Browse Source

Rewrite manage_users to separate how get user and group web

HucSte 2 years ago
parent
commit
4cace39ca7
4 changed files with 84 additions and 15 deletions
  1. 7 1
      TODO
  2. 1 1
      scripts/mng_ssl
  3. 55 0
      scripts/patch
  4. 21 13
      scripts/system

+ 7 - 1
TODO

@@ -1,6 +1,8 @@
 => Let's Encrypt:  Y|N? OK!
 (see explains below...)
-Create User LE!
+Create User LE?
+
+HTTPS HPKP?
 
 => Perishable Press: Y|N?
 
@@ -8,6 +10,10 @@ Create User LE!
 - headers.cfg: if SSL, and manage sub-domains, uncomment line 32, else line 33: NO!
 - system: chown_domains_dirs is called but not really functionally; cause?
 
+=> build script to patch changes onto:
+- cfg.ini
+- headers.cfg
+- others?
 
 ----
 ####

+ 1 - 1
scripts/mng_ssl

@@ -860,7 +860,7 @@ function use_ssl() {
                         letsencrypt_test_certs
 
                         confirm "${mssg_ask_test_letsencrypt_ok}" || {
-                            sed -i -e "s#ssl_use=1#ssl_use=0#" "${file_cfg_site}"
+                            sed -i -e "s#le_test=true#le_test=false#;s#ssl_use=1#ssl_use=0#" "${file_cfg_site}"
                             stop
                         }
                     fi

+ 55 - 0
scripts/patch

@@ -0,0 +1,55 @@
+#!/bin/bash
+#set -x
+
+if ! ${EXEC}; then exit; fi
+
+##########
+### Functions
+##########
+
+# patch_cfg_site
+
+get_actived_domains
+
+for name in "${domains_actived[@]}"; do
+
+    if [ -f "${home}/${name}/config/${name}.cfg.2" ]; then
+
+        # mng section letsencrypt
+        sed -i -e "s#^client=\(.*\)#le_client=\1#" "${home}/${name}/config/${name}.cfg.2"
+
+        sed -i -e "s#^cmd=\(.*\)#le_cmd=\1#" "${home}/${name}/config/${name}.cfg.2"
+
+        if grep -v "le_file_cfg" "${home}/${name}/config/${name}.cfg.2"; then
+            sed -i -e "s#^le_cmd=\(.*\)#le_cmd=\1 \nle_file_cfg=none#" "${home}/${name}/config/${name}.cfg.2"
+        fi
+
+        if grep -v "le_test" "${home}/${name}/config/${name}.cfg.2"; then
+            sed -i -e "s#^le_file_cfg=\(.*\)#le_file_cfg=\1 \nle_test=false#" >> "${home}/${name}/config/${name}.cfg.2"
+        fi
+
+        # mng section ssl
+
+        sed -i -e "s#^CA=\(.*\)#ssl_CA=\1#" "${home}/${name}/config/${name}.cfg.2"
+
+        sed -i -e "s#^use=\(.*\)#ssl_use=\1#" "${home}/${name}/config/${name}.cfg.2"
+
+        if grep -v "ssl_algo" "${home}/${name}/config/${name}.cfg.2"; then
+            sed -i -e "s#^\[ssl\]#\[ssl\] \nssl_algo=rsa#" "${home}/${name}/config/${name}.cfg.2"
+        fi
+
+        if grep -v "ssl_dir" "${home}/${name}/config/${name}.cfg.2"; then
+            sed -i -e "s#^ssl_CA=\(.*\)#ssl_CA=\1 \nssl_dir=default#" >> "${home}/${name}/config/${name}.cfg.2"
+        fi
+
+        if grep -v "ssl_key_length" "${home}/${name}/config/${name}.cfg.2"; then
+            sed -i -e "s#^ssl_dir=\(.*\)#ssl_dir=\1 \nssl_key_length=4096#" >> "${home}/${name}/config/${name}.cfg.2"
+        fi
+
+    fi
+
+    if [ -f "/etc/nginx/cfg/${name}/headers.cfg" ]; then
+        sed -i -e "s#\$ssl_long_seconds#\$ssl_seconds#g" "/etc/nginx/cfg/${name}/headers.cfg"
+    fi
+
+done

+ 21 - 13
scripts/system

@@ -130,7 +130,7 @@ function confirm () {
 
     read -r -p "${1} [y|n] " response
     case "$response" in
-        y|Y|o|O)
+        y|Y|o|O|1)
             true
             ;;
         *)
@@ -263,6 +263,25 @@ function get_mount() {
 
     }
 
+function get_user_web() {
+
+    if [[ -f /etc/nginx/nginx.conf ]]; then
+        user_web="$(awk '/^user/ { print substr($2,0,length($0)-1) }' /etc/nginx/nginx.conf)"
+
+        get_user="$(getent passwd "${user_web}")"
+        if [[ "${get_user}" ]]; then
+            guid_web="$(awk -F ':' '{ print $4 }' <<< "${get_user}")"
+            group_web="$(getent group "${guid_web}" | awk -F ':' '{ print $1 }')"
+            if [[ -z "${home}" ]]; then
+                home="$(awk -F ':' '{ print $6 }' <<< "${get_user}")"
+            fi
+            unset guid_web
+        fi
+        unset get_user
+    fi
+
+    }
+
 function get_web_version() {
 
     case "${server_web}" in
@@ -513,18 +532,7 @@ function manage_scripts() {
 function manage_users() {
 
     # detect group, user nginx
-    if [[ -f /etc/nginx/nginx.conf ]]; then
-        user_web="$(awk '/user/ { print substr($2,0,length($2)-1) }' /etc/nginx/nginx.conf)"
-
-        get_user="$(getent passwd "${user_web}")"
-        if [[ "${get_user}" ]]; then
-            group_web="$(awk -F ':' '{ print $5 }' <<< "${get_user}")"
-            if [[ -z "${home}" ]]; then
-                home="$(awk -F ':' '{ print $6 }' <<< "${get_user}")"
-            fi
-        fi
-        unset get_user
-    fi
+    get_user_web
 
     # build group, user domain
     user="$(echo "${domain}" | sed "s#\.#\-#g;s/\-[[:alnum:]]*$//g")"