Work_Archive/VPS-scripts_Web-V2
1
0
Fork 0
Code Issues 3 Pull Requests Packages Projects Releases 11 Wiki Activity

Main: Added fix SSL issue described #12

Browse Source
This commit is contained in:
Bram Prieshof
2021-03-24 15:06:54 +01:00
parent 269998a2af
commit dda74005f5
9 changed files with 25 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CoreModules/apache/conf.sh
View File

@@ -66,9 +66,11 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/to
sed -i -e 's#MONITCONF#'$monitconf'#' -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#' /opt/toggle/toggle-MonitWebui.sh sed -i -e 's#MONITCONF#'$monitconf'#' -e 's/APASRV/'$apacheService'/' -e 's#APADIR#'$apacheConfDir'#' /opt/toggle/toggle-MonitWebui.sh
unset monitconf unset monitconf
# custom Welcome page # custom Welcome page
echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /var/www/html/index.html
#Add Apache as SSL service
echo "$apacheService" >> /etc/ICTM/SslServices
systemctl start $apacheService > $OUTPUT 2>&1 systemctl start $apacheService > $OUTPUT 2>&1
systemctl enable $apacheService > $OUTPUT 2>&1 systemctl enable $apacheService > $OUTPUT 2>&1

4
CoreModules/apache/config/apache2/site_ssl-unconfigured
View File

@@ -6,8 +6,8 @@
<VirtualHost *:443> <VirtualHost *:443>
ServerName DOMAINname ServerName DOMAINname
SSLEngine on SSLEngine on
SSLCertificateFile /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer SSLCertificateFile /etc/acmesh/inst/DOMAINname/fullchain.pem
SSLCertificateKeyFile /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key SSLCertificateKeyFile /etc/acmesh/inst/DOMAINname/key.pem
Include snippets/apa-ssl.conf Include snippets/apa-ssl.conf
#ConfHere #ConfHere

4
CoreModules/apache/config/apache2/site_ssl-wwwredir
View File

@@ -6,8 +6,8 @@
<VirtualHost *:443> <VirtualHost *:443>
ServerName www.DOMAINname ServerName www.DOMAINname
SSLEngine on SSLEngine on
SSLCertificateFile /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer SSLCertificateFile /etc/acmesh/inst/DOMAINname/fullchain.pem
SSLCertificateKeyFile /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key SSLCertificateKeyFile /etc/acmesh/inst/DOMAINname/key.pem
Include snippets/apa-ssl.conf Include snippets/apa-ssl.conf
Redirect permanent / https://DOMAINname/ Redirect permanent / https://DOMAINname/
</VirtualHost> </VirtualHost>

4
CoreModules/nginx/conf.sh
View File

@@ -51,9 +51,11 @@ curl --retry 7 --retry-delay 5 -s "$repo"/raw/"$branchtype"/"$branch"/Scripts/to
sed -i -e 's#MONITCONF#'$monitconf'#' /opt/toggle/toggle-MonitWebui.sh sed -i -e 's#MONITCONF#'$monitconf'#' /opt/toggle/toggle-MonitWebui.sh
unset monitconf unset monitconf
# custom Welcome page # custom Welcome page
echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
#Add Nginx as SSL service
echo "nginx" >> /etc/ICTM/SslServices
systemctl start nginx > $OUTPUT 2>&1 systemctl start nginx > $OUTPUT 2>&1
systemctl enable nginx > $OUTPUT 2>&1 systemctl enable nginx > $OUTPUT 2>&1

6
CoreModules/nginx/config/nginx/site_ssl-unconfigured
View File

@@ -13,9 +13,9 @@ server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name DOMAINname; server_name DOMAINname;
ssl_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; ssl_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem;
ssl_certificate_key /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key; ssl_certificate_key /etc/acmesh/inst/DOMAINname/key.pem;
ssl_trusted_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; ssl_trusted_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem;
include snippets/ngx-ssl.conf; include snippets/ngx-ssl.conf;

