From 31671f61943f46a969db979193e0c2bc1a0f1c15 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sun, 7 May 2017 10:52:00 +0100
Subject: [PATCH] Avoid copying xmpp certs
---
src/freedombone-app-xmpp | 22 ++++++++++++++--------
src/freedombone-utils-web | 21 +++++----------------
2 files changed, 19 insertions(+), 24 deletions(-)
diff --git a/src/freedombone-app-xmpp b/src/freedombone-app-xmpp
index 733a24d42..07697af8f 100755
--- a/src/freedombone-app-xmpp
+++ b/src/freedombone-app-xmpp
@@ -307,6 +307,9 @@ function update_prosody_modules {
}
function upgrade_xmpp_server {
+ if [ -d /etc/letsencrypt ]; then
+ usermod -a -G ssl-cert prosody
+ fi
function_check update_prosody_modules
update_prosody_modules
@@ -665,29 +668,29 @@ function xmpp_create_config {
echo 'https_interfaces = { "*" }' >> /etc/prosody/prosody.cfg.lua
echo 'https_ssl = {' >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
- echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
+ echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
else
- echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
+ echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
fi
- echo " key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
+ echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
- echo " dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+ echo " dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
echo "}" >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
- echo " key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
+ echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
- echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
+ echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
else
- echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
+ echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
fi
echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
echo ' depth = "1";' >> /etc/prosody/prosody.cfg.lua
echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
- echo " dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
+ echo " dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
echo '}' >> /etc/prosody/prosody.cfg.lua
echo '' >> /etc/prosody/prosody.cfg.lua
echo 'c2s_require_encryption = true' >> /etc/prosody/prosody.cfg.lua
@@ -977,6 +980,9 @@ function install_xmpp_main {
chown -R prosody /usr/lib/prosody
chmod -R 700 /etc/prosody/conf.d
+ if [ -d /etc/letsencrypt ]; then
+ usermod -a -G ssl-cert prosody
+ fi
systemctl restart prosody
if [[ $ONION_ONLY != 'no' ]]; then
diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index 3babfdc52..f1be96562 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -711,24 +711,13 @@ function update_default_domain {
fi
cp /etc/ssl/private/xmpp* /etc/prosody/certs
- cp /etc/ssl/private/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
cp /etc/ssl/certs/xmpp* /etc/prosody/certs
- cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}* /etc/prosody/certs
- if [ ! -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
- if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam ]; then
- cp /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam
- fi
- fi
- if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
- if [ ! /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt ]; then
- mv /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem
- fi
- else
- sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
- sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+ if [ /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+ sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
+ sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
- sed -i "s|/etc/prosody/certs/xmpp.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
- sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
+ sed -i "s|/etc/prosody/certs/xmpp.key|/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/prosody.cfg.lua
+ sed -i "s|/etc/prosody/certs/xmpp.crt|/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/prosody.cfg.lua
fi
chown -R prosody:default /etc/prosody
chmod -R 700 /etc/prosody/certs/*
--
GitLab