summaryrefslogtreecommitdiffstats
path: root/satellit_upgrader
diff options
context:
space:
mode:
Diffstat (limited to 'satellit_upgrader')
-rw-r--r--satellit_upgrader/updater.template.sh15
1 files changed, 15 insertions, 0 deletions
diff --git a/satellit_upgrader/updater.template.sh b/satellit_upgrader/updater.template.sh
index aa7bf1b..dff0860 100644
--- a/satellit_upgrader/updater.template.sh
+++ b/satellit_upgrader/updater.template.sh
@@ -305,6 +305,12 @@ chmod 0700 "$FILEDIR" # In case we patch passwords into files there
declare -rg DHPARAM="/etc/lighttpd/dhparam.pem"
DH_PID=
if ! [ -s "$DHPARAM" ]; then
+ curl -sS -m 5 "https://ssl-config.mozilla.org/ffdhe2048.txt" > "$DHPARAM"
+fi
+if ! openssl dhparam -noout -in "$DHPARAM" >&2; then
+ rm -f -- "$DHPARAM"
+fi
+if ! [ -s "$DHPARAM" ]; then
openssl dhparam -out "$DHPARAM" 2048 >/dev/null 2>&1 &
DH_PID=$!
fi
@@ -911,6 +917,15 @@ if (( MAJOR >= 10 )); then
sed -r -i 's/^[#\s]*(CipherString =.*)/#\1/' /etc/ssl/openssl.cnf
fi
+# ******************* acme.sh requirements *****************
+#
+mkdir -p /home/taskmanager/{certs,.acme.sh}
+chown taskmanager:taskmanager /home/taskmanager/{certs,.acme.sh}
+chmod 0700 /home/taskmanager/{certs,.acme.sh}
+
+mkdir -p "/srv/openslx/www/.well-known/acme-challenge"
+chown taskmanager:taskmanager "/srv/openslx/www/.well-known/acme-challenge"
+
# ************************** LIGHTY ************************
# XXX
if [ -n "${restart["lighttpd.service"]}" ]; then
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-11-21 17:45:31 +0100