From 6b29e8ff3f2f46a1d8cd9ce704a1dae228ae64a0 Mon Sep 17 00:00:00 2001 From: Alexandre CATTEAU Date: Wed, 16 Nov 2022 18:28:13 +0100 Subject: [PATCH] Add support for providing other certificate --- install.sh | 12 ++++++++---- nginx-blocks/filebrowser | 6 +++--- nginx-blocks/transmission | 6 +++--- variables.conf.template | 7 +++++++ 4 files changed, 21 insertions(+), 10 deletions(-) diff --git a/install.sh b/install.sh index 2a046a2..74baca3 100755 --- a/install.sh +++ b/install.sh @@ -18,8 +18,8 @@ fi echo "Copying Systemd units to system directory..." -if [ ! -f /etc/ssl/cert.crt ]; then - $sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out /etc/ssl/cert.crt -keyout /etc/ssl/cert.key \ +if [ ! -f $crt_path ]; then + $sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out $crt_path -keyout $key_path \ -subj "/C=/ST=/L=/O=/OU=/CN=" fi if [ -d /etc/nginx ]; then @@ -32,7 +32,9 @@ if [ "$filebrowser" = "yes" ]; then $sudo sed -i -e "s/PH_NAS_USER/$nas_user/g" /etc/systemd/system/filebrowser.service $sudo sed -i -e "s:PH_NAS_DIRECTORY:$nas_location:g" /etc/systemd/system/filebrowser.service $sudo cp $run_directory/nginx-blocks/filebrowser /etc/nginx/sites-available/filebrowser - $sudo sed -i -e "s/PH_FQDN/$(hostname)/g" /etc/nginx/sites-available/filebrowser + $sudo sed -i -e "s/PH_SRVNAME/$filebrowser_server_name/g" /etc/nginx/sites-available/filebrowser + $sudo sed -i -e "s:PH_CRT:$crt_path:g" /etc/nginx/sites-available/filebrowser + $sudo sed -i -e "s:PH_KEY:$key_path:g" /etc/nginx/sites-available/filebrowser $sudo ln -sf ../sites-available/filebrowser /etc/nginx/sites-enabled/filebrowser fi @@ -52,7 +54,9 @@ if [ "$dl_server" = "yes" ]; then $sudo sed -i -e "s:PH_DIRECTORY:$run_directory:g" /etc/systemd/system/transmission-vpn.service $sudo cp $run_directory/systemd-templates/transmission-vpn.timer /etc/systemd/system/ $sudo cp $run_directory/nginx-blocks/transmission /etc/nginx/sites-available/transmission - $sudo sed -i -e "s/PH_FQDN/$(hostname)/g" /etc/nginx/sites-available/transmission + $sudo sed -i -e "s/PH_SRVNAME/$transmission_server_name/g" /etc/nginx/sites-available/transmission + $sudo sed -i -e "s:PH_CRT:$crt_path:g" /etc/nginx/sites-available/transmission + $sudo sed -i -e "s:PH_KEY:$key_path:g" /etc/nginx/sites-available/transmission $sudo ln -sf ../sites-available/transmission /etc/nginx/sites-enabled/transmission fi diff --git a/nginx-blocks/filebrowser b/nginx-blocks/filebrowser index 92e10c4..2eb39f9 100644 --- a/nginx-blocks/filebrowser +++ b/nginx-blocks/filebrowser @@ -1,9 +1,9 @@ server { listen 443 ssl; - server_name nas.PH_FQDN; + server_name PH_SRVNAME; - ssl_certificate /etc/ssl/cert.crt; - ssl_certificate_key /etc/ssl/cert.key; + ssl_certificate PH_CRT; + ssl_certificate_key PH_KEY; location / { proxy_pass http://127.0.0.1:8080; diff --git a/nginx-blocks/transmission b/nginx-blocks/transmission index 1fa7365..c6dfc0d 100644 --- a/nginx-blocks/transmission +++ b/nginx-blocks/transmission @@ -1,9 +1,9 @@ server { listen 443 ssl; - server_name dl.PH_FQDN; + server_name PH_SRVNAME; - ssl_certificate /etc/ssl/cert.crt; - ssl_certificate_key /etc/ssl/cert.key; + ssl_certificate PH_CRT; + ssl_certificate_key PH_KEY; location / { proxy_pass http://127.0.0.1:9091; diff --git a/variables.conf.template b/variables.conf.template index 77db1a2..4f15462 100644 --- a/variables.conf.template +++ b/variables.conf.template @@ -5,14 +5,21 @@ nas_location="" nas_user="" +# Paths to X509 certificate and key +# If they do not exist, they will be created as a self-singed certificate +crt_path="/etc/ssl/cert.crt" +key_path="/etc/ssl/cert.key" + # Set up File Browser filebrowser="yes" +filebrowser_server_name="files.$(hostname)" # Set up MiniDLNA dlna_server="yes" # Set up Transmission and OpenVPN dl_server="yes" +transmission_server_name="dl.$(hostname)" real_ip="" # for VPN check authorized_ips="" # for transmission web interface user="" # user for transmission web interface