openwrt/package/network/services/uhttpd/files/uhttpd.init
Hannu Nyman 3c4858eeb2 uhttpd: support using OpenSSL for certificate generation
Support the usage of the OpenSSL command-line tool for generating
the SSL certificate for uhttpd. Traditionally 'px5g' based on
PolarSSL (or mbedTLS in LEDE), has been used for the creation.

uhttpd init script is enhanced by adding detection of an installed
openssl command-line binary (provided by 'openssl-util' package),
and if found, the tool is used for certificate generation.

Note: After this patch the script prefers to use the OpenSSL tool
if both it and px5g are installed.

This enables creating a truly OpenSSL-only version of LuCI
without dependency to PolarSSL/mbedTLS based px5g.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2016-10-05 00:48:19 +02:00

160 lines
3.9 KiB
Bash
Executable File

#!/bin/sh /etc/rc.common
# Copyright (C) 2010 Jo-Philipp Wich
START=50
USE_PROCD=1
UHTTPD_BIN="/usr/sbin/uhttpd"
PX5G_BIN="/usr/sbin/px5g"
OPENSSL_BIN="/usr/bin/openssl"
append_arg() {
local cfg="$1"
local var="$2"
local opt="$3"
local def="$4"
local val
config_get val "$cfg" "$var"
[ -n "$val" -o -n "$def" ] && procd_append_param command "$opt" "${val:-$def}"
}
append_bool() {
local cfg="$1"
local var="$2"
local opt="$3"
local def="$4"
local val
config_get_bool val "$cfg" "$var" "$def"
[ "$val" = 1 ] && procd_append_param command "$opt"
}
generate_keys() {
local cfg="$1"
local key="$2"
local crt="$3"
local days bits country state location commonname
config_get days "$cfg" days
config_get bits "$cfg" bits
config_get country "$cfg" country
config_get state "$cfg" state
config_get location "$cfg" location
config_get commonname "$cfg" commonname
# Prefer OpenSSL for certificate generation (existence evaluated last)
local GENKEY_CMD=""
[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -outform der -nodes"
[ -n "$GENKEY_CMD" ] && {
$GENKEY_CMD \
-days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
-subj /C="${country:-DE}"/ST="${state:-Saxony}"/L="${location:-Leipzig}"/CN="${commonname:-Lede}"
sync
mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}"
mv "${UHTTPD_CERT}.new" "${UHTTPD_CERT}"
}
}
start_instance()
{
UHTTPD_CERT=""
UHTTPD_KEY=""
local cfg="$1"
local realm="$(uci_get system.@system[0].hostname)"
local listen http https interpreter indexes path handler
procd_open_instance
procd_set_param respawn
procd_set_param stderr 1
procd_set_param command "$UHTTPD_BIN" -f
append_arg "$cfg" home "-h"
append_arg "$cfg" realm "-r" "${realm:-OpenWrt}"
append_arg "$cfg" config "-c"
append_arg "$cfg" cgi_prefix "-x"
[ -f /usr/lib/uhttpd_lua.so ] && {
config_get handler "$cfg" lua_handler
[ -f "$handler" ] && append_arg "$cfg" lua_prefix "-l" && {
procd_append_param command "-L" "$handler"
}
}
[ -f /usr/lib/uhttpd_ubus.so ] && {
append_arg "$cfg" ubus_prefix "-u"
append_arg "$cfg" ubus_socket "-U"
append_bool "$cfg" ubus_cors "-X" 0
}
append_arg "$cfg" script_timeout "-t"
append_arg "$cfg" network_timeout "-T"
append_arg "$cfg" http_keepalive "-k"
append_arg "$cfg" tcp_keepalive "-A"
append_arg "$cfg" error_page "-E"
append_arg "$cfg" max_requests "-n" 3
append_arg "$cfg" max_connections "-N"
append_bool "$cfg" no_ubusauth "-a" 0
append_bool "$cfg" no_symlinks "-S" 0
append_bool "$cfg" no_dirlists "-D" 0
append_bool "$cfg" rfc1918_filter "-R" 0
config_get alias_list "$cfg" alias
for alias in $alias_list; do
procd_append_param command -y "$alias"
done
config_get http "$cfg" listen_http
for listen in $http; do
procd_append_param command -p "$listen"
done
config_get interpreter "$cfg" interpreter
for path in $interpreter; do
procd_append_param command -i "$path"
done
config_get indexes "$cfg" index_page
for path in $indexes; do
procd_append_param command -I "$path"
done
config_get https "$cfg" listen_https
config_get UHTTPD_KEY "$cfg" key /etc/uhttpd.key
config_get UHTTPD_CERT "$cfg" cert /etc/uhttpd.crt
[ -f /lib/libustream-ssl.so ] && [ -n "$https" ] && {
[ -s "$UHTTPD_CERT" -a -s "$UHTTPD_KEY" ] || {
config_foreach generate_keys cert
}
[ -f "$UHTTPD_CERT" -a -f "$UHTTPD_KEY" ] && {
append_arg "$cfg" cert "-C"
append_arg "$cfg" key "-K"
for listen in $https; do
procd_append_param command -s "$listen"
done
}
append_bool "$cfg" redirect_https "-q" 0
}
for file in /etc/uhttpd/*.json; do
[ -s "$file" ] && procd_append_param command -H "$file"
done
procd_close_instance
}
service_triggers()
{
procd_add_reload_trigger "uhttpd"
}
start_service() {
config_load uhttpd
config_foreach start_instance uhttpd
}