This repository has been archived by the owner on Oct 30, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 98
Webterminal: Added SSL support with existing LE certificates. #130
Merged
Merged
Changes from 6 commits
Commits
Show all changes
9 commits
Select commit
Hold shift + click to select a range
2f1d2dc
Added SSL support with existig LE certs
ludeeus d4796d2
Fixes for sticker-ci
ludeeus 1be018b
Updated documentation.
ludeeus 3cadb7f
Specified which domain to use.
ludeeus b0c5059
Added correct protocol
ludeeus d740c1d
Updated cronjob
ludeeus de307b7
Delayed update part 5 min
ludeeus 8c697f7
Changed logic for setting privkey and fullchain
ludeeus bc5c5c8
changed restart to sto start
ludeeus File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
#!/bin/bash | ||
# Helper script for using LE certificates with Webterminal (shellinabox) | ||
if [ -d "/etc/letsencrypt/live" ]; then | ||
CERTDIR="/etc/letsencrypt/live/" | ||
elif [ -d "/home/homeassistant/dehydrated/certs" ]; then | ||
CERTDIR="/home/homeassistant/dehydrated/certs/" | ||
else | ||
CERTDIR="" | ||
fi | ||
FULLCHAIN=$(find "$CERTDIR" -type f | grep fullchain) | ||
PRIVKEY=$(find "$CERTDIR" -type f | grep privkey) | ||
DOMAIN=$(ls "$CERTDIR") | ||
cat "$FULLCHAIN" "$PRIVKEY" > /var/lib/shellinabox/certificate-"$DOMAIN".pem | ||
chown shellinabox:shellinabox -R /var/lib/shellinabox/ | ||
service shellinabox restart | ||
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Doing it this way would not link the cert but only "copy" it. Preferable would be to create a symlink to the certificate so that it's linked to the used certificate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In every guide I have found, and my own testing. the cert file used for shellinabox has to include both certificate and privkey, is it possible to merge with linking?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I missed that. That would require some strange magic.
Most likely this will stop working as soon as the certificate expires. If your ok with that then we can merge this.
Could you add to the update function to update the certificate if it's there?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I hope not :( that defeats the purpose of the separate webterminalhelper.sh script..
Should't this update the cert for shellinabox 1AM every night?
looking at the timestamp after running the file it looks like that would work.
I can add a note about running that file in the docs?
"Could you add to the update function to update the certificate if it's there?"
Do you mean the update for dehydrated with the DuckDNS script, then no. that will result in certbot certs not being updated.
If this was not what you ment, enlighten me :D
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I missed that part of the webterminalhepler.sh script.
This look great now!