diff options
author | Simon Rettberg | 2024-10-08 12:15:59 +0200 |
---|---|---|
committer | Simon Rettberg | 2024-10-08 12:15:59 +0200 |
commit | f82d0f2dcefa9b4cd0dca471ee343ef0fac4d08e (patch) | |
tree | 8872b7b7f4d5cb42aec82e080f7d4bf27546740b /satellit_upgrader/updater.template.sh | |
parent | [SS?S] Make slxadmin cron script triggered by systemd timer as well (diff) | |
download | setup-scripts-f82d0f2dcefa9b4cd0dca471ee343ef0fac4d08e.tar.gz setup-scripts-f82d0f2dcefa9b4cd0dca471ee343ef0fac4d08e.tar.xz setup-scripts-f82d0f2dcefa9b4cd0dca471ee343ef0fac4d08e.zip |
[SS?S] Include acme.sh and according intergration requirements
Diffstat (limited to 'satellit_upgrader/updater.template.sh')
-rw-r--r-- | satellit_upgrader/updater.template.sh | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/satellit_upgrader/updater.template.sh b/satellit_upgrader/updater.template.sh index aa7bf1b..dff0860 100644 --- a/satellit_upgrader/updater.template.sh +++ b/satellit_upgrader/updater.template.sh @@ -305,6 +305,12 @@ chmod 0700 "$FILEDIR" # In case we patch passwords into files there declare -rg DHPARAM="/etc/lighttpd/dhparam.pem" DH_PID= if ! [ -s "$DHPARAM" ]; then + curl -sS -m 5 "https://ssl-config.mozilla.org/ffdhe2048.txt" > "$DHPARAM" +fi +if ! openssl dhparam -noout -in "$DHPARAM" >&2; then + rm -f -- "$DHPARAM" +fi +if ! [ -s "$DHPARAM" ]; then openssl dhparam -out "$DHPARAM" 2048 >/dev/null 2>&1 & DH_PID=$! fi @@ -911,6 +917,15 @@ if (( MAJOR >= 10 )); then sed -r -i 's/^[#\s]*(CipherString =.*)/#\1/' /etc/ssl/openssl.cnf fi +# ******************* acme.sh requirements ***************** +# +mkdir -p /home/taskmanager/{certs,.acme.sh} +chown taskmanager:taskmanager /home/taskmanager/{certs,.acme.sh} +chmod 0700 /home/taskmanager/{certs,.acme.sh} + +mkdir -p "/srv/openslx/www/.well-known/acme-challenge" +chown taskmanager:taskmanager "/srv/openslx/www/.well-known/acme-challenge" + # ************************** LIGHTY ************************ # XXX if [ -n "${restart["lighttpd.service"]}" ]; then |