From 0bd203dea089085196cb9d2c5f10566500e7460c Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Wed, 1 Jun 2022 22:45:15 -0600 Subject: [PATCH] added SSL port support --- conf/default.yaml | 12 ++++++------ scripts/install | 5 +++++ scripts/remove | 7 +++++++ scripts/upgrade | 1 + 4 files changed, 19 insertions(+), 6 deletions(-) diff --git a/conf/default.yaml b/conf/default.yaml index a4d2d82..19a2b90 100644 --- a/conf/default.yaml +++ b/conf/default.yaml @@ -46,18 +46,18 @@ server: # for details. # The standard SSL/TLS port for IRC is 6697. This will listen on all interfaces: - #":6697": + ":__SECURE_PORT__": # this is a standard TLS configuration with a single certificate; # see the manual for instructions on how to configure SNI - # tls: - # cert: "/etc/yunohost/certs/__DOMAIN__/crt.pem" - # key: "/etc/yunohost/certs/__DOMAIN__/key.pem" + tls: + cert: "/etc/yunohost/certs/__DOMAIN__/crt.pem" + key: "/etc/yunohost/certs/__DOMAIN__/key.pem" # 'proxy' should typically be false. It's for cloud load balancers that # always send a PROXY protocol header ahead of the connection. See the # manual ("Reverse proxies") for more details. - # proxy: false + proxy: false # set the minimum TLS version: - # min-tls-version: 1.2 + min-tls-version: 1.2 # Example of a Unix domain socket for proxying: # "/tmp/ergo_sock": diff --git a/scripts/install b/scripts/install index eb1836a..d964291 100755 --- a/scripts/install +++ b/scripts/install @@ -61,9 +61,14 @@ ynh_script_progression --message="Finding an available port..." --time --weight= # Find an available port port=$(ynh_find_port --port=6667) # Plaintext Port +secure_port=$(ynh_find_port --port=6697) # Secure Port + ynh_app_setting_set --app=$app --key=port --value=$port +ynh_app_setting_set --app=$app --key=secure_port --value=$secure_port + ynh_script_progression --message="Configuring firewall..." --time --weight=1 ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port +ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $secure_port #================================================= # INSTALL DEPENDENCIES diff --git a/scripts/remove b/scripts/remove index 3624a6c..b1caa1d 100755 --- a/scripts/remove +++ b/scripts/remove @@ -20,6 +20,7 @@ db_name=$(ynh_sanitize_dbid --db_name=$app) db_user=$db_name domain=$(ynh_app_setting_get --app=$app --key=domain) port=$(ynh_app_setting_get --app=$app --key=port) +secure_port=$(ynh_app_setting_get --app=$app --key=secure_port) final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= @@ -93,6 +94,12 @@ then ynh_exec_warn_less yunohost firewall disallow TCP $port fi +if yunohost firewall list | grep -q "\- $secure_port$" +then + ynh_script_progression --message="Closing port $secure_port..." --time --weight=1 + ynh_exec_warn_less yunohost firewall disallow TCP $secure_port +fi + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 43dbb64..3fd7fe8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -20,6 +20,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) +secure_port=$(ynh_app_setting_get --app=$app --key=secure_port) #================================================= # CHECK VERSION