mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-23 15:32:33 +00:00
3c4858eeb2
Support the usage of the OpenSSL command-line tool for generating the SSL certificate for uhttpd. Traditionally 'px5g' based on PolarSSL (or mbedTLS in LEDE), has been used for the creation. uhttpd init script is enhanced by adding detection of an installed openssl command-line binary (provided by 'openssl-util' package), and if found, the tool is used for certificate generation. Note: After this patch the script prefers to use the OpenSSL tool if both it and px5g are installed. This enables creating a truly OpenSSL-only version of LuCI without dependency to PolarSSL/mbedTLS based px5g. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
160 lines
3.9 KiB
Bash
Executable File
160 lines
3.9 KiB
Bash
Executable File
#!/bin/sh /etc/rc.common
|
|
# Copyright (C) 2010 Jo-Philipp Wich
|
|
|
|
START=50
|
|
|
|
USE_PROCD=1
|
|
|
|
UHTTPD_BIN="/usr/sbin/uhttpd"
|
|
PX5G_BIN="/usr/sbin/px5g"
|
|
OPENSSL_BIN="/usr/bin/openssl"
|
|
|
|
append_arg() {
|
|
local cfg="$1"
|
|
local var="$2"
|
|
local opt="$3"
|
|
local def="$4"
|
|
local val
|
|
|
|
config_get val "$cfg" "$var"
|
|
[ -n "$val" -o -n "$def" ] && procd_append_param command "$opt" "${val:-$def}"
|
|
}
|
|
|
|
append_bool() {
|
|
local cfg="$1"
|
|
local var="$2"
|
|
local opt="$3"
|
|
local def="$4"
|
|
local val
|
|
|
|
config_get_bool val "$cfg" "$var" "$def"
|
|
[ "$val" = 1 ] && procd_append_param command "$opt"
|
|
}
|
|
|
|
generate_keys() {
|
|
local cfg="$1"
|
|
local key="$2"
|
|
local crt="$3"
|
|
local days bits country state location commonname
|
|
|
|
config_get days "$cfg" days
|
|
config_get bits "$cfg" bits
|
|
config_get country "$cfg" country
|
|
config_get state "$cfg" state
|
|
config_get location "$cfg" location
|
|
config_get commonname "$cfg" commonname
|
|
|
|
# Prefer OpenSSL for certificate generation (existence evaluated last)
|
|
local GENKEY_CMD=""
|
|
[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
|
|
[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -outform der -nodes"
|
|
[ -n "$GENKEY_CMD" ] && {
|
|
$GENKEY_CMD \
|
|
-days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
|
|
-subj /C="${country:-DE}"/ST="${state:-Saxony}"/L="${location:-Leipzig}"/CN="${commonname:-Lede}"
|
|
sync
|
|
mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}"
|
|
mv "${UHTTPD_CERT}.new" "${UHTTPD_CERT}"
|
|
}
|
|
}
|
|
|
|
start_instance()
|
|
{
|
|
UHTTPD_CERT=""
|
|
UHTTPD_KEY=""
|
|
|
|
local cfg="$1"
|
|
local realm="$(uci_get system.@system[0].hostname)"
|
|
local listen http https interpreter indexes path handler
|
|
|
|
procd_open_instance
|
|
procd_set_param respawn
|
|
procd_set_param stderr 1
|
|
procd_set_param command "$UHTTPD_BIN" -f
|
|
|
|
append_arg "$cfg" home "-h"
|
|
append_arg "$cfg" realm "-r" "${realm:-OpenWrt}"
|
|
append_arg "$cfg" config "-c"
|
|
append_arg "$cfg" cgi_prefix "-x"
|
|
[ -f /usr/lib/uhttpd_lua.so ] && {
|
|
config_get handler "$cfg" lua_handler
|
|
[ -f "$handler" ] && append_arg "$cfg" lua_prefix "-l" && {
|
|
procd_append_param command "-L" "$handler"
|
|
}
|
|
}
|
|
[ -f /usr/lib/uhttpd_ubus.so ] && {
|
|
append_arg "$cfg" ubus_prefix "-u"
|
|
append_arg "$cfg" ubus_socket "-U"
|
|
append_bool "$cfg" ubus_cors "-X" 0
|
|
}
|
|
append_arg "$cfg" script_timeout "-t"
|
|
append_arg "$cfg" network_timeout "-T"
|
|
append_arg "$cfg" http_keepalive "-k"
|
|
append_arg "$cfg" tcp_keepalive "-A"
|
|
append_arg "$cfg" error_page "-E"
|
|
append_arg "$cfg" max_requests "-n" 3
|
|
append_arg "$cfg" max_connections "-N"
|
|
|
|
append_bool "$cfg" no_ubusauth "-a" 0
|
|
append_bool "$cfg" no_symlinks "-S" 0
|
|
append_bool "$cfg" no_dirlists "-D" 0
|
|
append_bool "$cfg" rfc1918_filter "-R" 0
|
|
|
|
config_get alias_list "$cfg" alias
|
|
for alias in $alias_list; do
|
|
procd_append_param command -y "$alias"
|
|
done
|
|
|
|
config_get http "$cfg" listen_http
|
|
for listen in $http; do
|
|
procd_append_param command -p "$listen"
|
|
done
|
|
|
|
config_get interpreter "$cfg" interpreter
|
|
for path in $interpreter; do
|
|
procd_append_param command -i "$path"
|
|
done
|
|
|
|
config_get indexes "$cfg" index_page
|
|
for path in $indexes; do
|
|
procd_append_param command -I "$path"
|
|
done
|
|
|
|
config_get https "$cfg" listen_https
|
|
config_get UHTTPD_KEY "$cfg" key /etc/uhttpd.key
|
|
config_get UHTTPD_CERT "$cfg" cert /etc/uhttpd.crt
|
|
|
|
[ -f /lib/libustream-ssl.so ] && [ -n "$https" ] && {
|
|
[ -s "$UHTTPD_CERT" -a -s "$UHTTPD_KEY" ] || {
|
|
config_foreach generate_keys cert
|
|
}
|
|
|
|
[ -f "$UHTTPD_CERT" -a -f "$UHTTPD_KEY" ] && {
|
|
append_arg "$cfg" cert "-C"
|
|
append_arg "$cfg" key "-K"
|
|
|
|
for listen in $https; do
|
|
procd_append_param command -s "$listen"
|
|
done
|
|
}
|
|
|
|
append_bool "$cfg" redirect_https "-q" 0
|
|
}
|
|
|
|
for file in /etc/uhttpd/*.json; do
|
|
[ -s "$file" ] && procd_append_param command -H "$file"
|
|
done
|
|
|
|
procd_close_instance
|
|
}
|
|
|
|
service_triggers()
|
|
{
|
|
procd_add_reload_trigger "uhttpd"
|
|
}
|
|
|
|
start_service() {
|
|
config_load uhttpd
|
|
config_foreach start_instance uhttpd
|
|
}
|