ADD script variables _DEFAULT_SSL_CERT _DEFAULT_SSL_KEY _SSL_SNAKEOIL_CERT _SSL_SNAKEOIL_KEY.
This commit is contained in:
parent
c355af913c
commit
1d713d024d
@ -18,6 +18,9 @@ _MOD_PERL_VERSION=2.0.10
|
|||||||
|
|
||||||
_SEPARATE_LISTEN_DIRECTIVES=false
|
_SEPARATE_LISTEN_DIRECTIVES=false
|
||||||
|
|
||||||
|
_SSL_SNAKEOIL_CERT="/etc/ssl/certs/ssl-cert-snakeoil.pem"
|
||||||
|
_SSL_SNAKEOIL_KEY="/etc/ssl/private/ssl-cert-snakeoil.key"
|
||||||
|
|
||||||
if $_WITH_MOD_FCGID -o $_WITH_MOD_PROXY_FCGI ; then
|
if $_WITH_MOD_FCGID -o $_WITH_MOD_PROXY_FCGI ; then
|
||||||
_WITH_MOD_PHP=false
|
_WITH_MOD_PHP=false
|
||||||
else
|
else
|
||||||
@ -941,6 +944,19 @@ else
|
|||||||
fatal "Installing dependency packages for \"apache2\" failed!"
|
fatal "Installing dependency packages for \"apache2\" failed!"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
#echononl "\tInstall packages 'ssl-cert', 'ssl-cert-check'.."
|
||||||
|
#echo "## - Install packages 'ssl-cert', 'ssl-cert-check'" >> ${_logdir}/main.log
|
||||||
|
#echo "## -" >> ${_logdir}/main.log
|
||||||
|
#echo "DEBIAN_FRONTEND=noninteractive apt-get -y install ssl-cert ssl-cert-check" >> ${_logdir}/main.log
|
||||||
|
#DEBIAN_FRONTEND=noninteractive apt-get -y install ssl-cert ssl-cert-check >> ${_logdir}/main.log 2>&1
|
||||||
|
#if [ "$?" = 0 ]; then
|
||||||
|
# echo_ok
|
||||||
|
#else
|
||||||
|
# echo_failed
|
||||||
|
# fatal "Installing 'ssl-cert', 'ssl-cert-check' failed!"
|
||||||
|
#fi
|
||||||
|
|
||||||
|
|
||||||
## - get sources..
|
## - get sources..
|
||||||
## -
|
## -
|
||||||
echo "" >> ${_logdir}/main.log
|
echo "" >> ${_logdir}/main.log
|
||||||
@ -1891,16 +1907,18 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ]; then
|
|||||||
#notice=""
|
#notice=""
|
||||||
## - copy certification files if present..
|
## - copy certification files if present..
|
||||||
_failed=false
|
_failed=false
|
||||||
|
_DEFAULT_SSL_CERT="${PREFIX}/conf/server-bundle.crt"
|
||||||
|
_DEFAULT_SSL_KEY="${PREFIX}/conf/server.key"
|
||||||
echo "" >> ${_logdir}/main.log
|
echo "" >> ${_logdir}/main.log
|
||||||
echo "## - Set Symlinks for default Server Key/Cert" >> ${_logdir}/main.log
|
echo "## - Set Symlinks for default Server Key/Cert" >> ${_logdir}/main.log
|
||||||
echo "## -" >> ${_logdir}/main.log
|
echo "## -" >> ${_logdir}/main.log
|
||||||
echononl "\tSet Symlinks for default Server Key/Cert.."
|
echononl "\tSet Symlinks for default Server Key/Cert.."
