@@ -6,6 +6,27 @@ SCRIPT_PATH="$(realpath "$BASH_SOURCE")"
66SEPIA_FOLDER=" $( dirname " $SCRIPT_PATH " ) "
77cd " $SEPIA_FOLDER "
88#
9+ # get IP
10+ net_interface=" "
11+ get_ip () {
12+ local ip_adr=" "
13+ if [ -x " $( command -v route) " ; then
14+ net_interface=" $( route | grep ' ^default' | grep -o ' [^ ]*$' ) "
15+ fi
16+ if [ -z " $net_interface " ; then
17+ net_interface=" eth0|wlan0"
18+ fi
19+ if [ -x " $( command -v ip) " ; then
20+ ip_adr=$( ip a | grep -E " $net_interface " | sed -En ' s/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p' | head -1)
21+ elif [ -x " $( command -v ifconfig) " ; then
22+ ip_adr=$( ifconfig | sed -En ' s/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p' | head -1)
23+ fi
24+ if [ -z " $ip_adr " ; then
25+ ip_adr=" [IP]"
26+ fi
27+ echo " $ip_adr "
28+ }
29+ #
930echo " "
1031echo " Welcome to NGINX setup for SEPIA."
1132echo " "
@@ -39,21 +60,17 @@ while true; do
3960 then
4061 echo " Copying $SEPIA_FOLDER /nginx/sites-available/sepia-fw-http.conf to /etc/nginx/sites-enabled/ ..."
4162 cd $SEPIA_FOLDER /nginx/sites-available
42- sudo cp sepia-fw-http.conf /etc/nginx/sites-enabled/
63+ cp sepia-fw-http.conf sepia-fw-http-latest.conf
64+ # sed -i -e 's|\[my-hostname-or-ip\]|'"${my_hostname}"'|g' sepia-fw-http-${my_hostname}.conf
65+ sed -i -e ' s|\[my-sepia-path\]|' " $SEPIA_FOLDER " ' |g'
66+ sudo cp sepia-fw-http-latest.conf /etc/nginx/sites-enabled/sepia-fw-http.conf
4367
4468 echo " Restarting NGINX to load new config ..."
4569 sudo nginx -t
4670 sudo nginx -s reload
4771
4872 echo " "
49- ip_adr=" "
50- if [ -x " $( command -v ip) " ; then
51- # old: ifconfig
52- ip_adr=$( ip a | grep -E ' eth0|wlan0' | sed -En ' s/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p' | head -1)
53- fi
54- if [ -z " $ip_adr " ; then
55- ip_adr=" [IP]"
56- fi
73+ ip_adr=" $get_ip "
5774 echo " ------------------------"
5875 echo " DONE."
5976 echo " You should be able to reach the server at: http://$ip_adr :20726 or http://$( hostname -s) "
@@ -114,16 +131,8 @@ while true; do
114131 echo " Please confirm your [detected] hostname and IP address by pressing RETURN or enter new ones."
115132 read -p " Hostname [$( hostname -s) "
116133 my_hostname=${my_hostname:- $(hostname -s).local}
117- ip_adr=" "
118- if [ -x " $( command -v ip) " ; then
119- ip_adr=$( ip a | grep -E ' eth0|wlan0' | sed -En ' s/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p' | head -1)
120- elif [ -x " $( command -v ifconfig) " ; then
121- ip_adr=$( ifconfig | sed -En ' s/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p' | head -1)
122- fi
123- if [ -z " $ip_adr " ; then
124- ip_adr=" [IP]"
125- fi
126- read -p " IP address [$ip_adr ]: "
134+ ip_adr=" $get_ip "
135+ read -p " IP address (interf.: $net_interface ) [$ip_adr ]: "
127136 my_ip_adr=${my_ip_adr:- $ip_adr }
128137 echo " "
129138 echo " The 'openssl' tool will create new certificates now with $my_hostname as 'common name' and add"
@@ -134,7 +143,10 @@ while true; do
134143 mkdir -p self-signed-ssl
135144 openssl req -nodes -new -x509 -days 3650 -newkey rsa:2048 -keyout self-signed-ssl/key.pem -out self-signed-ssl/certificate.pem \
136145 -subj " /CN=$my_hostname "
137- -addext " subjectAltName=DNS:$my_hostname ,DNS:$my_ip_adr ,DNS:localhost"
146+ -addext " subjectAltName=DNS:$my_hostname ,DNS:$my_ip_adr ,DNS:localhost"
147+ -addext " basicConstraints=CA:TRUE"
148+ -addext " keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment"
149+ -addext " extendedKeyUsage=serverAuth"
138150 # subj options: "/C=DE/ST=NRW/L=Essen/O=SEPIA OA Framework/OU=DEV/CN=yourdomain.com"
139151 openssl x509 -text -in self-signed-ssl/certificate.pem -noout | grep " Subject:"
140152 openssl x509 -text -in self-signed-ssl/certificate.pem -noout | grep " DNS:"
0 commit comments