Webterminal: Added SSL support with existing LE certificates.

docs/webterminal.md

@@ -27,5 +27,17 @@ panel_iframe:
     icon: mdi:console
     url: 'http://192.168.1.2:4200'
 ```
+
+#### Notes for SSL
+If you enable the use of existing Let's Encrypt certificates you need to open ports in your firewall to use them.
+
+If SSL is used the panel_iframe has to use the same domain name as the one issued with your certificate.
+```yaml
+panel_iframe:
+  web_terminal:
+    title: 'Web terminal'
+    icon: mdi:console
+    url: 'https://yourdomain.duckdns.org:4200'
+```
 ***
 This script was originally contributed by [@Ludeeus](https://github.com/ludeeus).

package/opt/hassbian/suites/files/webterminalsslhelper.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+# Helper script for using LE certificates with Webterminal (shellinabox)
+if [ -d "/etc/letsencrypt/live" ]; then
+  CERTDIR="/etc/letsencrypt/live/"
+elif [ -d "/home/homeassistant/dehydrated/certs" ]; then
+  CERTDIR="/home/homeassistant/dehydrated/certs/"
+else
+  CERTDIR=""
+fi
+FULLCHAIN=$(find "$CERTDIR" -type f | grep fullchain)
+PRIVKEY=$(find "$CERTDIR" -type f | grep privkey)
+DOMAIN=$(ls "$CERTDIR")
+cat "$FULLCHAIN" "$PRIVKEY" > /var/lib/shellinabox/certificate-"$DOMAIN".pem
+chown shellinabox:shellinabox -R /var/lib/shellinabox/
+service shellinabox restart
+exit 0

package/opt/hassbian/suites/webterminal.sh

@@ -12,25 +12,67 @@ function webterminal-show-copyright-info {
 }
 
 function webterminal-install-package {
+if [ "$ACCEPT" == "true" ]; then # True if `-y` flag is used.
+  if [ -d "/etc/letsencrypt/live" ] || [ -d "/home/homeassistant/dehydrated/certs" ]; then
+    SSL="Y"
+  else
+    SSL="N"
+  fi
+else
+  echo ""
+  echo -n "Do you use SSL (https) with Home Assistant? [N/y] : "
+  read -r SSL
+  if [ ! "$SSL" ]; then
+      SSL="N"
+  fi
+fi
+
 echo "Installing packages."
 sudo apt-get install -y openssl shellinabox
-
 echo "Changing config."
-sudo sed -i 's/--no-beep/--no-beep --disable-ssl/g' /etc/default/shellinabox
+if [ "$SSL" == "y" ] || [ "$SSL" == "Y" ]; then
+  echo "No need to change default configuration, skipping this step..."
+  echo "Checking cert directory..."
+  if [ -d "/etc/letsencrypt/live" ]; then
+    CERTDIR="/etc/letsencrypt/live/"
+  elif [ -d "/home/homeassistant/dehydrated/certs" ]; then
+    CERTDIR="/home/homeassistant/dehydrated/certs/"
+  else
+    CERTDIR=""
+  fi
+  echo "Setting cert fullchain location..."
+  FULLCHAIN=$(find "$CERTDIR" -type f | grep fullchain)
+  echo "Setting cert privkey location..."
+  PRIVKEY=$(find "$CERTDIR" -type f | grep privkey)
+  DOMAIN=$(ls "$CERTDIR")
+  echo "Merging files and adding to correct dir..."
+  cat "$FULLCHAIN" "$PRIVKEY" > /var/lib/shellinabox/certificate-"$DOMAIN".pem
+  chown shellinabox:shellinabox -R /var/lib/shellinabox/
+  echo "Adding crong job to copy certs..."
+  (crontab -l ; echo "0 1 1 * * bash /opt/hassbian/suites/files/webterminalsslhelper.sh >/dev/null 2>&1")| crontab -
+else
+  sed -i 's/--no-beep/--no-beep --disable-ssl/g' /etc/default/shellinabox
+fi
 
 echo "Reloading and starting the service."
-sudo service shellinabox reload
-sudo service shellinabox restart
+service shellinabox reload
+service shellinabox restart
 
 ip_address=$(ifconfig | grep "inet.*broadcast" | grep -v 0.0.0.0 | awk '{print $2}')
 
+if [ "$SSL" == "y" ] || [ "$SSL" == "Y" ]; then
+  PROTOCOL="https"
+else
+  PROTOCOL="http"
+fi
+
 echo "Checking the installation..."
 validation=$(pgrep -f shellinaboxd)
 if [ ! -z "${validation}" ]; then
   echo
   echo -e "\\e[32mInstallation done..\\e[0m"
   echo
-  echo "You can now access the web terminal here: http://$ip_address:4200"
+  echo "You can now access the web terminal here: $PROTOCOL://$ip_address:4200"
   echo "You can also add this to your Home-Assistant config in an 'panel_iframe'"
   echo
 else