|
||||||
if [ -f "/var/lib/dehydrated/certs/${SERVER_NAME}/fullchain.pem" -a -f "/var/lib/dehydrated/certs/${SERVER_NAME}/privkey.pem" ]; then
|
if [ -f "/var/lib/dehydrated/certs/${SERVER_NAME}/fullchain.pem" -a -f "/var/lib/dehydrated/certs/${SERVER_NAME}/privkey.pem" ]; then
|
||||||
ln -s /var/lib/dehydrated/certs/${SERVER_NAME}/fullchain.pem ${PREFIX}/conf/server-bundle.crt
|
ln -s /var/lib/dehydrated/certs/${SERVER_NAME}/fullchain.pem $_DEFAULT_SSL_CERT
|
||||||
if [[ $? -gt 0 ]];then
|
if [[ $? -gt 0 ]];then
|
||||||
_failed=true
|
_failed=true
|
||||||
fi
|
fi
|
||||||
ln -s /var/lib/dehydrated/certs/${SERVER_NAME}/privkey.pem ${PREFIX}/conf/server.key
|
ln -s /var/lib/dehydrated/certs/${SERVER_NAME}/privkey.pem $_DEFAULT_SSL_KEY
|
||||||
if [[ $? -gt 0 ]];then
|
if [[ $? -gt 0 ]];then
|
||||||
_failed=true
|
_failed=true
|
||||||
fi
|
fi
|
||||||
@ -1909,12 +1927,12 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ]; then
|
|||||||
else
|
else
|
||||||
echo_ok
|
echo_ok
|
||||||
fi
|
fi
|
||||||
elif [ -f /etc/ssl/certs/ssl-cert-snakeoil.pem -a -f /etc/ssl/private/ssl-cert-snakeoil.key ]; then
|
elif [ -f $_SSL_SNAKEOIL_CERT -a -f $_SSL_SNAKEOIL_KEY ]; then
|
||||||
ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem ${PREFIX}/conf/server-bundle.crt
|
ln -s $_SSL_SNAKEOIL_CERT $_DEFAULT_SSL_CERT
|
||||||
if [[ $? -gt 0 ]];then
|
if [[ $? -gt 0 ]];then
|
||||||
_failed=true
|
_failed=true
|
||||||
fi
|
fi
|
||||||
ln -s /etc/ssl/private/ssl-cert-snakeoil.key ${PREFIX}/conf/server.key
|
ln -s $_SSL_SNAKEOIL_KEY $_DEFAULT_SSL_KEY
|
||||||
if [[ $? -gt 0 ]];then
|
if [[ $? -gt 0 ]];then
|
||||||
_failed=true
|
_failed=true
|
||||||
fi
|
fi
|
||||||
@ -1924,11 +1942,11 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ]; then
|
|||||||
echo_ok
|
echo_ok
|
||||||
fi
|
fi
|
||||||
elif [ -f $_srcdir/server-bundle.crt -a -f $_srcdir/server.key ];then
|
elif [ -f $_srcdir/server-bundle.crt -a -f $_srcdir/server.key ];then
|
||||||
cp $_srcdir/server-bundle.crt $PREFIX/conf/
|
cp $_srcdir/server-bundle.crt $_DEFAULT_SSL_CERT
|
||||||
if [[ $? -gt 0 ]];then
|
if [[ $? -gt 0 ]];then
|
||||||
_failed=true
|
_failed=true
|
||||||
fi
|
fi
|
||||||
cp $_srcdir/server.key $PREFIX/conf/
|
cp $_srcdir/server.key $_DEFAULT_SSL_KEY
|
||||||
if [[ $? -gt 0 ]];then
|
if [[ $? -gt 0 ]];then
|
||||||
_failed=true
|
_failed=true
|
||||||
fi
|
fi
|
||||||
@ -1938,8 +1956,10 @@ if [ -f ${PREFIX}/${_rel_confextra_path}/${_file} ]; then
|
|||||||
echo_ok
|
echo_ok
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|
||||||
echo_skipped
|
echo_skipped
|
||||||
warn "SSL Connections are enabled but no (default) certificates\n\t are present. So the webserver will not start."
|
warn "SSL Connections are enabled but no (default) certificates\n\t are present. So the webserver will not start."
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -n "$IP_ADDRESSES" ]] && $SEPARATE_LISTEN_DIRECTIVES ; then
|
if [[ -n "$IP_ADDRESSES" ]] && $SEPARATE_LISTEN_DIRECTIVES ; then
|
||||||
@ -1999,6 +2019,7 @@ EOF
|
|||||||
echo "## - $_file: Set SSLCipherSuite.." >> ${_logdir}/main.log
|
echo "## - $_file: Set SSLCipherSuite.." >> ${_logdir}/main.log
|
||||||
echo "## -" >> ${_logdir}/main.log
|
echo "## -" >> ${_logdir}/main.log
|
||||||
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
|
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
|
||||||
|
echononl "\t$_file: Set SSLCipherSuite.."
|
||||||
sed -i$_backup_suffix -r \
|
sed -i$_backup_suffix -r \
|
||||||
-e "s&^(([ ^t]*SSLCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g" \
|
-e "s&^(([ ^t]*SSLCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g" \
|
||||||
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
|
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
|
||||||
@ -2016,6 +2037,7 @@ EOF
|
|||||||
echo "## - $_file: Set SSLCertificateFile.." >> ${_logdir}/main.log
|
echo "## - $_file: Set SSLCertificateFile.." >> ${_logdir}/main.log
|
||||||
echo "## -" >> ${_logdir}/main.log
|
echo "## -" >> ${_logdir}/main.log
|
||||||
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLCertificateFile ).*)$&## \1\n\2\\\"${PREFIX}/conf/server-bundle.crt\\\"&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
|
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLCertificateFile ).*)$&## \1\n\2\\\"${PREFIX}/conf/server-bundle.crt\\\"&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
|
||||||
|
echononl "\t$_file: Set SSLCertificateFile.."
