diff options
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/kvmd-gencert | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/scripts/kvmd-gencert b/scripts/kvmd-gencert index 5244e9db..f96f0c8f 100755 --- a/scripts/kvmd-gencert +++ b/scripts/kvmd-gencert @@ -31,10 +31,16 @@ fi if [ "$1" != --do-the-thing ]; then echo "This script will generate new self-signed SSL certificates for KVMD Nginx" echo "and put them to /etc/kvmd/nginx/ssl. If you're sure of what you're doing," - echo "append the option '--do-the-thing' to execute." + echo "append the option '--do-the-thing' to execute. You can also append --vnc" + echo "to generate a certificate for VNC not for Nginx." exit 1 fi +target="nginx" +if [ "$2" == --vnc ]; then + target="vnc" +fi + # XXX: Why ECC? # https://www.leaderssl.com/articles/345-what-is-ecc-and-why-you-should-use-it # https://www.digitalocean.com/community/tutorials/how-to-create-an-ecc-certificate-on-nginx-for-debian-8 @@ -44,14 +50,14 @@ set -x export LC_ALL=C -mkdir -p /etc/kvmd/nginx/ssl -cd /etc/kvmd/nginx/ssl +mkdir -p /etc/kvmd/$target/ssl +cd /etc/kvmd/$target/ssl openssl ecparam -out server.key -name prime256v1 -genkey openssl req -new -x509 -sha256 -nodes -key server.key -out server.crt -days 3650 \ -subj "/C=RU/ST=Moscow/L=Moscow/O=Pi-KVM/OU=Pi-KVM/CN=localhost" -chown -R root:kvmd-nginx /etc/kvmd/nginx/ssl +chown root:kvmd-$target /etc/kvmd/$target/ssl/* chmod 400 server.key chmod 444 server.crt -chmod 750 /etc/kvmd/nginx/ssl +chmod 755 /etc/kvmd/$target/ssl |