diff options
| -rw-r--r-- | kvmd.install | 12 | ||||
| -rwxr-xr-x | scripts/kvmd-gencert | 16 |
2 files changed, 22 insertions, 6 deletions
diff --git a/kvmd.install b/kvmd.install index 5e00512b..db2cb3a3 100644 --- a/kvmd.install +++ b/kvmd.install @@ -1,7 +1,7 @@ post_install() { post_upgrade - echo "==> Generating KVMD certificate ..." + echo "==> Generating KVMD-Nginx certificate ..." kvmd-gencert --do-the-thing } @@ -19,6 +19,16 @@ post_upgrade() { chown kvmd /var/lib/kvmd/msd || true + if [ ! -d /etc/kvmd/vnc/ssl ]; then + echo "==> Generating KVMD-VNC certificate ..." + kvmd-gencert --do-the-thing --vnc + fi + + chown root:root /etc/kvmd/vnc/ssl + chown root:root /etc/kvmd/nginx/ssl + chmod 755 /etc/kvmd/vnc/ssl + chmod 755 /etc/kvmd/nginx/ssl + echo "==> Patching configs ..." [ ! -f /boot/config.txt ] || sed -i -e 's/^dtoverlay=pi3-disable-bt$/dtoverlay=disable-bt/g' /boot/config.txt [ ! -f /boot/config.txt ] || sed -i -e 's/^dtoverlay=dwc2$/dtoverlay=dwc2,dr_mode=peripheral/g' /boot/config.txt diff --git a/scripts/kvmd-gencert b/scripts/kvmd-gencert index 5244e9db..f96f0c8f 100755 --- a/scripts/kvmd-gencert +++ b/scripts/kvmd-gencert @@ -31,10 +31,16 @@ fi if [ "$1" != --do-the-thing ]; then echo "This script will generate new self-signed SSL certificates for KVMD Nginx" echo "and put them to /etc/kvmd/nginx/ssl. If you're sure of what you're doing," - echo "append the option '--do-the-thing' to execute." + echo "append the option '--do-the-thing' to execute. You can also append --vnc" + echo "to generate a certificate for VNC not for Nginx." exit 1 fi +target="nginx" +if [ "$2" == --vnc ]; then + target="vnc" +fi + # XXX: Why ECC? # https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it # https://www.digitalocean.com/community/tutorials/how-to-create-an-ecc-certificate-on-nginx-for-debian-8 @@ -44,14 +50,14 @@ set -x export LC_ALL=C -mkdir -p /etc/kvmd/nginx/ssl -cd /etc/kvmd/nginx/ssl +mkdir -p /etc/kvmd/$target/ssl +cd /etc/kvmd/$target/ssl openssl ecparam -out server.key -name prime256v1 -genkey openssl req -new -x509 -sha256 -nodes -key server.key -out server.crt -days 3650 \ -subj "/C=RU/ST=Moscow/L=Moscow/O=Pi-KVM/OU=Pi-KVM/CN=localhost" -chown -R root:kvmd-nginx /etc/kvmd/nginx/ssl +chown root:kvmd-$target /etc/kvmd/$target/ssl/* chmod 400 server.key chmod 444 server.crt -chmod 750 /etc/kvmd/nginx/ssl +chmod 755 /etc/kvmd/$target/ssl |