HomeLab/ldap-user-manager
2
0
Fork 0
mirror of https://github.com/wheelybird/ldap-user-manager.git synced 2025-01-18 15:32:54 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
ldap-user-manager/entrypoint
Brian Lycett 4420a78b31 Revert to old cookie code.
2021-10-05 15:03:24 +01:00

174 lines
3.8 KiB
Bash
Raw Blame History

#!/bin/bash
set -e
ssl_dir="/opt/ssl"
php_dir="/opt/ldap_user_manager"
if [ ! "$SERVER_HOSTNAME" ]; then export SERVER_HOSTNAME="ldapusermanager.org"; fi
if [ ! "$SERVER_PATH" ]; then
export SERVER_PATH="/";
apache_alias=""
else
apache_alias="Alias $SERVER_PATH $php_dir"
fi
#If LDAP_TLS_CACERT is set then write it out as a file
#and set up the LDAP client conf to use it.
if [ "$LDAP_TLS_CACERT" ]; then
echo "$LDAP_TLS_CACERT" >/opt/ca.crt
mkdir -p /etc/ldap
echo "TLS_CACERT /opt/ca.crt/" > /etc/ldap/ldap.conf
fi
if [ "${NO_HTTPS,,}" == "true" ]; then
cat <<EoHTTPC >/etc/apache2/sites-enabled/lum.conf
<VirtualHost *:${SERVER_PORT:-80}>
ServerName $SERVER_HOSTNAME
DocumentRoot $php_dir
$apache_alias
DirectoryIndex index.php index.html
<Directory $php_dir>
Require all granted
</Directory>
</VirtualHost>
EoHTTPC
echo "Listen ${SERVER_PORT:-80}" > /etc/apache2/ports.conf
else
########################
#If there aren't any SSL certs then create a CA and then CA-signed certificate
if [ ! -f "${ssl_dir}/server.key" ] && [ ! -f "${ssl_dir}/server.crt" ]; then
mkdir -p $ssl_dir
confout="${ssl_dir}/conf"
keyout="${ssl_dir}/server.key"
certout="${ssl_dir}/server.crt"
cakey="${ssl_dir}/ca.key"
cacert="${ssl_dir}/ca.crt"
serialfile="${ssl_dir}/serial"
echo "Generating CA key"
openssl genrsa -out $cakey 2048
if [ $? -ne 0 ]; then exit 1 ; fi
echo "Generating CA certificate"
openssl req \
-x509 \
-new \
-nodes \
-subj "/C=GB/ST=GB/L=GB/O=CA/OU=CA/CN=Wheelybird" \
-key $cakey \
-sha256 \
-days 7300 \
-out $cacert
if [ $? -ne 0 ]; then exit 1 ; fi
echo "Generating openssl configuration"
cat <<EoCertConf>$confout
subjectAltName = DNS:${SERVER_HOSTNAME},IP:127.0.0.1
extendedKeyUsage = serverAuth
EoCertConf
echo "Generating server key..."
openssl genrsa -out $keyout 2048
if [ $? -ne 0 ]; then exit 1 ; fi
echo "Generating server signing request..."
openssl req \
-subj "/CN=${SERVER_HOSTNAME}" \
-sha256 \
-new \
-key $keyout \
-out /tmp/server.csr
if [ $? -ne 0 ]; then exit 1 ; fi
echo "Generating server cert..."
openssl x509 \
-req \
-days 7300 \
-sha256 \
-in /tmp/server.csr \
-CA $cacert \
-CAkey $cakey \
-CAcreateserial \
-CAserial $serialfile \
-out $certout \
-extfile $confout
if [ $? -ne 0 ]; then exit 1 ; fi
fi
########################
#Create Apache config
if [ -f "${ssl_dir}/chain.pem" ]; then ssl_chain="SSLCertificateChainFile ${ssl_dir}/chain.pem"; fi
echo > /etc/apache2/sites-enabled/lum.conf
echo > /etc/apache2/ports.conf
if [ ! "$SERVER_PORT" ]; then
echo "Listen 80" > /etc/apache2/ports.conf
cat <<EoHTTPrd >/etc/apache2/sites-enabled/lum.conf
<VirtualHost *:80>
RewriteEngine On
RewriteRule ^/?(.*) https://%{SERVER_NAME}/\$1 [R,L]
</VirtualHost>
EoHTTPrd
fi
echo "Listen ${SERVER_PORT:-443}" >> /etc/apache2/ports.conf
cat <<EoHTTPSC >>/etc/apache2/sites-enabled/lum.conf
<VirtualHost _default_:${SERVER_PORT:-443}>
ServerName $SERVER_HOSTNAME
DocumentRoot $php_dir
$apache_alias
DirectoryIndex index.php index.html
<Directory $php_dir>
Require all granted
</Directory>
SSLEngine On
SSLCertificateFile /opt/ssl/server.crt
SSLCertificateKeyFile /opt/ssl/server.key
$ssl_chain
</VirtualHost>
EoHTTPSC
fi
########################
#Run Apache
# first arg is `-f` or `--some-option`
if [ "${1#-}" != "$1" ]; then
set -- apache2-foreground "$@"
fi
exec "$@"
Reference in New Issue View Git Blame Copy Permalink