssl_x509_export($certificate, $pem[0]);
|
||||||
|
openssl_pkey_export($privateKey, $pem[1], $pem_passphrase);
|
||||||
|
$pem = implode($pem);
|
||||||
|
|
||||||
|
$pubkey=openssl_pkey_get_details($privateKey);
|
||||||
|
|
||||||
|
// Save PEM file
|
||||||
|
file_put_contents($pemfile, $pem);
|
||||||
|
file_put_contents($pubkeyfile, $pubkey['key']);
|
||||||
|
copy($pubkeyfile, $webtmp.'/pubkey.txt');
|
||||||
|
}
|
||||||
|
|
||||||
function create_certificate($pemfile, $pubkeyfile) {
|
function create_certificate($pemfile, $pubkeyfile) {
|
||||||
global $CONFIG;
|
global $CONFIG;
|
||||||
$certificateData = array(
|
$certificateData = array(
|
||||||
|
|
Loading…
Reference in New Issue