diff options
| author | nachoparker <nacho@ownyourbits.com> | 2021-10-20 19:25:13 +0300 |
|---|---|---|
| committer | nachoparker <nacho@ownyourbits.com> | 2021-10-21 21:47:38 +0300 |
| commit | 36c1f465fc9f56ce89f1caf6abcf5e405e0728df (patch) | |
| tree | a1186483cb88b9c8e008428b4029d3cc0821748f | |
| parent | dcfd1cff4a22af7c5a9120d86ec1ba2323cd1bc6 (diff) | |
letsencrypt: disable also ncp web certs if OFFv1.41.12
Signed-off-by: nachoparker <nacho@ownyourbits.com>
| -rw-r--r-- | bin/ncp/NETWORKING/letsencrypt.sh | 7 | ||||
| -rw-r--r-- | changelog.md | 4 | ||||
| -rw-r--r-- | etc/ncp-templates/nextcloud.conf.sh | 10 | ||||
| -rw-r--r-- | updates/1.40.0.sh | 8 | ||||
| -rw-r--r-- | updates/1.42.0.sh | 8 |
5 files changed, 29 insertions, 8 deletions
diff --git a/bin/ncp/NETWORKING/letsencrypt.sh b/bin/ncp/NETWORKING/letsencrypt.sh index 2a13d45c..e1965ef6 100644 --- a/bin/ncp/NETWORKING/letsencrypt.sh +++ b/bin/ncp/NETWORKING/letsencrypt.sh @@ -58,6 +58,9 @@ configure() rm -f /etc/letsencrypt/renewal-hooks/deploy/ncp [[ "$DOCKERBUILD" == 1 ]] && update-rc.d letsencrypt disable install_template nextcloud.conf.sh "${nc_vhostcfg}" + sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem|" "${vhostcfg2}" + sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key|" "${vhostcfg2}" + apachectl -k graceful echo "letsencrypt certificates disabled. Using self-signed certificates instead." exit 0 } @@ -110,8 +113,8 @@ EOF # Configure Apache install_template nextcloud.conf.sh "${nc_vhostcfg}" - sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $vhostcfg2 - sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $vhostcfg2 + sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" "${vhostcfg2}" + sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" "${vhostcfg2}" # Configure Nextcloud local domain_index="${TRUSTED_DOMAINS[letsencrypt_1]}" diff --git a/changelog.md b/changelog.md index 803adea4..f6edb57a 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,7 @@ -[v1.41.11](https://github.com/nextcloud/nextcloudpi/commit/c95976c) (2021-10-15) ncp-backup: added help message (#1231) +[v1.41.12](https://github.com/nextcloud/nextcloudpi/commit/a41d3d1) (2021-10-20) letsencrypt: disable also ncp web certs if OFF + +[v1.41.11](https://github.com/nextcloud/nextcloudpi/commit/dcfd1cf) (2021-10-15) ncp-backup: added help message (#1231) [v1.41.10](https://github.com/nextcloud/nextcloudpi/commit/ec94e6f) (2021-10-18) nc-static-IP: use ifdown/ifup diff --git a/etc/ncp-templates/nextcloud.conf.sh b/etc/ncp-templates/nextcloud.conf.sh index 4c85f317..16ee4062 100644 --- a/etc/ncp-templates/nextcloud.conf.sh +++ b/etc/ncp-templates/nextcloud.conf.sh @@ -46,12 +46,12 @@ if [[ "$1" != "--defaults" ]] && [[ -n "$LETSENCRYPT_DOMAIN" ]]; then LETSENCRYPT_CERT_BASE_PATH="/etc/letsencrypt/live/${LETSENCRYPT_DOMAIN,,}" # find the most recent cert otherwise - [[ -d "${LETSENCRYPT_CERT_BASE_PATH}" ]] || { + [[ -f "${LETSENCRYPT_CERT_BASE_PATH}/fullchain.pem" ]] || { LETSENCRYPT_CERT_BASE_PATH="$(find /etc/letsencrypt/live -type d -name "${LETSENCRYPT_DOMAIN,,}*" -printf "%T@ %p\n" | sort -n | cut -f2 -d' ' | tail -1)" } - # otherwise, in some installs this is the path we use (for legacy reasons) - [[ -d "${LETSENCRYPT_CERT_BASE_PATH}" ]] || { + # otherwise, in some installs this is the path we use + [[ -f "${LETSENCRYPT_CERT_BASE_PATH}/fullchain.pem" ]] || { if [[ -d "/etc/letsencrypt/live/ncp-nextcloud" ]]; then LETSENCRYPT_CERT_BASE_PATH="/etc/letsencrypt/live/ncp-nextcloud" fi @@ -63,7 +63,7 @@ else fi # NOTE: we fall back to self-signed snakeoil certs if we couldn't get a LE one -[[ -d "${LETSENCRYPT_CERT_BASE_PATH}" ]] && { +[[ -f "${LETSENCRYPT_CERT_BASE_PATH}/fullchain.pem" ]] && [[ -f "${LETSENCRYPT_CERT_BASE_PATH}/privkey.pem" ]] && { LETSENCRYPT_CERT_PATH="${LETSENCRYPT_CERT_BASE_PATH}/fullchain.pem" LETSENCRYPT_KEY_PATH="${LETSENCRYPT_CERT_BASE_PATH}/privkey.pem" } @@ -72,7 +72,7 @@ cat <<EOF ErrorLog /var/log/apache2/nc-error.log SSLEngine on SSLProxyEngine on - SSLCertificateFile ${LETSENCRYPT_CERT_PATH:-/etc/ssl/certs/ssl-cert-snakeoil.pem} + SSLCertificateFile ${LETSENCRYPT_CERT_PATH:-/etc/ssl/certs/ssl-cert-snakeoil.pem} SSLCertificateKeyFile ${LETSENCRYPT_KEY_PATH:-/etc/ssl/private/ssl-cert-snakeoil.key} # For notify_push app in NC21 diff --git a/updates/1.40.0.sh b/updates/1.40.0.sh index 53aa6600..4d816957 100644 --- a/updates/1.40.0.sh +++ b/updates/1.40.0.sh @@ -11,6 +11,14 @@ source /usr/local/etc/library.sh # sets NCLATESTVER PHPVER RELEASE # update ncp-restore install_app nc-restore +# fix ncp.conf bug if LE is disabled +if ! is_active_app letsencrypt; then + if [[ -f /etc/apache2/sites-enabled/ncp.conf ]]; then + sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem|" /etc/apache2/sites-enabled/ncp.conf + sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key|" /etc/apache2/sites-enabled/ncp.conf + fi +fi + # fix letsencrypt with httpsonly enabled cat > /etc/apache2/sites-available/000-default.conf <<'EOF' <VirtualHost _default_:80> diff --git a/updates/1.42.0.sh b/updates/1.42.0.sh index 74e1b34b..3471d852 100644 --- a/updates/1.42.0.sh +++ b/updates/1.42.0.sh @@ -15,6 +15,14 @@ run_app nc-notify-updates # update nc-backup install_app nc-backup +# fix ncp.conf bug if LE is disabled +if ! is_active_app letsencrypt; then + if [[ -f /etc/apache2/sites-enabled/ncp.conf ]]; then + sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem|" /etc/apache2/sites-enabled/ncp.conf + sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key|" /etc/apache2/sites-enabled/ncp.conf + fi +fi + # docker images only [[ -f /.docker-image ]] && { : |