diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index 733a24d42e0dfc6de4844f5959301a1d6791a6de..07697af8fac3f9273ceae2f2c72a70341f7a8daa 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -307,6 +307,9 @@ function update_prosody_modules {
}
function upgrade_xmpp_server {
+ if [ -d /etc/letsencrypt ]; then
+ usermod -a -G ssl-cert prosody
+ fi
function_check update_prosody_modules
update_prosody_modules
@@ -665,29 +668,29 @@ function xmpp_create_config {
echo 'https_interfaces = { "*" }' >> /etc/prosody/prosody.cfg.lua
echo 'https_ssl = {' >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
- echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
+ echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
else
- echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
+ echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
fi
- echo " key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
+ echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
- echo " dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+ echo " dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
echo "}" >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
- echo " key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
+ echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
- echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
+ echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
else
- echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
+ echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
fi
echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
echo ' depth = "1";' >> /etc/prosody/prosody.cfg.lua
echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
- echo " dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+ echo " dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
echo '}' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'c2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
@@ -977,6 +980,9 @@ function install_xmpp_main {
chown -R prosody /usr/lib/prosody
chmod -R 700 /etc/prosody/conf.d
+ if [ -d /etc/letsencrypt ]; then
+ usermod -a -G ssl-cert prosody
+ fi
systemctl restart prosody
if [[ $ONION_ONLY != 'no' ]]; then
diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index 3babfdc522f7ca159bc92094579d17bf569d5d3a..f1be9656295fcd202f864d866e8c53d03708fca5 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -711,24 +711,13 @@ function update_default_domain {
fi
cp /etc/ssl/private/xmpp* /etc/prosody/certs
- cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
cp /etc/ssl/certs/xmpp* /etc/prosody/certs
- cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
- if [ ! -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
- if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
- cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam
- fi
- fi
- if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
- if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
- mv /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem
- fi
- else
- sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
- sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+ if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+ sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+ sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
- sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
- sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
+ sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
+ sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
fi
chown -R prosody:default /etc/prosody
chmod -R 700 /etc/prosody/certs/*