mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-28 01:28:59 +00:00
98c86e2970
We add an 'httpauth' section type that contains the options: prefix: What virtual or real URL is being protected username: The username for the Basic Auth dialogue password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue httpauth section names are given included as list items to the instances to which they are to be applied. Further any existing httpd.conf file (really whatever is configured in the instance, but default of /etc/httpd.conf) is appended to the per-instance httpd.conf Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
188 lines
4.7 KiB
Bash
Executable File
188 lines
4.7 KiB
Bash
Executable File
#!/bin/sh /etc/rc.common
|
|
# Copyright (C) 2010 Jo-Philipp Wich
|
|
|
|
START=50
|
|
|
|
USE_PROCD=1
|
|
|
|
UHTTPD_BIN="/usr/sbin/uhttpd"
|
|
PX5G_BIN="/usr/sbin/px5g"
|
|
OPENSSL_BIN="/usr/bin/openssl"
|
|
|
|
append_arg() {
|
|
local cfg="$1"
|
|
local var="$2"
|
|
local opt="$3"
|
|
local def="$4"
|
|
local val
|
|
|
|
config_get val "$cfg" "$var"
|
|
[ -n "$val" -o -n "$def" ] && procd_append_param command "$opt" "${val:-$def}"
|
|
}
|
|
|
|
append_bool() {
|
|
local cfg="$1"
|
|
local var="$2"
|
|
local opt="$3"
|
|
local def="$4"
|
|
local val
|
|
|
|
config_get_bool val "$cfg" "$var" "$def"
|
|
[ "$val" = 1 ] && procd_append_param command "$opt"
|
|
}
|
|
|
|
generate_keys() {
|
|
local cfg="$1"
|
|
local key="$2"
|
|
local crt="$3"
|
|
local days bits country state location commonname
|
|
|
|
config_get days "$cfg" days
|
|
config_get bits "$cfg" bits
|
|
config_get country "$cfg" country
|
|
config_get state "$cfg" state
|
|
config_get location "$cfg" location
|
|
config_get commonname "$cfg" commonname
|
|
|
|
# Prefer px5g for certificate generation (existence evaluated last)
|
|
local GENKEY_CMD=""
|
|
local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
|
|
[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -outform der -nodes"
|
|
[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
|
|
[ -n "$GENKEY_CMD" ] && {
|
|
$GENKEY_CMD \
|
|
-days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
|
|
-subj /C="${country:-DE}"/ST="${state:-Saxony}"/L="${location:-Leipzig}"/O="${commonname:-Lede}$UNIQUEID"/CN="${commonname:-Lede}"
|
|
sync
|
|
mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}"
|
|
mv "${UHTTPD_CERT}.new" "${UHTTPD_CERT}"
|
|
}
|
|
}
|
|
|
|
create_httpauth() {
|
|
local cfg="$1"
|
|
local prefix username password
|
|
|
|
config_get prefix "$cfg" prefix
|
|
config_get username "$cfg" username
|
|
config_get password "$cfg" password
|
|
|
|
if [ -z "$prefix" ] || [ -z "$username" ] || [ -z "$password" ]; then
|
|
return
|
|
fi
|
|
echo "${prefix}:${username}:${password}" >>$httpdconf
|
|
haveauth=1
|
|
}
|
|
|
|
start_instance()
|
|
{
|
|
UHTTPD_CERT=""
|
|
UHTTPD_KEY=""
|
|
|
|
local cfg="$1"
|
|
local realm="$(uci_get system.@system[0].hostname)"
|
|
