diff options
| author | Simon Rettberg | 2018-01-12 10:44:29 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2018-01-12 10:44:29 +0100 |
| commit | 251297130280ffb18fe869dc47da0e4b0c260fca (patch) | |
| tree | 72f16782effd6bc71a44b827ed75070d2ef7dafa | |
| parent | [CreateLdapconfig] Fall back to homeDirectory for home dir if none was given (diff) | |
| download | tmlite-bwlp-251297130280ffb18fe869dc47da0e4b0c260fca.tar.gz tmlite-bwlp-251297130280ffb18fe869dc47da0e4b0c260fca.tar.xz tmlite-bwlp-251297130280ffb18fe869dc47da0e4b0c260fca.zip | |
[https/backup] Store cert only in separate .pem for further use
| -rwxr-xr-x | scripts/install-https | 33 | ||||
| -rwxr-xr-x | scripts/system-backup | 4 |
2 files changed, 21 insertions, 16 deletions
diff --git a/scripts/install-https b/scripts/install-https index 121fb0e..ecb1b0a 100755 --- a/scripts/install-https +++ b/scripts/install-https @@ -1,14 +1,15 @@ #!/bin/bash -declare -rg CERTFILE="/etc/lighttpd/server.pem" -declare -rg CHAINFILE="/etc/lighttpd/chain.pem" +declare -rg CERT_KEY_FILE="/etc/lighttpd/server.pem" +declare -rg PUB_CERT_FILE="/etc/lighttpd/pub-cert.pem" +declare -rg CHAIN_FILE="/etc/lighttpd/chain.pem" declare -rg REDIR_FLAG="/etc/lighttpd/redirect.flag" op_disable () { - [ -e "$CERTFILE" ] || exit 0 - rm -f -- "$CERTFILE" || exit 1 - rm -f -- "$CHAINFILE" + [ -e "$CERT_KEY_FILE" ] || exit 0 + rm -f -- "$CERT_KEY_FILE" || exit 1 + rm -f -- "$CHAIN_FILE" } op_test () @@ -40,31 +41,33 @@ op_import () local CHAIN=$3 [ -r "$K" ] || exit 2 [ -r "$C" ] || exit 3 - rm -f -- "$CHAINFILE" + rm -f -- "$CHAIN_FILE" # Create server.pem - cat "$C" "$K" > "$CERTFILE" - chmod 0600 "$CERTFILE" || exit 4 + cat "$C" "$K" > "$CERT_KEY_FILE" + chmod 0600 "$CERT_KEY_FILE" || exit 4 rm -f -- "$C" "$K" # If we have a chainfile, try to use it aswell if [ -s "$CHAIN" ]; then - openssl x509 -noout -hash -in "$CHAIN" >/dev/null 2>&1 && cp "$CHAIN" "$CHAINFILE" + openssl x509 -noout -hash -in "$CHAIN" >/dev/null 2>&1 && cp "$CHAIN" "$CHAIN_FILE" fi - generate_dh + post_setup_hook return 0 } op_random () { [ -z "$1" ] && exit 1 - rm -f -- "$CHAINFILE" - openssl req -x509 -new -newkey rsa:4096 -keyout "$CERTFILE" -out "$CERTFILE" -days 5000 -nodes -subj "/C=DE/ST=Nowhere/L=Springfield/O=bwLehrpool/CN=$1" || exit 2 - chmod 0600 "$CERTFILE" || exit 3 - generate_dh + rm -f -- "$CHAIN_FILE" + openssl req -x509 -new -newkey rsa:4096 -keyout "$CERT_KEY_FILE" -out "$CERT_KEY_FILE" -days 5000 -nodes -subj "/C=DE/ST=Nowhere/L=Springfield/O=bwLehrpool/CN=$1" || exit 2 + chmod 0600 "$CERT_KEY_FILE" || exit 3 + post_setup_hook return 0 } -generate_dh () +post_setup_hook () { + rm -f -- "$PUB_CERT_FILE" + openssl x509 -outform pem -in "$CERT_KEY_FILE" -out "$PUB_CERT_FILE" local DHPARAM="/etc/lighttpd/dhparam.pem" if ! [ -s "$DHPARAM" ]; then echo "Generating DH parameters (this takes a while)..." diff --git a/scripts/system-backup b/scripts/system-backup index 780463e..9d65cd2 100755 --- a/scripts/system-backup +++ b/scripts/system-backup @@ -28,7 +28,7 @@ FILELIST=" /opt/openslx/configs /etc/lighttpd/server.pem /etc/lighttpd/chain.pem - /srv/openslx/www/boot/default/config.tgz + /etc/lighttpd/pub-cert.pem " tar --ignore-failed-read -k -c -p -z -f files.tgz $FILELIST # no quotes here! @@ -56,6 +56,8 @@ if ! mv backup.tgz "$FILE"; then exit 1 fi +rm -rf -- /root/backup/1* + echo "Location: $FILE" exit 0 |