From dc3605612a0391e45b72dcd345a5c83c600336a9 Mon Sep 17 00:00:00 2001
From: Alexandre CATTEAU <alexandre.catteau@gmail.com>
Date: Sun, 3 Dec 2023 17:45:08 +0100
Subject: [PATCH] Unarchive this repo and big revamp

---
 README.md               | 18 +++++-------------
 install.sh              | 28 ++++++++++++++++++++++++++--
 variables.conf.template |  7 ++++---
 webssh.service          |  3 +--
 4 files changed, 36 insertions(+), 20 deletions(-)

diff --git a/README.md b/README.md
index e3f0caf..d69146a 100644
--- a/README.md
+++ b/README.md
@@ -2,25 +2,17 @@
 
 This is just a Systemd service unit for [WebSSH](https://github.com/huashengdun/webssh) web app.
 
+Following the release of version 1.6.2, we now install it in an applicative container
+[directly from PIP](https://github.com/huashengdun/webssh#quickstart).
+
 ### Files
 * `webssh.service` is a Systemd units template for WebSSH.
 #### Installation
 * `install.sh` script copies the Systemd template to its destination, with the correct path (set in `variables.conf`).
 
 ### Note
-For this service to be correctly accessed through reverse proxy, you need the following parameters (Nginx example):
-```
-location / {
-  proxy_pass                            http://localhost:8000/;
-  proxy_http_version                    1.1;
-  proxy_set_header Upgrade              $http_upgrade;
-  proxy_set_header Connection           "Upgrade";
-  proxy_set_header Host                 $http_host;
-  proxy_set_header X-Real-IP            $remote_addr;
-  proxy_set_header X-Real-PORT          $remote_port;
-  add_header Strict-Transport-Security  "max-age=31536000; includeSubDomains";
-}
-```
+For this service to be correctly accessed through reverse proxy, you need specific parameters. See
+[official documentation](https://github.com/huashengdun/webssh#deployment).
 
 ### TODO
 * RAS
diff --git a/install.sh b/install.sh
index 8eae2d7..14d9bfc 100755
--- a/install.sh
+++ b/install.sh
@@ -10,17 +10,41 @@ if [ -f $run_directory/.disabled ]; then
   exit 0
 fi
 
+if [ -f /usr/lib/python3.11/site-packages/webssh/handler.py ]; then
+  echo "Alter WebSSH configuration to remove SSH key passphrase from error message..."
+  if [[ $user != 'root' ]]; then
+    sudo sed -i -e "s/or wrong passphrase {} for decrypting it/or wrong passphrase for decrypting it/g"
+  else
+    sed -i -e "s/or wrong passphrase {} for decrypting it/or wrong passphrase for decrypting it/g"
+  fi
+else
+  echo "WARNING: Could not find webssh directory! Could be due to major Python upgrade, or you not using PIP package."
+fi
+
+if [ ! -f $keyfile ] || [ ! -f $certfile ]; then
+  echo "Creating self-signed certificate for web server..."
+  if [[ $user != 'root' ]]; then
+    sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out $certfile -keyout $keyfile \
+    -subj "/C=/ST=/L=/O=/OU=/CN="
+  else
+    openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out $certfile -keyout $keyfile \
+    -subj "/C=/ST=/L=/O=/OU=/CN="
+  fi
+fi
+
 echo "Copying WebSSH unit to system directory..."
 if [[ $user != 'root' ]]; then
   sudo cp webssh.service /etc/systemd/system/
-  sudo sed -i -e "s:PH_PATH:$webssh_path:g" /etc/systemd/system/webssh.service
   sudo sed -i -e "s:PH_ADDR:$address:g" /etc/systemd/system/webssh.service
   sudo sed -i -e "s:PH_PORT:$port:g" /etc/systemd/system/webssh.service
+  sudo sed -i -e "s:PH_CRT:$certfile:g" /etc/systemd/system/webssh.service
+  sudo sed -i -e "s:PH_KEY:$keyfile:g" /etc/systemd/system/webssh.service
 else
   cp webssh.service /etc/systemd/system/
-  sed -i -e "s:PH_PATH:$webssh_path:g" /etc/systemd/system/webssh.service
   sed -i -e "s:PH_ADDR:$address:g" /etc/systemd/system/webssh.service
   sed -i -e "s:PH_PORT:$port:g" /etc/systemd/system/webssh.service
+  sed -i -e "s:PH_CRT:$certfile:g" /etc/systemd/system/webssh.service
+  sed -i -e "s:PH_KEY:$keyfile:g" /etc/systemd/system/webssh.service
 fi
 echo "Reloading Systemd..."
 if [[ $user != 'root' ]]; then
diff --git a/variables.conf.template b/variables.conf.template
index 7e07162..73b3fee 100644
--- a/variables.conf.template
+++ b/variables.conf.template
@@ -2,6 +2,7 @@
 
 # Copy this file as variables.conf, with the correct values
 
-webssh_path=
-address=127.0.0.1
-port=8000
+address=0.0.0.0
+port=4433
+certfile=/etc/ssl/cert.crt
+keyfile=/etc/ssl/private/cert.key
diff --git a/webssh.service b/webssh.service
index 67737d4..afbac26 100644
--- a/webssh.service
+++ b/webssh.service
@@ -3,8 +3,7 @@ Description=Run Python webssh web app
 After=network.target
 
 [Service]
-User=www-data
-ExecStart=/usr/bin/python3 PH_PATH --address='PH_ADDR' --port=PH_PORT
+ExecStart=/usr/bin/wssh --address='PH_ADDR' --sslport=PH_PORT --certfile='PH_CRT' --keyfile='PH_KEY'
 
 [Install]
 WantedBy=default.target