improve desec port selection (#1962)

2 files changed, 44 insertions, 28 deletions

diff --git a/lets-encrypt/activate-tls.sh b/lets-encrypt/activate-tls.sh
index 8a8dd1d1..fb70255a 100644
--- a/lets-encrypt/activate-tls.sh
+++ b/lets-encrypt/activate-tls.sh
@@ -227,31 +227,49 @@ then
         then
             openssl dhparam -dsaparam -out "$DHPARAMS_TLS" 4096
         fi
-        # Choose which port for public access
-        while :
-        do
-            msg_box "You will now be able to choose which port you want to put your Nextcloud on for public access.\n
+        
+         # Choose which port for public access
+        msg_box "You will now be able to choose which port you want to put your Nextcloud on for public access.\n
+The default port is 443 for HTTPS and if you don't change port, that's the port we will use.\n
 Please keep in mind NOT to use the following ports as they are likely in use already:
 ${NONO_PORTS[*]}"
+        if yesno_box_yes "Do you want to change the default HTTPS port (443) to something else?"
+        then
             # Ask for port
-            DEDYNPORT=$(input_box_flow "Please choose which port you want between 1024 - 49151.\n\nPlease remember to open this port in your firewall.")
-            if (("$DEDYNPORT" >= 1024 && "$DEDYNPORT" <= 49151))
-            then
-                if check_nono_ports "$DEDYNPORT"
+            while :
+            do
+                DEDYNPORT=$(input_box_flow "Please choose which port you want between 1024 - 49151.\n\nPlease remember to open this port in your firewall.")
+                if (("$DEDYNPORT" >= 1024 && "$DEDYNPORT" <= 49151))
                 then
-                    print_text_in_color "$ICyan" "Changing to port $DEDYNPORT for public access..."
-                    sed -i "s|VirtualHost \*:443|VirtualHost \*:$DEDYNPORT|g" "$tls_conf"
-                    if restart_webserver
+                    if check_nono_ports "$DEDYNPORT"
                     then
-                        msg_box "Congrats! You should now be able to access Nextcloud on: https://$TLSDOMAIN:$DEDYNPORT"
-                        break
+                        print_text_in_color "$ICyan" "Changing to port $DEDYNPORT for public access..."
+                        # Main port
+                        sed -i "s|VirtualHost \*:443|VirtualHost \*:$DEDYNPORT|g" "$tls_conf"
+                        if ! grep -q "Listen $DEDYNPORT" /etc/apache2/ports.conf
+                        then
+                            echo "Listen $DEDYNPORT" >> /etc/apache2/ports.conf
+                        fi
+                        # HTTP redirect
+                        if ! grep -q '{HTTP_HOST}':"$DEDYNPORT" "$tls_conf"
+                        then
+                            sed -i "s|{HTTP_HOST}|{HTTP_HOST}:$DEDYNPORT|g" "$tls_conf"
+                        fi
+                        # Test everything
+                        check_command bash "$SCRIPTS/test-new-config.sh" "$TLSDOMAIN.conf"
+                        if restart_webserver
+                        then
+                            msg_box "Congrats! You should now be able to access Nextcloud publicly on: https://$TLSDOMAIN:$DEDYNPORT, after you opened port $DEDYNPORT in your firewall."
+                            break
+                        fi
                     fi
+                else
+                    msg_box "The port number needs to be between 1024 - 49151, please try again."
                 fi
-            else
-                msg_box "The port number needs to be between 1024 - 49151, please try again."
-            fi
-        done
+            done
+        fi
     fi
+    msg_box "Congrats! You should now be able to access Nextcloud publicly on: https://$TLSDOMAIN after you opened port 443 in your firewall."
 else
     if generate_cert "$TLSDOMAIN"
     then
@@ -264,6 +282,14 @@ else
             fi
             # Activate new config
             check_command bash "$SCRIPTS/test-new-config.sh" "$TLSDOMAIN.conf"
+            msg_box "This cert will expire in 90 days if you don't renew it.
+There are several ways of renewing this cert and here are some tips and tricks:
+https://goo.gl/c1JHR0
+To do your job a little bit easier we have added a auto renew script as a cronjob.
+If you need to edit the crontab please type: crontab -u root -e
+If you need to edit the script itself, please check: $SCRIPTS/letsencryptrenew.sh
+Feel free to contribute to this project: https://goo.gl/3fQD65"
+
             msg_box "Please remember to keep port 80 (and 443) open so that Let's Encrypt can do \
 the automatic renewal of the cert. If port 80 is closed the cert will expire in 3 months.
 You don't need to worry about security as port 80 is directly forwarded to 443, so \
diff --git a/lets-encrypt/test-new-config.sh b/lets-encrypt/test-new-config.sh
index 8a5daa62..6f3081f5 100644
--- a/lets-encrypt/test-new-config.sh
+++ b/lets-encrypt/test-new-config.sh
@@ -20,17 +20,7 @@ a2dissite "$HTTP_CONF"
 a2dissite 000-default.conf
 if restart_webserver
 then
-    msg_box "New settings works! TLS is now activated and OK!
-
-This cert will expire in 90 days if you don't renew it.
-There are several ways of renewing this cert and here are some tips and tricks:
-https://goo.gl/c1JHR0
-
-To do your job a little bit easier we have added a auto renew script as a cronjob.
-If you need to edit the crontab please type: crontab -u root -e
-If you need to edit the script itself, please check: $SCRIPTS/letsencryptrenew.sh
-
-Feel free to contribute to this project: https://goo.gl/3fQD65"
+    msg_box "New settings works! TLS is now activated and OK!"
 
 FQDOMAIN=$(grep -m 1 "ServerName" "/etc/apache2/sites-enabled/$1" | awk '{print $2}')
 if [ "$(hostname)" != "$FQDOMAIN" ]