GithubFollow/One-KVM
1
0
Fork 0
mirror of https://github.com/mofeng-git/One-KVM.git synced 2025-12-12 01:00:29 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

vnc gencert

Browse Source
This commit is contained in:
Devaev Maxim 2021-02-15 04:16:03 +03:00
parent c2df0c3871
commit 0442ec3264
2 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
kvmd.install
View File

@ -1,7 +1,7 @@
post_install() { post_install() {
post_upgrade post_upgrade
echo "==> Generating KVMD certificate ..." echo "==> Generating KVMD-Nginx certificate ..."
kvmd-gencert --do-the-thing kvmd-gencert --do-the-thing
} }
@ -19,6 +19,16 @@ post_upgrade() {
chown kvmd /var/lib/kvmd/msd || true chown kvmd /var/lib/kvmd/msd || true
if [ ! -d /etc/kvmd/vnc/ssl ]; then
echo "==> Generating KVMD-VNC certificate ..."
kvmd-gencert --do-the-thing --vnc
fi
chown root:root /etc/kvmd/vnc/ssl
chown root:root /etc/kvmd/nginx/ssl
chmod 755 /etc/kvmd/vnc/ssl
chmod 755 /etc/kvmd/nginx/ssl
echo "==> Patching configs ..." echo "==> Patching configs ..."
[ ! -f /boot/config.txt ] || sed -i -e 's/^dtoverlay=pi3-disable-bt$/dtoverlay=disable-bt/g' /boot/config.txt [ ! -f /boot/config.txt ] || sed -i -e 's/^dtoverlay=pi3-disable-bt$/dtoverlay=disable-bt/g' /boot/config.txt
[ ! -f /boot/config.txt ] || sed -i -e 's/^dtoverlay=dwc2$/dtoverlay=dwc2,dr_mode=peripheral/g' /boot/config.txt [ ! -f /boot/config.txt ] || sed -i -e 's/^dtoverlay=dwc2$/dtoverlay=dwc2,dr_mode=peripheral/g' /boot/config.txt

16
scripts/kvmd-gencert
View File

@ -31,10 +31,16 @@ fi
if [ "$1" != --do-the-thing ]; then if [ "$1" != --do-the-thing ]; then
echo "This script will generate new self-signed SSL certificates for KVMD Nginx" echo "This script will generate new self-signed SSL certificates for KVMD Nginx"
echo "and put them to /etc/kvmd/nginx/ssl. If you're sure of what you're doing," echo "and put them to /etc/kvmd/nginx/ssl. If you're sure of what you're doing,"
echo "append the option '--do-the-thing' to execute." echo "append the option '--do-the-thing' to execute. You can also append --vnc"
echo "to generate a certificate for VNC not for Nginx."
exit 1 exit 1
fi fi
target="nginx"
if [ "$2" == --vnc ]; then
target="vnc"
fi
# XXX: Why ECC? # XXX: Why ECC?
# https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it # https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it
# https://www.digitalocean.com/community/tutorials/how-to-create-an-ecc-certificate-on-nginx-for-debian-8 # https://www.digitalocean.com/community/tutorials/how-to-create-an-ecc-certificate-on-nginx-for-debian-8
@ -44,14 +50,14 @@ set -x
export LC_ALL=C export LC_ALL=C
mkdir -p /etc/kvmd/nginx/ssl mkdir -p /etc/kvmd/$target/ssl
cd /etc/kvmd/nginx/ssl cd /etc/kvmd/$target/ssl
openssl ecparam -out server.key -name prime256v1 -genkey openssl ecparam -out server.key -name prime256v1 -genkey
openssl req -new -x509 -sha256 -nodes -key server.key -out server.crt -days 3650 \ openssl req -new -x509 -sha256 -nodes -key server.key -out server.crt -days 3650 \
-subj "/C=RU/ST=Moscow/L=Moscow/O=Pi-KVM/OU=Pi-KVM/CN=localhost" -subj "/C=RU/ST=Moscow/L=Moscow/O=Pi-KVM/OU=Pi-KVM/CN=localhost"
chown -R root:kvmd-nginx /etc/kvmd/nginx/ssl chown root:kvmd-$target /etc/kvmd/$target/ssl/*
chmod 400 server.key chmod 400 server.key
chmod 444 server.crt chmod 444 server.crt
chmod 750 /etc/kvmd/nginx/ssl chmod 755 /etc/kvmd/$target/ssl