diff --git a/README.md b/README.md index b0e36a4..2fb7052 100644 --- a/README.md +++ b/README.md @@ -5,13 +5,12 @@ instance running (for web remote access if need be). We must manually unlock cer ### Files * `lighttpd-webssh.conf` is a sub-conf file for lighttpd, making it serve WebSSH. -* `etc-letsencrypt.mount` allow to unlock and mount encrypted certificates volume. +* `etc-letsencrypt.mount` allows to unlock and mount encrypted certificates volume. * Relevant information should be added to `/etc/crypttab`. * `etc-letsencrypt.timer` is a timer to automatically start previous unit, **but this is currently not used**. * `start-lighttpd.conf` is a drop-in Systemd unit file, which starts lighttpd should nginx fail to start. * This is not intended for starting process, more in case of failed (remote) restart of nginx. * `wait-for-dns.conf` is a drop-in Systemd unit file, which prevents nginx to start before DNS server is operational. -* `webssh.service` is a service file for WebSSH. #### Installation * `install.sh` script copies Systemd files to their destination and sets lighttpd conf (and creates a certificate if needed). diff --git a/install.sh b/install.sh index ef70ee9..5f1d532 100644 --- a/install.sh +++ b/install.sh @@ -7,33 +7,38 @@ if [ -f $run_directory/.disabled ]; then exit 0 fi -echo "Copying Systemd units and drop-ins to system directory..." -sudo cp $run_directory/webssh.service /etc/systemd/system/ -sudo cp $run_directory/etc-letsencrypt.mount /etc/systemd/system/ -if [ ! -d /etc/systemd/system/nginx.service.d ]; then # TODO - mkdir /etc/systemd/system/nginx.service.d +if [[ $user != 'root' ]]; then + sudo="sudo" +else + sudo="" fi -sudo cp $run_directory/start-lighttpd.conf /etc/systemd/system/nginx.service.d/ -sudo cp $run_directory/wait-for-dns.conf /etc/systemd/system/nginx.service.d/ + +echo "Copying Systemd units and drop-ins to system directory..." +$sudo cp $run_directory/etc-letsencrypt.mount /etc/systemd/system/ +if [ ! -d /etc/systemd/system/nginx.service.d ]; then # TODO + $sudo mkdir /etc/systemd/system/nginx.service.d +fi +$sudo cp $run_directory/start-lighttpd.conf /etc/systemd/system/nginx.service.d/ +$sudo cp $run_directory/wait-for-dns.conf /etc/systemd/system/nginx.service.d/ echo "Setting up lighttpd..." -sudo cp $run_directory/lighttpd-webssh.conf /etc/lighttpd/conf-available/99-webssh.conf -sudo rm /etc/lighttpd/conf-enabled/* -sudo ln -s /etc/lighttpd/conf-available/10-proxy.conf /etc/lighttpd/conf-enabled/ -sudo ln -s /etc/lighttpd/conf-available/10-ssl.conf /etc/lighttpd/conf-enabled/ -sudo ln -s /etc/lighttpd/conf-available/99-webssh.conf /etc/lighttpd/conf-enabled/ +$sudo cp $run_directory/lighttpd-webssh.conf /etc/lighttpd/conf-available/99-webssh.conf +$sudo rm /etc/lighttpd/conf-enabled/* +$sudo ln -s /etc/lighttpd/conf-available/10-proxy.conf /etc/lighttpd/conf-enabled/ +$sudo ln -s /etc/lighttpd/conf-available/10-ssl.conf /etc/lighttpd/conf-enabled/ +$sudo ln -s /etc/lighttpd/conf-available/99-webssh.conf /etc/lighttpd/conf-enabled/ if [ ! -f /etc/lighttpd/server.pem ]; then # TODO echo "Creating an SSL certificate for lighttpd:" - openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out /etc/lighttpd/server.pem -keyout \ + $sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out /etc/lighttpd/server.pem -keyout \ /etc/lighttpd/server.pem -subj "/C=/ST=/L=/O=/OU=/CN=" # is it the right way? - #chmod o+r /etc/lighttpd/server.pem # needed? + #$sudo chmod o+r /etc/lighttpd/server.pem # needed? fi echo "Reloading Systemd..." -sudo systemctl daemon-reload +$sudo systemctl daemon-reload echo "Disabling nginx and enabling lighttpd..." -sudo systemctl disable nginx -sudo systemctl enable lighttpd +$sudo systemctl disable nginx +$sudo systemctl enable lighttpd echo "Finished install. Exiting..." echo "NOTE: Neither nginx nor lighttpd were started/stopped." diff --git a/webssh.service b/webssh.service deleted file mode 100644 index bf89499..0000000 --- a/webssh.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Run Python webssh website -After=network.target - -[Service] -User=www-data -ExecStart=/usr/bin/python3 /srv/http/webssh/run.py --address='127.0.0.1' --port=8000 - -[Install] -WantedBy=default.target