kopia lustrzana https://github.com/alecmuffett/eotk
commit: work in progress is stable
rodzic
70a222bd01
commit
ad72747535
2
eotk
2
eotk
|
@ -370,7 +370,7 @@ Configure() {
|
||||||
fi
|
fi
|
||||||
done 2>$log
|
done 2>$log
|
||||||
|
|
||||||
Print done. logfile is $log.
|
Print done. logfile is $log
|
||||||
}
|
}
|
||||||
|
|
||||||
# argument 'parser' - ha!
|
# argument 'parser' - ha!
|
||||||
|
|
|
@ -239,7 +239,7 @@ sub DoForeign {
|
||||||
##################################################################
|
##################################################################
|
||||||
|
|
||||||
# $projects{$project}{ROWS} = [ {}, {}, ... ] # see $row
|
# $projects{$project}{ROWS} = [ {}, {}, ... ] # see $row
|
||||||
# $projects{$project}{SUBDOMAINS} = {} # keys-only
|
# $projects{$project}{ALTNAMES} = {} # keys-only
|
||||||
# $projects{$project}{FIRST_ONION} = ""
|
# $projects{$project}{FIRST_ONION} = ""
|
||||||
# $projects{$project}{TYPE} = ""
|
# $projects{$project}{TYPE} = ""
|
||||||
# $projects{$project}{IS_SOFTMAP} = 0/1
|
# $projects{$project}{IS_SOFTMAP} = 0/1
|
||||||
|
@ -306,12 +306,15 @@ sub DoMap {
|
||||||
$projects{$project}{FIRST_ONION} = $onion_doto;
|
$projects{$project}{FIRST_ONION} = $onion_doto;
|
||||||
}
|
}
|
||||||
|
|
||||||
# populate the subdomains
|
# populate the fqdn altnames
|
||||||
$projects{$project}{SUBDOMAINS}{$onion_doto} = 1;
|
$projects{$project}{ALTNAMES}{$onion_doto} = 1;
|
||||||
foreach my $sd (@subdomains) {
|
foreach my $sd (@subdomains) {
|
||||||
$projects{$project}{SUBDOMAINS}{"$sd.$onion_doto"} = 1;
|
$projects{$project}{ALTNAMES}{"$sd.$onion_doto"} = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# log the subdomains
|
||||||
|
$projects{$project}{SUBDOMAINS}{$onion_doto} = \@subdomains;
|
||||||
|
|
||||||
# create the row
|
# create the row
|
||||||
my %row = ();
|
my %row = ();
|
||||||
$row{DNS_DOMAIN} = $to;
|
$row{DNS_DOMAIN} = $to;
|
||||||
|
@ -343,6 +346,57 @@ sub DoMap {
|
||||||
push(@{$projects{$project}{ROWS}}, \%row);
|
push(@{$projects{$project}{ROWS}}, \%row);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub DoUmbrellaCert {
|
||||||
|
warn "DoUmbrellaCert @_\n";
|
||||||
|
my $project = shift;
|
||||||
|
|
||||||
|
my $cert_common_name;
|
||||||
|
|
||||||
|
if (defined($ENV{CERT_COMMON_NAME})) {
|
||||||
|
$cert_common_name = $ENV{CERT_COMMON_NAME};
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
if ($ENV{IS_SOFTMAP}) {
|
||||||
|
$cert_common_name = "$project.local";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$cert_common_name = $projects{$project}{FIRST_ONION};
|
||||||
|
}
|
||||||
|
}
|
||||||
|
die "empty cert_common_name in project $project\n" unless (defined($cert_common_name));
|
||||||
|
&SetEnv("cert_common_name", $cert_common_name); # in case we had to manufacture one
|
||||||
|
|
||||||
|
# clean up the SAN list; purge the CommonName for deduplication
|
||||||
|
delete($projects{$project}{ALTNAMES}{$cert_common_name});
|
||||||
|
my @sanlist = sort keys %{$projects{$project}{ALTNAMES}};
|
||||||
|
|
||||||
|
# debugging
|
||||||
|
warn "commit $ENV{PROJECT} san $cert_common_name @sanlist\n";
|
||||||
|
|
||||||
|
$cert_prefix = $project;
|
||||||
|
$cert = "$ENV{SSL_DIR}/$cert_prefix.cert";
|
||||||
|
&SetEnv("cert_prefix", $cert_prefix);
|
||||||
|
if (-f $cert) {
|
||||||
|
warn "$cert exists!";
|
||||||
|
} # TODO: if the cert is already in the secrets.d directory, install it
|
||||||
|
else {
|
||||||
|
warn "making cert for $cert_prefix\n";
|
||||||
|
&GoAndRun(
