adminconf/frontal-web-conf
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove webssh (has its own repo) and add support for root install

Browse Source
This commit is contained in:
Alexandre CATTEAU 2022-08-19 20:28:42 +02:00
parent 7c0cbe8110
commit 43699b8460
3 changed files with 23 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -5,13 +5,12 @@ instance running (for web remote access if need be). We must manually unlock cer
### Files ### Files
* `lighttpd-webssh.conf` is a sub-conf file for lighttpd, making it serve WebSSH. * `lighttpd-webssh.conf` is a sub-conf file for lighttpd, making it serve WebSSH.
* `etc-letsencrypt.mount` allow to unlock and mount encrypted certificates volume. * `etc-letsencrypt.mount` allows to unlock and mount encrypted certificates volume.
* Relevant information should be added to `/etc/crypttab`. * Relevant information should be added to `/etc/crypttab`.
* `etc-letsencrypt.timer` is a timer to automatically start previous unit, **but this is currently not used**. * `etc-letsencrypt.timer` is a timer to automatically start previous unit, **but this is currently not used**.
* `start-lighttpd.conf` is a drop-in Systemd unit file, which starts lighttpd should nginx fail to start. * `start-lighttpd.conf` is a drop-in Systemd unit file, which starts lighttpd should nginx fail to start.
* This is not intended for starting process, more in case of failed (remote) restart of nginx. * This is not intended for starting process, more in case of failed (remote) restart of nginx.
* `wait-for-dns.conf` is a drop-in Systemd unit file, which prevents nginx to start before DNS server is operational. * `wait-for-dns.conf` is a drop-in Systemd unit file, which prevents nginx to start before DNS server is operational.
* `webssh.service` is a service file for WebSSH.
#### Installation #### Installation
* `install.sh` script copies Systemd files to their destination and sets lighttpd conf (and creates a certificate if * `install.sh` script copies Systemd files to their destination and sets lighttpd conf (and creates a certificate if
needed). needed).

39
install.sh
View File

@ -7,33 +7,38 @@ if [ -f $run_directory/.disabled ]; then
exit 0 exit 0
fi fi
echo "Copying Systemd units and drop-ins to system directory..." if [[ $user != 'root' ]]; then
sudo cp $run_directory/webssh.service /etc/systemd/system/ sudo="sudo"
sudo cp $run_directory/etc-letsencrypt.mount /etc/systemd/system/ else
if [ ! -d /etc/systemd/system/nginx.service.d ]; then # TODO sudo=""
mkdir /etc/systemd/system/nginx.service.d
fi fi
sudo cp $run_directory/start-lighttpd.conf /etc/systemd/system/nginx.service.d/
sudo cp $run_directory/wait-for-dns.conf /etc/systemd/system/nginx.service.d/ echo "Copying Systemd units and drop-ins to system directory..."
$sudo cp $run_directory/etc-letsencrypt.mount /etc/systemd/system/
if [ ! -d /etc/systemd/system/nginx.service.d ]; then # TODO
$sudo mkdir /etc/systemd/system/nginx.service.d
fi
$sudo cp $run_directory/start-lighttpd.conf /etc/systemd/system/nginx.service.d/
$sudo cp $run_directory/wait-for-dns.conf /etc/systemd/system/nginx.service.d/
echo "Setting up lighttpd..." echo "Setting up lighttpd..."
sudo cp $run_directory/lighttpd-webssh.conf /etc/lighttpd/conf-available/99-webssh.conf $sudo cp $run_directory/lighttpd-webssh.conf /etc/lighttpd/conf-available/99-webssh.conf
sudo rm /etc/lighttpd/conf-enabled/* $sudo rm /etc/lighttpd/conf-enabled/*
sudo ln -s /etc/lighttpd/conf-available/10-proxy.conf /etc/lighttpd/conf-enabled/ $sudo ln -s /etc/lighttpd/conf-available/10-proxy.conf /etc/lighttpd/conf-enabled/
sudo ln -s /etc/lighttpd/conf-available/10-ssl.conf /etc/lighttpd/conf-enabled/ $sudo ln -s /etc/lighttpd/conf-available/10-ssl.conf /etc/lighttpd/conf-enabled/
sudo ln -s /etc/lighttpd/conf-available/99-webssh.conf /etc/lighttpd/conf-enabled/ $sudo ln -s /etc/lighttpd/conf-available/99-webssh.conf /etc/lighttpd/conf-enabled/
if [ ! -f /etc/lighttpd/server.pem ]; then # TODO if [ ! -f /etc/lighttpd/server.pem ]; then # TODO
echo "Creating an SSL certificate for lighttpd:" echo "Creating an SSL certificate for lighttpd:"
openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out /etc/lighttpd/server.pem -keyout \ $sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out /etc/lighttpd/server.pem -keyout \
/etc/lighttpd/server.pem -subj "/C=/ST=/L=/O=/OU=/CN=" # is it the right way? /etc/lighttpd/server.pem -subj "/C=/ST=/L=/O=/OU=/CN=" # is it the right way?
#chmod o+r /etc/lighttpd/server.pem # needed? #$sudo chmod o+r /etc/lighttpd/server.pem # needed?
fi fi
echo "Reloading Systemd..." echo "Reloading Systemd..."
sudo systemctl daemon-reload $sudo systemctl daemon-reload
echo "Disabling nginx and enabling lighttpd..." echo "Disabling nginx and enabling lighttpd..."
sudo systemctl disable nginx $sudo systemctl disable nginx
sudo systemctl enable lighttpd $sudo systemctl enable lighttpd
echo "Finished install. Exiting..." echo "Finished install. Exiting..."
echo "NOTE: Neither nginx nor lighttpd were started/stopped." echo "NOTE: Neither nginx nor lighttpd were started/stopped."

10
webssh.service
View File

@ -1,10 +0,0 @@
[Unit]
Description=Run Python webssh website
After=network.target
[Service]
User=www-data
ExecStart=/usr/bin/python3 /srv/http/webssh/run.py --address='127.0.0.1' --port=8000
[Install]
WantedBy=default.target