johanels/photoprism
1
0
Fork 0
mirror of https://github.com/photoprism/photoprism.git synced 2025-12-12 00:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

HTTPS: Skip certificate creation if default TLS is disabled #3819 #3823

Browse Source 
Signed-off-by: Michael Mayer <michael@photoprism.app>
This commit is contained in:
Michael Mayer
2023-10-14 13:39:08 +02:00
parent 297b3adcc2
commit ef402ea2e7
1 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
scripts/dist/install-https.sh vendored
View File

@@ -11,25 +11,30 @@ if [[ $(id -u) != "0" ]]; then
exit 1 exit 1
fi fi
# Abort if PHOTOPRISM_DEFAULT_TLS is "false".
if [[ ${PHOTOPRISM_DEFAULT_TLS} = "false" ]]; then
echo "Creation of a default HTTPS/TLS certificate is skipped because PHOTOPRISM_DEFAULT_TLS is \"false\"."
exit 0
fi
# shellcheck disable=SC2164 # shellcheck disable=SC2164
CONF_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )/openssl" CONF_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )/openssl"
CERTS_PATH="/etc/ssl/certs" CERTS_PATH="/etc/ssl/certs"
KEY_PATH="/etc/ssl/private" KEY_PATH="/etc/ssl/private"
# Abort if files already exist. # Abort if certificate files already exist.
if [ -f "$CERTS_PATH/photoprism.issuer.crt" ] && [ -f "$KEY_PATH/photoprism.key" ]; then
if [ -f "$CERTS_PATH/photoprism.issuer.crt" ] && [ -f "$KEY_PATH/photoprism.pfx" ]; then
echo "Default HTTPS/TLS certificate already exists." echo "Default HTTPS/TLS certificate already exists."
exit 0 exit 0
fi fi
# Start creating a self-signed certificate.
echo "Creating a default HTTPS/TLS certificate." echo "Creating a default HTTPS/TLS certificate."
mkdir -p "${CERTS_PATH}" "${KEY_PATH}" mkdir -p "${CERTS_PATH}" "${KEY_PATH}"
groupadd -f -r -g 116 ssl-cert 1>&2 groupadd -f -r -g 116 ssl-cert 1>&2
# Generate issuer (CA) certificate. # Generate issuer (CA) certificate.
echo "Generating self-signed issuer (CA) certificate..." echo "Generating self-signed issuer (CA) certificate..."
openssl genrsa -out "$KEY_PATH/photoprism.issuer.key" 4096 openssl genrsa -out "$KEY_PATH/photoprism.issuer.key" 4096
@@ -39,7 +44,6 @@ openssl req -x509 -new -nodes -key "$KEY_PATH/photoprism.issuer.key" -sha256 -da
openssl x509 -outform der -in "$CERTS_PATH/photoprism.issuer.pem" -out "$CERTS_PATH/photoprism.issuer.crt" openssl x509 -outform der -in "$CERTS_PATH/photoprism.issuer.pem" -out "$CERTS_PATH/photoprism.issuer.crt"
# Generate server certificates. # Generate server certificates.
echo "Generating self-signed tls certificate..." echo "Generating self-signed tls certificate..."
openssl genrsa -out "$KEY_PATH/photoprism.key" 4096 openssl genrsa -out "$KEY_PATH/photoprism.key" 4096
@@ -52,13 +56,11 @@ openssl x509 -req -in "$CERTS_PATH/photoprism.csr" -CA "$CERTS_PATH/photoprism.i
openssl pkcs12 -export -in "$CERTS_PATH/photoprism.crt" -inkey "$KEY_PATH/photoprism.key" -out "$KEY_PATH/photoprism.pfx" -passin pass: -passout pass: openssl pkcs12 -export -in "$CERTS_PATH/photoprism.crt" -inkey "$KEY_PATH/photoprism.key" -out "$KEY_PATH/photoprism.pfx" -passin pass: -passout pass:
# Change key permissions. # Change key permissions.
echo "Updating permissions of keys in '$KEY_PATH'..." echo "Updating permissions of keys in '$KEY_PATH'..."
chown -R root:ssl-cert "$KEY_PATH" chown -R root:ssl-cert "$KEY_PATH"
chmod -R u=rwX,g=rX,o-rwx "$KEY_PATH" chmod -R u=rwX,g=rX,o-rwx "$KEY_PATH"
# Run "update-ca-certificates". # Finally, run "update-ca-certificates".
echo "Running 'update-ca-certificates'..." echo "Running 'update-ca-certificates'..."
update-ca-certificates update-ca-certificates