uhttpd: add ssl cert generation to init script
authorJo-Philipp Wich <jow@openwrt.org>
Mon, 22 Mar 2010 23:10:48 +0000 (23:10 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Mon, 22 Mar 2010 23:10:48 +0000 (23:10 +0000)
contrib/package/uhttpd/files/uhttpd.config
contrib/package/uhttpd/files/uhttpd.init

index 9c4cd30..0bca4f5 100644 (file)
@@ -1,12 +1,14 @@
+# Server configuration
 config uhttpd main
+
        # Server document root
        option home             /www
 
        # Certificate and private key for HTTPS.
        # If no listen_https addresses are given,
        # the key options are ignored.
-       option cert             /etc/nixio/cert_main.der
-       option key              /etc/nixio/rsa_main.der
+       option cert             /etc/uhttpd.crt
+       option key              /etc/uhttpd.key
 
        # CGI url prefix, will be searched in docroot.
        # Default is /cgi-bin
@@ -14,8 +16,8 @@ config uhttpd main
 
        # Lua url prefix and handler script.
        # Lua support is disabled if no prefix given.
-#      option lua_prefix       /lua
-#      option lua_handler      /www/lua/handler.lua
+#      option lua_prefix       /luci
+#      option lua_handler      /usr/lib/lua/luci/sgi/uhttpd.lua
 
        # HTTP listen addresses, multiple allowed
        list listen_http        0.0.0.0:80
@@ -30,3 +32,22 @@ config uhttpd main
 
        # Configuration file in busybox httpd format
 #      option config   /etc/httpd.conf
+
+
+# Certificate defaults for px5g key generator
+config cert px5g
+
+       # Validity time
+       option days             730
+
+       # RSA key size
+       option bits             1024
+
+       # Location
+       option country          DE
+       option state            Berlin
+       option location         Berlin
+
+       # Common name
+       option commonname       OpenWrt
+
index b13cd60..16320a7 100755 (executable)
@@ -3,7 +3,7 @@
 
 START=50
 UHTTPD_BIN="/usr/sbin/uhttpd"
-UHTTPD_ARGS=""
+PX5G_BIN="/usr/sbin/px5g"
 
 
 append_listen_http() {
@@ -25,9 +25,35 @@ append_arg() {
        [ -n "$val" -o -n "$def" ] && append UHTTPD_ARGS "$opt ${val:-$def}"
 }
 
+generate_keys() {
+       local cfg="$1"
+       local key="$2"
+       local crt="$3"
+       local days bits country state location commonname
+
+       config_get days       "$cfg" days
+       config_get bits       "$cfg" bits
+       config_get country    "$cfg" country
+       config_get state      "$cfg" state
+       config_get location   "$cfg" location
+       config_get commonname "$cfg" commonname
+
+       [ -x "$PX5G_BIN" ] && {
+               $PX5G_BIN selfsigned -der \
+                       -days ${days:-730} -newkey rsa:${bits:-1024} -keyout "$UHTTPD_KEY" -out "$UHTTPD_CERT" \
+                       -subj /C=${country:-DE}/ST=${state:-Saxony}/L=${location:-Leipzig}/CN=${commonname:-OpenWrt}
+       } || {
+               echo "WARNING: the specified certificate and key" \
+                       "files do not exist and the px5g generator" \
+                       "is not available, skipping SSL setup."
+       }       
+}
+
 start_instance()
 {
        UHTTPD_ARGS=""
+       UHTTPD_CERT=""
+       UHTTPD_KEY=""
 
        local cfg="$1"
        local realm="$(uci get system.@system[0].hostname 2>/dev/null)"
@@ -44,12 +70,21 @@ start_instance()
                append_listen_http
 
        config_get ssl "$cfg" listen_https
+       config_get UHTTPD_KEY  "$cfg" key  /etc/httpd.key
+       config_get UHTTPD_CERT "$cfg" cert /etc/httpd.cert
+
        [ -n "$ssl" ] && {
-               append_arg "$cfg" cert "-C"
-               append_arg "$cfg" key  "-K"
+               [ -f "$UHTTPD_CERT" -a -f "$UHTTPD_KEY" ] || {
+                       config_foreach generate_keys cert
+               }
+
+               [ -f "$UHTTPD_CERT" -a -f "$UHTTPD_KEY" ] && {
+                       append_arg "$cfg" cert "-C"
+                       append_arg "$cfg" key  "-K"
 
-               config_list_foreach "$cfg" listen_https \
-                       append_listen_https
+                       config_list_foreach "$cfg" listen_https \
+                               append_listen_https
+               }
        }
 
        start-stop-daemon -S -x $UHTTPD_BIN \