|
||||||
sed -i$_backup_suffix -r \
|
sed -i$_backup_suffix -r \
|
||||||
-e "s&^(([ ^t]*SSLCertificateFile ).*)$&## \1\n\2\"${PREFIX}/conf/server-bundle.crt\"&g" \
|
-e "s&^(([ ^t]*SSLCertificateFile ).*)$&## \1\n\2\"${PREFIX}/conf/server-bundle.crt\"&g" \
|
||||||
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
|
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
|
||||||
@ -2033,6 +2055,7 @@ EOF
|
|||||||
echo "## - $_file: Set SSLProxyCipherSuite.." >> ${_logdir}/main.log
|
echo "## - $_file: Set SSLProxyCipherSuite.." >> ${_logdir}/main.log
|
||||||
echo "## -" >> ${_logdir}/main.log
|
echo "## -" >> ${_logdir}/main.log
|
||||||
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProxyCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
|
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProxyCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
|
||||||
|
echononl "\t$_file: Set SSLProxyCipherSuite.."
|
||||||
sed -i$_backup_suffix -r \
|
sed -i$_backup_suffix -r \
|
||||||
-e "s&^(([ ^t]*SSLProxyCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g" \
|
-e "s&^(([ ^t]*SSLProxyCipherSuite ).*)$&## \1\n\2${_SSL_Cipher_Suite}&g" \
|
||||||
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
|
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
|
||||||
@ -2050,6 +2073,7 @@ EOF
|
|||||||
echo "## - $_file: Set SSLProtocol.." >> ${_logdir}/main.log
|
echo "## - $_file: Set SSLProtocol.." >> ${_logdir}/main.log
|
||||||
echo "## -" >> ${_logdir}/main.log
|
echo "## -" >> ${_logdir}/main.log
|
||||||
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProtocol ).*)$&## \1\n\2ALL -SSLv3 -SSLv2&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
|
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProtocol ).*)$&## \1\n\2ALL -SSLv3 -SSLv2&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
|
||||||
|
echononl "\t$_file: Set SSLProtocol.."
|
||||||
sed -i$_backup_suffix -r \
|
sed -i$_backup_suffix -r \
|
||||||
-e "s&^(([ ^t]*SSLProtocol ).*)$&## \1\n\2all -SSLv3 -SSLv2&g" \
|
-e "s&^(([ ^t]*SSLProtocol ).*)$&## \1\n\2all -SSLv3 -SSLv2&g" \
|
||||||
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
|
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
|
||||||
@ -2067,6 +2091,7 @@ EOF
|
|||||||
echo "## - $_file: Set SSLProxyProtocol.." >> ${_logdir}/main.log
|
echo "## - $_file: Set SSLProxyProtocol.." >> ${_logdir}/main.log
|
||||||
echo "## -" >> ${_logdir}/main.log
|
echo "## -" >> ${_logdir}/main.log
|
||||||
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProxyProtocol ).*)$&## \1\n\2ALL -SSLv3 -SSLv2&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
|
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*SSLProxyProtocol ).*)$&## \1\n\2ALL -SSLv3 -SSLv2&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
|
||||||
|
echononl "\t$_file: Set SSLProxyProtocol.."
|
||||||
sed -i$_backup_suffix -r \
|
sed -i$_backup_suffix -r \
|
||||||
-e "s&^(([ ^t]*SSLProxyProtocol ).*)$&## \1\n\2all -SSLv3 -SSLv2&g" \
|
-e "s&^(([ ^t]*SSLProxyProtocol ).*)$&## \1\n\2all -SSLv3 -SSLv2&g" \
|
||||||
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
|
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
|
||||||
@ -2083,6 +2108,7 @@ EOF
|
|||||||
echo "## - $_file: Set SSLHonorCipherOrder.." >> ${_logdir}/main.log
|
echo "## - $_file: Set SSLHonorCipherOrder.." >> ${_logdir}/main.log
|
||||||
echo "## -" >> ${_logdir}/main.log
|
echo "## -" >> ${_logdir}/main.log
|
||||||
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*#*[ ^t]*SSLHonorCipherOrder ).*)$&##\1\nSSLHonorCipherOrder on&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
|
echo "sed -i$_backup_suffix -r -e \"s&^(([ ^t]*#*[ ^t]*SSLHonorCipherOrder ).*)$&##\1\nSSLHonorCipherOrder on&g\" ${PREFIX}/${_rel_confextra_path}/${_file}" >> ${_logdir}/main.log
|
||||||
|
echononl "\t$_file: Set SSLHonorCipherOrder.."
|
||||||
sed -i$_backup_suffix -r \
|
sed -i$_backup_suffix -r \
|
||||||
-e "s&^(([ ^t]*#*[ ^t]*SSLHonorCipherOrder ).*)$&##\1\nSSLHonorCipherOrder on&g" \
|
-e "s&^(([ ^t]*#*[ ^t]*SSLHonorCipherOrder ).*)$&##\1\nSSLHonorCipherOrder on&g" \
|
||||||
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
|
${PREFIX}/${_rel_confextra_path}/${_file} >> ${_logdir}/main.log 2>&1
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user