vnc gencert

1 files changed, 11 insertions, 5 deletions

diff --git a/scripts/kvmd-gencert b/scripts/kvmd-gencert
index 5244e9db..f96f0c8f 100755
--- a/scripts/kvmd-gencert
+++ b/scripts/kvmd-gencert
@@ -31,10 +31,16 @@ fi
 if [ "$1" != --do-the-thing ]; then
 	echo "This script will generate new self-signed SSL certificates for KVMD Nginx"
 	echo "and put them to /etc/kvmd/nginx/ssl. If you're sure of what you're doing,"
-	echo "append the option '--do-the-thing' to execute."
+	echo "append the option '--do-the-thing' to execute. You can also append --vnc"
+	echo "to generate a certificate for VNC not for Nginx."
 	exit 1
 fi
 
+target="nginx"
+if [ "$2" == --vnc ]; then
+	target="vnc"
+fi
+
 # XXX: Why ECC?
 # https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it
 # https://www.digitalocean.com/community/tutorials/how-to-create-an-ecc-certificate-on-nginx-for-debian-8
@@ -44,14 +50,14 @@ set -x
 
 export LC_ALL=C
 
-mkdir -p /etc/kvmd/nginx/ssl
-cd /etc/kvmd/nginx/ssl
+mkdir -p /etc/kvmd/$target/ssl
+cd /etc/kvmd/$target/ssl
 
 openssl ecparam -out server.key -name prime256v1 -genkey
 openssl req -new -x509 -sha256 -nodes -key server.key -out server.crt -days 3650 \
 	-subj "/C=RU/ST=Moscow/L=Moscow/O=Pi-KVM/OU=Pi-KVM/CN=localhost"
 
-chown -R root:kvmd-nginx /etc/kvmd/nginx/ssl
+chown root:kvmd-$target /etc/kvmd/$target/ssl/*
 chmod 400 server.key
 chmod 444 server.crt
-chmod 750 /etc/kvmd/nginx/ssl
+chmod 755 /etc/kvmd/$target/ssl