diff --git a/home.admin/config.scripts/blitz.web.sh b/home.admin/config.scripts/blitz.web.sh index 6d3f46458..1891cee86 100755 --- a/home.admin/config.scripts/blitz.web.sh +++ b/home.admin/config.scripts/blitz.web.sh @@ -201,11 +201,27 @@ EOF sudo apt-get install -y python3-jinja2 sudo -H python3 -m pip install j2cli - # use LND cert by default - sudo ln -sf /mnt/hdd/lnd/tls.cert /mnt/hdd/app-data/nginx/tls.cert - sudo ln -sf /mnt/hdd/lnd/tls.key /mnt/hdd/app-data/nginx/tls.key - sudo ln -sf /mnt/hdd/lnd/tls.cert /mnt/hdd/app-data/nginx/tor_tls.cert - sudo ln -sf /mnt/hdd/lnd/tls.key /mnt/hdd/app-data/nginx/tor_tls.key + if [ -f /mnt/hdd/app-data/nginx/tls.cert ];then + if [ -f /mnt/hdd/lnd/tls.cert ]; then + # use LND cert by default + sudo ln -sf /mnt/hdd/lnd/tls.cert /mnt/hdd/app-data/nginx/tls.cert + sudo ln -sf /mnt/hdd/lnd/tls.key /mnt/hdd/app-data/nginx/tls.key + sudo ln -sf /mnt/hdd/lnd/tls.cert /mnt/hdd/app-data/nginx/tor_tls.cert + sudo ln -sf /mnt/hdd/lnd/tls.key /mnt/hdd/app-data/nginx/tor_tls.key + else + # create a self-signed cert if the LND cert is not present + /home/admin/config.scripts/internet.selfsignedcert.sh + + sudo ln -sf /mnt/hdd/app-data/selfsignedcert/selfsigned.cert \ + /mnt/hdd/app-data/nginx/tls.cert + sudo ln -sf /mnt/hdd/app-data/selfsignedcert/selfsigned.key \ + /mnt/hdd/app-data/nginx/tls.key + sudo ln -sf /mnt/hdd/app-data/selfsignedcert/selfsigned.cert \ + /mnt/hdd/app-data/nginx/tor_tls.cert + sudo ln -sf /mnt/hdd/app-data/selfsignedcert/selfsigned.key \ + /mnt/hdd/app-data/nginx/tor_tls.key + fi + fi # config sudo cp /home/admin/assets/blitzweb.conf /etc/nginx/sites-available/blitzweb.conf diff --git a/home.admin/config.scripts/internet.selfsignedcert.sh b/home.admin/config.scripts/internet.selfsignedcert.sh index f8c9efdda..e7140c74e 100755 --- a/home.admin/config.scripts/internet.selfsignedcert.sh +++ b/home.admin/config.scripts/internet.selfsignedcert.sh @@ -1,41 +1,33 @@ +#!/bin/bash + # script to create a self-signed SSL certificate -echo "" -echo "***" -echo "installing Nginx" -echo "***" -echo "" -sudo apt-get install -y nginx -sudo /etc/init.d/nginx start 2>/dev/null +sudo -u bitcoin mkdir /mnt/hdd/app-data/selfsignedcert +cd /mnt/hdd/app-data/selfsignedcert || exit 1 -# Only generate if there is none. Or Electrum will not connect if the cert changed. -if [ -f /etc/ssl/certs/localhost.crt ] ; then - echo "A self-signed certificate is already present" -else - echo "" - echo "***" - echo "Create a self signed SSL certificate" - echo "***" - echo "" - - #https://www.humankode.com/ssl/create-a-selfsigned-certificate-for-nginx-in-5-minutes - #https://stackoverflow.com/questions/8075274/is-it-possible-making-openssl-skipping-the-country-common-name-prompts - echo " +echo "# Create a self signed SSL certificate" +localip=$(ip addr | grep 'state UP' -A2 | egrep -v 'docker0|veth' | grep 'eth0\|wlan0\|enp0' | tail -n1 | awk '{print $2}' | cut -f1 -d'/') + +sudo -u bitcoin openssl genrsa -out selfsigned.key 2048 +#https://www.humankode.com/ssl/create-a-selfsigned-certificate-for-nginx-in-5-minutes +#https://stackoverflow.com/questions/8075274/is-it-possible-making-openssl-skipping-the-country-common-name-prompts + +echo " [req] prompt = no default_bits = 2048 -default_keyfile = localhost.key +default_keyfile = selfsigned.key distinguished_name = req_distinguished_name req_extensions = req_ext x509_extensions = v3_ca [req_distinguished_name] C = US -ST = California -L = Los Angeles -O = Our Company Llc +ST = Texas +L = Lightning Network +O = RaspiBlitz #OU = Org Unit Name -CN = Our Company Llc +CN = RaspiBlitz #emailAddress = info@example.com [req_ext] @@ -47,9 +39,8 @@ subjectAltName = @alt_names [alt_names] DNS.1 = localhost DNS.2 = 127.0.0.1 -" | tee localhost.conf +DNS.3 = $localip +" | sudo -u bitcoin tee localhost.conf - openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -config localhost.conf - sudo mv localhost.crt /etc/ssl/certs/localhost.crt - sudo mv localhost.key /etc/ssl/private/localhost.key -fi \ No newline at end of file +sudo -u bitcoin openssl req -new -x509 -sha256 -key selfsigned.key \ + -out selfsigned.cert -days 3650 -config localhost.conf