diff options
author | Simon Rettberg | 2017-03-29 10:50:38 +0200 |
---|---|---|
committer | Simon Rettberg | 2017-03-29 10:50:38 +0200 |
commit | 5188b15c3c53e0675d1c275c46b31fd265015c55 (patch) | |
tree | d6712cecd8fe1e0b96e1e4130f19f9f1f3eb1845 | |
parent | [LighttpdHttps] Update script to generate 2048 bit dh params (diff) | |
download | tmlite-bwlp-5188b15c3c53e0675d1c275c46b31fd265015c55.tar.gz tmlite-bwlp-5188b15c3c53e0675d1c275c46b31fd265015c55.tar.xz tmlite-bwlp-5188b15c3c53e0675d1c275c46b31fd265015c55.zip |
[LighttpdHttps] Support setting HTTPS redirection
This implements #3058
-rwxr-xr-x | scripts/install-https | 58 | ||||
-rw-r--r-- | src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java | 59 |
2 files changed, 98 insertions, 19 deletions
diff --git a/scripts/install-https b/scripts/install-https index ad77a97..121fb0e 100755 --- a/scripts/install-https +++ b/scripts/install-https @@ -1,7 +1,8 @@ #!/bin/bash -CERTFILE="/etc/lighttpd/server.pem" -CHAINFILE="/etc/lighttpd/chain.pem" +declare -rg CERTFILE="/etc/lighttpd/server.pem" +declare -rg CHAINFILE="/etc/lighttpd/chain.pem" +declare -rg REDIR_FLAG="/etc/lighttpd/redirect.flag" op_disable () { @@ -76,20 +77,53 @@ generate_dh () fi } -OP=$1 -shift +setup_redirect () +{ + if [ -n "$REDIR" ]; then + touch "$REDIR_FLAG" + else + rm -f -- "$REDIR_FLAG" + fi +} -case "$OP" in - --random) op_random "$@" ;; - --test) op_test "$@" ;; - --import) op_import "$@" ;; - --disable) op_disable ;; +RE_ONLY= +REDIR= +while true; do + case "$1" in + --redirect-only) + RE_ONLY=tru + ;; + --redirect) + REDIR=truh + ;; *) - echo "Invalid operation: $1" - exit 1 + break ;; -esac + esac + shift +done + +setup_redirect + +if [ -z "$RE_ONLY" ]; then + + OP=$1 + shift + + case "$OP" in + --random) op_random "$@" ;; + --test) op_test "$@" ;; + --import) op_import "$@" ;; + --disable) op_disable ;; + *) + echo "Invalid operation: $1" + exit 1 + ;; + esac + +fi +sleep .5 systemctl restart lighttpd exit 0 diff --git a/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java b/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java index 59f3027..08fac2a 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java +++ b/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java @@ -1,6 +1,9 @@ package org.openslx.taskmanager.tasks; import java.io.File; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; import org.openslx.satserver.util.Exec; import org.openslx.satserver.util.Util; @@ -27,6 +30,13 @@ public class LighttpdHttps extends AbstractTask @Expose private String proxyip = null; + @Expose + private boolean redirect; + @Expose + private boolean redirectOnly; + + private List<String> baseCmd = Arrays.asList( new String[] { "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https" } ); + @Override protected boolean initTask() { @@ -37,6 +47,8 @@ public class LighttpdHttps extends AbstractTask @Override protected boolean execute() { + if ( this.redirectOnly ) + return setRedirect(); if ( this.importcert != null && this.importkey != null && !this.importcert.isEmpty() && !this.importkey.isEmpty() ) return createFromInput(); if ( this.proxyip != null && !this.proxyip.isEmpty() ) @@ -46,7 +58,13 @@ public class LighttpdHttps extends AbstractTask private boolean createRandom() { - int ret = Exec.sync( 15, "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--random", this.proxyip ); + List<String> cmd = new ArrayList<>( baseCmd ); + if ( this.redirect ) { + cmd.add( "--redirect" ); + } + cmd.add( "--random" ); + cmd.add( this.proxyip ); + int ret = Exec.sync( 45, cmd.toArray( new String[ cmd.size() ] ) ); if ( ret != 0 ) { status.error = "generator exited with code " + ret; return false; @@ -60,6 +78,7 @@ public class LighttpdHttps extends AbstractTask File tmpKey = null; File tmpCert = null; File tmpChain = null; + List<String> cmd; try { try { tmpCert = File.createTempFile( "bwlp-", ".pem" ); @@ -75,17 +94,26 @@ public class LighttpdHttps extends AbstractTask return false; } int ret; - ret = Exec.sync( 15, "/opt/taskmanager/scripts/install-https", "--test", tmpKey.getAbsolutePath(), tmpCert.getAbsolutePath() ); + cmd = new ArrayList<>( baseCmd ); + cmd.add( "--test" ); + cmd.add( tmpKey.getAbsolutePath() ); + cmd.add( tmpCert.getAbsolutePath() ); + ret = Exec.sync( 45, cmd.toArray( new String[ cmd.size() ] ) ); if ( ret != 0 ) { status.error = "Given key and certificate do not match, or have invalid format (exit code: " + ret + ")"; return false; } + cmd = new ArrayList<>( baseCmd ); + if ( this.redirect ) { + cmd.add( "--redirect" ); + } + cmd.add( "--import" ); + cmd.add( tmpKey.getAbsolutePath() ); + cmd.add( tmpCert.getAbsolutePath() ); if ( tmpChain != null ) { - ret = Exec.sync( 15, "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--import", tmpKey.getAbsolutePath(), tmpCert.getAbsolutePath(), - tmpChain.getAbsolutePath() ); - } else { - ret = Exec.sync( 15, "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--import", tmpKey.getAbsolutePath(), tmpCert.getAbsolutePath() ); + cmd.add( tmpChain.getAbsolutePath() ); } + ret = Exec.sync( 45, cmd.toArray( new String[ cmd.size() ] ) ); if ( ret != 0 ) { status.error = "import exited with code " + ret; return false; @@ -99,9 +127,26 @@ public class LighttpdHttps extends AbstractTask } } + private boolean setRedirect() + { + List<String> cmd = new ArrayList<>( baseCmd ); + cmd.add( "--redirect-only" ); + if ( this.redirect ) { + cmd.add( "--redirect" ); + } + int ret = Exec.sync( 10, cmd.toArray( new String[ cmd.size() ] ) ); + if ( ret != 0 ) { + status.error = "set redirect exited with code " + ret; + return false; + } + return true; + } + private boolean disableHttps() { - int ret = Exec.sync( 15, "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--disable" ); + List<String> cmd = new ArrayList<>( baseCmd ); + cmd.add( "--disable" ); + int ret = Exec.sync( 10, cmd.toArray( new String[ cmd.size() ] ) ); if ( ret != 0 ) { status.error = "disable exited with code " + ret; return false; |