|
||||||
|
$ENV{SSL_DIR},
|
||||||
|
$ENV{SSL_TOOL},
|
||||||
|
'-f', # this is a recent addition
|
||||||
|
$cert_prefix, # this is a recent addition
|
||||||
|
$cert_common_name,
|
||||||
|
@sanlist
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
sub DoRowCert {
|
||||||
|
warn "DoRowCert @_\n";
|
||||||
|
my $row = shift;
|
||||||
|
}
|
||||||
|
|
||||||
##################################################################
|
##################################################################
|
||||||
|
|
||||||
sub DoProject {
|
sub DoProject {
|
||||||
|
@ -362,46 +416,14 @@ sub DoProject {
|
||||||
&MakeDir($ENV{SSL_DIR});
|
&MakeDir($ENV{SSL_DIR});
|
||||||
&MakeDir($ENV{LOG_DIR});
|
&MakeDir($ENV{LOG_DIR});
|
||||||
|
|
||||||
# set the CommonName for the project cert; this is the first onion encountered:
|
# certificate generation
|
||||||
my $cert_common_name;
|
if ($ENV{SSL_CERT_EACH_ONION}) {
|
||||||
|
foreach my $row (1,2,3) {
|
||||||
if (defined($ENV{CERT_COMMON_NAME})) {
|
&DoRowCert($row);
|
||||||
$cert_common_name = $ENV{CERT_COMMON_NAME};
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if ($ENV{IS_SOFTMAP}) {
|
&DoUmbrellaCert($project);
|
||||||
$cert_common_name = "$project.local";
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$cert_common_name = $projects{$project}{FIRST_ONION};
|
|
||||||
}
|
|
||||||
}
|
|
||||||
die "empty cert_common_name in project $project\n" unless (defined($cert_common_name));
|
|
||||||
&SetEnv("cert_common_name", $cert_common_name); # in case we had to manufacture one
|
|
||||||
|
|
||||||
# clean up the SAN list; purge the CommonName for deduplication
|
|
||||||
delete($projects{$project}{SUBDOMAINS}{$cert_common_name});
|
|
||||||
my @sanlist = sort keys %{$projects{$project}{SUBDOMAINS}};
|
|
||||||
|
|
||||||
# debugging
|
|
||||||
warn "commit $ENV{PROJECT} san $cert_common_name @sanlist\n";
|
|
||||||
|
|
||||||
# cert generation
|
|
||||||
# XXX
|
|
||||||
$cert = "$ENV{SSL_DIR}/$cert_prefix.cert";
|
|
||||||
if (-f $cert) {
|
|
||||||
warn "$cert exists!";
|
|
||||||
} # TODO: if the cert is already in the secrets.d directory, use it
|
|
||||||
else {
|
|
||||||
warn "making cert for $cert_prefix\n";
|
|
||||||
&GoAndRun(
|
|
||||||
$ENV{SSL_DIR},
|
|
||||||
$ENV{SSL_TOOL},
|
|
||||||
# '-f', # this is a recent addition
|
|
||||||
# $cert_prefix, # this is a recent addition
|
|
||||||
$cert_common_name,
|
|
||||||
@sanlist
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# nginx config: feed the rows to the template
|
# nginx config: feed the rows to the template
|
||||||
|
@ -531,7 +553,7 @@ sub DoProject {
|
||||||
&SetEnv("projects_home", "$here/projects.d");
|
&SetEnv("projects_home", "$here/projects.d");
|
||||||
&SetEnv("softmap_nginx_workers", "auto"); # nginx_workers * softmap_tor_workers
|
&SetEnv("softmap_nginx_workers", "auto"); # nginx_workers * softmap_tor_workers
|
||||||
&SetEnv("softmap_tor_workers", 2); # MUST BE NUMERIC > 1
|
&SetEnv("softmap_tor_workers", 2); # MUST BE NUMERIC > 1
|
||||||
&SetEnv("ssl_cert_each_onion", 1);
|
&SetEnv("ssl_cert_each_onion", 0);
|
||||||
&SetEnv("ssl_mkcert", 0);
|
&SetEnv("ssl_mkcert", 0);
|
||||||
&SetEnv("ssl_tool", "$here/lib.d/make-selfsigned-wildcard-ssl-cert.sh");
|
&SetEnv("ssl_tool", "$here/lib.d/make-selfsigned-wildcard-ssl-cert.sh");
|
||||||
&SetEnv("suppress_header_csp", 0); # 0 = try rewriting; 1 = elide completely
|
&SetEnv("suppress_header_csp", 0); # 0 = try rewriting; 1 = elide completely
|
||||||
|
|
Ładowanie…
Reference in New Issue