summaryrefslogtreecommitdiffstats
path: root/satellit_upgrader/updater.template.sh
diff options
context:
space:
mode:
authorSimon Rettberg2024-10-08 12:15:59 +0200
committerSimon Rettberg2024-10-08 12:15:59 +0200
commitf82d0f2dcefa9b4cd0dca471ee343ef0fac4d08e (patch)
tree8872b7b7f4d5cb42aec82e080f7d4bf27546740b /satellit_upgrader/updater.template.sh
parent[SS?S] Make slxadmin cron script triggered by systemd timer as well (diff)
downloadsetup-scripts-f82d0f2dcefa9b4cd0dca471ee343ef0fac4d08e.tar.gz
setup-scripts-f82d0f2dcefa9b4cd0dca471ee343ef0fac4d08e.tar.xz
setup-scripts-f82d0f2dcefa9b4cd0dca471ee343ef0fac4d08e.zip
[SS?S] Include acme.sh and according intergration requirements
Diffstat (limited to 'satellit_upgrader/updater.template.sh')
-rw-r--r--satellit_upgrader/updater.template.sh15
1 files changed, 15 insertions, 0 deletions
diff --git a/satellit_upgrader/updater.template.sh b/satellit_upgrader/updater.template.sh
index aa7bf1b..dff0860 100644
--- a/satellit_upgrader/updater.template.sh
+++ b/satellit_upgrader/updater.template.sh
@@ -305,6 +305,12 @@ chmod 0700 "$FILEDIR" # In case we patch passwords into files there
declare -rg DHPARAM="/etc/lighttpd/dhparam.pem"
DH_PID=
if ! [ -s "$DHPARAM" ]; then
+ curl -sS -m 5 "https://ssl-config.mozilla.org/ffdhe2048.txt" > "$DHPARAM"
+fi
+if ! openssl dhparam -noout -in "$DHPARAM" >&2; then
+ rm -f -- "$DHPARAM"
+fi
+if ! [ -s "$DHPARAM" ]; then
openssl dhparam -out "$DHPARAM" 2048 >/dev/null 2>&1 &
DH_PID=$!
fi
@@ -911,6 +917,15 @@ if (( MAJOR >= 10 )); then
sed -r -i 's/^[#\s]*(CipherString =.*)/#\1/' /etc/ssl/openssl.cnf
fi
+# ******************* acme.sh requirements *****************
+#
+mkdir -p /home/taskmanager/{certs,.acme.sh}
+chown taskmanager:taskmanager /home/taskmanager/{certs,.acme.sh}
+chmod 0700 /home/taskmanager/{certs,.acme.sh}
+
+mkdir -p "/srv/openslx/www/.well-known/acme-challenge"
+chown taskmanager:taskmanager "/srv/openslx/www/.well-known/acme-challenge"
+
# ************************** LIGHTY ************************
# XXX
if [ -n "${restart["lighttpd.service"]}" ]; then