summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDevaev Maxim <[email protected]>2021-02-15 04:16:03 +0300
committerDevaev Maxim <[email protected]>2021-02-15 04:16:03 +0300
commit0442ec32647674879545d17bb484418799ab16ed (patch)
treedaf0f91e9ad3e3f297f05ebe50e7e9eb8181808c
parentc2df0c38710fe7686cbbe6cc0d6f725ba1b5e877 (diff)
vnc gencert
Diffstat
-rw-r--r--kvmd.install12
-rwxr-xr-xscripts/kvmd-gencert16
2 files changed, 22 insertions, 6 deletions
diff --git a/kvmd.install b/kvmd.install
index 5e00512b..db2cb3a3 100644
--- a/kvmd.install
+++ b/kvmd.install
@@ -1,7 +1,7 @@
post_install() {
post_upgrade
- echo "==> Generating KVMD certificate ..."
+ echo "==> Generating KVMD-Nginx certificate ..."
kvmd-gencert --do-the-thing
}
@@ -19,6 +19,16 @@ post_upgrade() {
chown kvmd /var/lib/kvmd/msd || true
+ if [ ! -d /etc/kvmd/vnc/ssl ]; then
+ echo "==> Generating KVMD-VNC certificate ..."
+ kvmd-gencert --do-the-thing --vnc
+ fi
+
+ chown root:root /etc/kvmd/vnc/ssl
+ chown root:root /etc/kvmd/nginx/ssl
+ chmod 755 /etc/kvmd/vnc/ssl
+ chmod 755 /etc/kvmd/nginx/ssl
+
echo "==> Patching configs ..."
[ ! -f /boot/config.txt ] || sed -i -e 's/^dtoverlay=pi3-disable-bt$/dtoverlay=disable-bt/g' /boot/config.txt
[ ! -f /boot/config.txt ] || sed -i -e 's/^dtoverlay=dwc2$/dtoverlay=dwc2,dr_mode=peripheral/g' /boot/config.txt
diff --git a/scripts/kvmd-gencert b/scripts/kvmd-gencert
index 5244e9db..f96f0c8f 100755
--- a/scripts/kvmd-gencert
+++ b/scripts/kvmd-gencert
@@ -31,10 +31,16 @@ fi
if [ "$1" != --do-the-thing ]; then
echo "This script will generate new self-signed SSL certificates for KVMD Nginx"
echo "and put them to /etc/kvmd/nginx/ssl. If you're sure of what you're doing,"
- echo "append the option '--do-the-thing' to execute."
+ echo "append the option '--do-the-thing' to execute. You can also append --vnc"
+ echo "to generate a certificate for VNC not for Nginx."
exit 1
fi
+target="nginx"
+if [ "$2" == --vnc ]; then
+ target="vnc"
+fi
+
# XXX: Why ECC?
# https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it
# https://www.digitalocean.com/community/tutorials/how-to-create-an-ecc-certificate-on-nginx-for-debian-8
@@ -44,14 +50,14 @@ set -x
export LC_ALL=C
-mkdir -p /etc/kvmd/nginx/ssl
-cd /etc/kvmd/nginx/ssl
+mkdir -p /etc/kvmd/$target/ssl
+cd /etc/kvmd/$target/ssl
openssl ecparam -out server.key -name prime256v1 -genkey
openssl req -new -x509 -sha256 -nodes -key server.key -out server.crt -days 3650 \
-subj "/C=RU/ST=Moscow/L=Moscow/O=Pi-KVM/OU=Pi-KVM/CN=localhost"
-chown -R root:kvmd-nginx /etc/kvmd/nginx/ssl
+chown root:kvmd-$target /etc/kvmd/$target/ssl/*
chmod 400 server.key
chmod 444 server.crt
-chmod 750 /etc/kvmd/nginx/ssl
+chmod 755 /etc/kvmd/$target/ssl
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-23 05:02:16 +0000