local listen http https interpreter indexes path handler httpdconf haveauth
|
|
|
|
procd_open_instance
|
|
procd_set_param respawn
|
|
procd_set_param stderr 1
|
|
procd_set_param command "$UHTTPD_BIN" -f
|
|
|
|
config_get config "$cfg" config
|
|
if [ -z "$config" ]; then
|
|
mkdir -p /var/etc/uhttpd
|
|
httpdconf="/var/etc/uhttpd/httpd.${cfg}.conf"
|
|
rm -f ${httpdconf}
|
|
config_list_foreach "$cfg" httpauth create_httpauth
|
|
if [ "$haveauth" = "1" ]; then
|
|
procd_append_param command -c ${httpdconf}
|
|
[ -r /etc/httpd.conf ] && cat /etc/httpd.conf >>/var/etc/uhttpd/httpd.${cfg}.conf
|
|
fi
|
|
fi
|
|
|
|
append_arg "$cfg" home "-h"
|
|
append_arg "$cfg" realm "-r" "${realm:-OpenWrt}"
|
|
append_arg "$cfg" config "-c"
|
|
append_arg "$cfg" cgi_prefix "-x"
|
|
[ -f /usr/lib/uhttpd_lua.so ] && {
|
|
config_get handler "$cfg" lua_handler
|
|
[ -f "$handler" ] && append_arg "$cfg" lua_prefix "-l" && {
|
|
procd_append_param command "-L" "$handler"
|
|
}
|
|
}
|
|
[ -f /usr/lib/uhttpd_ubus.so ] && {
|
|
append_arg "$cfg" ubus_prefix "-u"
|
|
append_arg "$cfg" ubus_socket "-U"
|
|
append_bool "$cfg" ubus_cors "-X" 0
|
|
}
|
|
append_arg "$cfg" script_timeout "-t"
|
|
append_arg "$cfg" network_timeout "-T"
|
|
append_arg "$cfg" http_keepalive "-k"
|
|
append_arg "$cfg" tcp_keepalive "-A"
|
|
append_arg "$cfg" error_page "-E"
|
|
append_arg "$cfg" max_requests "-n" 3
|
|
append_arg "$cfg" max_connections "-N"
|
|
|
|
append_bool "$cfg" no_ubusauth "-a" 0
|
|
append_bool "$cfg" no_symlinks "-S" 0
|
|
append_bool "$cfg" no_dirlists "-D" 0
|
|
append_bool "$cfg" rfc1918_filter "-R" 0
|
|
|
|
config_get alias_list "$cfg" alias
|
|
for alias in $alias_list; do
|
|
procd_append_param command -y "$alias"
|
|
done
|
|
|
|
config_get http "$cfg" listen_http
|
|
for listen in $http; do
|
|
procd_append_param command -p "$listen"
|
|
done
|
|
|
|
config_get interpreter "$cfg" interpreter
|
|
for path in $interpreter; do
|
|
procd_append_param command -i "$path"
|
|
done
|
|
|
|
config_get indexes "$cfg" index_page
|
|
for path in $indexes; do
|
|
procd_append_param command -I "$path"
|
|
done
|
|
|
|
config_get https "$cfg" listen_https
|
|
config_get UHTTPD_KEY "$cfg" key /etc/uhttpd.key
|
|
config_get UHTTPD_CERT "$cfg" cert /etc/uhttpd.crt
|
|
|
|
[ -f /lib/libustream-ssl.so ] && [ -n "$https" ] && {
|
|
[ -s "$UHTTPD_CERT" -a -s "$UHTTPD_KEY" ] || {
|
|
config_foreach generate_keys cert
|
|
}
|
|
|
|
[ -f "$UHTTPD_CERT" -a -f "$UHTTPD_KEY" ] && {
|
|
append_arg "$cfg" cert "-C"
|
|
append_arg "$cfg" key "-K"
|
|
|
|
for listen in $https; do
|
|
procd_append_param command -s "$listen"
|
|
done
|
|
}
|
|
|
|
append_bool "$cfg" redirect_https "-q" 0
|
|
}
|
|
|
|
for file in /etc/uhttpd/*.json; do
|
|
[ -s "$file" ] && procd_append_param command -H "$file"
|
|
done
|
|
|
|
procd_close_instance
|
|
}
|
|
|
|
service_triggers()
|
|
{
|
|
procd_add_reload_trigger "uhttpd"
|
|
}
|
|
|
|
start_service() {
|
|
config_load uhttpd
|
|
config_foreach start_instance uhttpd
|
|
}
|