6
CoreModules/nginx/config/nginx/site_ssl-wwwredir
View File

@@ -11,9 +11,9 @@ server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name www.DOMAINname; server_name www.DOMAINname;
ssl_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; ssl_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem;
ssl_certificate_key /etc/acmesh/certs/DOMAINname_ecc/DOMAINname.key; ssl_certificate_key /etc/acmesh/inst/DOMAINname/key.pem;
ssl_trusted_certificate /etc/acmesh/certs/DOMAINname_ecc/fullchain.cer; ssl_trusted_certificate /etc/acmesh/inst/DOMAINname/fullchain.pem;
include snippets/ngx-ssl.conf; include snippets/ngx-ssl.conf;
return 301 https://DOMAINname$request_uri; return 301 https://DOMAINname$request_uri;
} }

3
CoreModules/nginx_nonphp/conf.sh
View File

@@ -28,5 +28,8 @@ sed -i -e 's/DOMAINname/'$domain'/g' /etc/nginx/sites-available/"$sitename"_ssl
# custom Welcome page # custom Welcome page
echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html echo "<html><head></head><body>$webserv is functioning normally</body></html>" > /usr/share/nginx/html/index.html
#Add Nginx as SSL service
echo "nginx" >> /etc/ICTM/SslServices
systemctl start nginx > $OUTPUT 2>&1 systemctl start nginx > $OUTPUT 2>&1
systemctl enable nginx > $OUTPUT 2>&1 systemctl enable nginx > $OUTPUT 2>&1

2
Scripts/EnableSSL.sh
View File

@@ -37,6 +37,8 @@ fi
if test $certsatus -eq 0 if test $certsatus -eq 0
then then
site_ext="ssl" site_ext="ssl"
mkdir -p /etc/acmesh/inst/$domain
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --install-cert --ecc --domain $domain --cert-file /etc/acmesh/inst/$domain/cert.pem --key-file /etc/acmesh/inst/$domain/key.pem --ca-file /etc/acmesh/inst/$domain/ca.cer --fullchain-file /etc/acmesh/inst/$domain/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)'
else else
site_ext="nossl" site_ext="nossl"
rm -rf /etc/acmesh/certs/$domain* rm -rf /etc/acmesh/certs/$domain*

4
installer.sh
View File

@@ -671,6 +671,8 @@ if [ $sslenable = 1 ]; then
if test $certsatus -eq 0 if test $certsatus -eq 0
then then
site_ext="ssl" site_ext="ssl"
mkdir -p /etc/acmesh/inst/$domain
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --install-cert --ecc --domain $domain --cert-file /etc/acmesh/inst/$domain/cert.pem --key-file /etc/acmesh/inst/$domain/key.pem --ca-file /etc/acmesh/inst/$domain/ca.cer --fullchain-file /etc/acmesh/inst/$domain/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)'
else else
site_ext="nossl" site_ext="nossl"
rm -rf /etc/acmesh/certs/$domain* rm -rf /etc/acmesh/certs/$domain*
@@ -682,6 +684,8 @@ if [ $sslenable = 1 ]; then
if test $certsatusBackend -eq 0 if test $certsatusBackend -eq 0
then then
siteBackend_ext="ssl" siteBackend_ext="ssl"
mkdir -p /etc/acmesh/inst/$hostname
/opt/acmesh/acme.sh --config-home '/etc/acmesh/data' --install-cert --ecc --domain $hostname --cert-file /etc/acmesh/inst/$hostname/cert.pem --key-file /etc/acmesh/inst/$hostname/key.pem --ca-file /etc/acmesh/inst/$hostname/ca.cer --fullchain-file /etc/acmesh/inst/$hostname/fullchain.pem --reloadcmd 'systemctl reload $(cat /etc/ICTM/SslServices)'
else else
siteBackend_ext="nossl" siteBackend_ext="nossl"
rm -rf /etc/acmesh/certs/$hostname* rm -rf /etc/acmesh/certs/$hostname*