diff --git a/docs/webterminal.md b/docs/webterminal.md index 3b9d016a..18bee597 100644 --- a/docs/webterminal.md +++ b/docs/webterminal.md @@ -27,5 +27,17 @@ panel_iframe: icon: mdi:console url: 'http://192.168.1.2:4200' ``` + +#### Notes for SSL +If you enable the use of existing Let's Encrypt certificates you need to open ports in your firewall to use them. + +If SSL is used the panel_iframe has to use the same domain name as the one issued with your certificate. +```yaml +panel_iframe: + web_terminal: + title: 'Web terminal' + icon: mdi:console + url: 'https://yourdomain.duckdns.org:4200' +``` *** This script was originally contributed by [@Ludeeus](https://github.com/ludeeus). diff --git a/package/opt/hassbian/suites/files/webterminalsslhelper.sh b/package/opt/hassbian/suites/files/webterminalsslhelper.sh new file mode 100644 index 00000000..6bec5d1f --- /dev/null +++ b/package/opt/hassbian/suites/files/webterminalsslhelper.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Helper script for using LE certificates with Webterminal (shellinabox) +if [ -d "/etc/letsencrypt/live" ]; then + CERTDIR="/etc/letsencrypt/live/" +elif [ -d "/home/homeassistant/dehydrated/certs" ]; then + CERTDIR="/home/homeassistant/dehydrated/certs/" +else + CERTDIR="" +fi +DOMAIN=$(ls "$CERTDIR") +cat "$CERTDIR$DOMAIN/fullchain.pem" "$CERTDIR$DOMAIN/privkey.pem" > /var/lib/shellinabox/certificate-"$DOMAIN".pem +chown shellinabox:shellinabox -R /var/lib/shellinabox/ +service shellinabox reload +service shellinabox stop +service shellinabox start +exit 0 diff --git a/package/opt/hassbian/suites/webterminal.sh b/package/opt/hassbian/suites/webterminal.sh index 76fab747..64bd003f 100644 --- a/package/opt/hassbian/suites/webterminal.sh +++ b/package/opt/hassbian/suites/webterminal.sh @@ -12,25 +12,64 @@ function webterminal-show-copyright-info { } function webterminal-install-package { +if [ "$ACCEPT" == "true" ]; then # True if `-y` flag is used. + if [ -d "/etc/letsencrypt/live" ] || [ -d "/home/homeassistant/dehydrated/certs" ]; then + SSL="Y" + else + SSL="N" + fi +else + echo "" + echo -n "Do you use SSL (https) with Home Assistant? [N/y] : " + read -r SSL + if [ ! "$SSL" ]; then + SSL="N" + fi +fi + echo "Installing packages." sudo apt-get install -y openssl shellinabox - echo "Changing config." -sudo sed -i 's/--no-beep/--no-beep --disable-ssl/g' /etc/default/shellinabox +if [ "$SSL" == "y" ] || [ "$SSL" == "Y" ]; then + echo "No need to change default configuration, skipping this step..." + echo "Checking cert directory..." + if [ -d "/etc/letsencrypt/live" ]; then + CERTDIR="/etc/letsencrypt/live/" + elif [ -d "/home/homeassistant/dehydrated/certs" ]; then + CERTDIR="/home/homeassistant/dehydrated/certs/" + else + CERTDIR="" + fi + echo "Merging files and adding to correct dir..." + DOMAIN=$(ls "$CERTDIR") + cat "$CERTDIR$DOMAIN/fullchain.pem" "$CERTDIR$DOMAIN/privkey.pem" > /var/lib/shellinabox/certificate-"$DOMAIN".pem + chown shellinabox:shellinabox -R /var/lib/shellinabox/ + echo "Adding crong job to copy certs..." + (crontab -l ; echo "5 1 1 * * bash /opt/hassbian/suites/files/webterminalsslhelper.sh >/dev/null 2>&1")| crontab - +else + sed -i 's/--no-beep/--no-beep --disable-ssl/g' /etc/default/shellinabox +fi echo "Reloading and starting the service." -sudo service shellinabox reload -sudo service shellinabox restart +service shellinabox reload +service shellinabox stop +service shellinabox start ip_address=$(ifconfig | grep "inet.*broadcast" | grep -v 0.0.0.0 | awk '{print $2}') +if [ "$SSL" == "y" ] || [ "$SSL" == "Y" ]; then + PROTOCOL="https" +else + PROTOCOL="http" +fi + echo "Checking the installation..." validation=$(pgrep -f shellinaboxd) if [ ! -z "${validation}" ]; then echo echo -e "\\e[32mInstallation done..\\e[0m" echo - echo "You can now access the web terminal here: http://$ip_address:4200" + echo "You can now access the web terminal here: $PROTOCOL://$ip_address:4200" echo "You can also add this to your Home-Assistant config in an 'panel_iframe'" echo else