|
|
@@ -638,7 +638,7 @@ function xmpp_create_config {
|
|
638
|
638
|
echo 'https_ports = { 5281 }' >> /etc/prosody/prosody.cfg.lua
|
|
639
|
639
|
echo 'https_interfaces = { "*" }' >> /etc/prosody/prosody.cfg.lua
|
|
640
|
640
|
echo 'https_ssl = {' >> /etc/prosody/prosody.cfg.lua
|
|
641
|
|
- if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
|
641
|
+ if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
642
|
642
|
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
|
|
643
|
643
|
else
|
|
644
|
644
|
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
@@ -652,7 +652,7 @@ function xmpp_create_config {
|
|
652
|
652
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
653
|
653
|
echo 'ssl = {' >> /etc/prosody/prosody.cfg.lua
|
|
654
|
654
|
echo " key = \"/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
|
|
655
|
|
- if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
|
655
|
+ if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
656
|
656
|
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
|
|
657
|
657
|
else
|
|
658
|
658
|
echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
@@ -686,17 +686,17 @@ function xmpp_create_config {
|
|
686
|
686
|
echo "VirtualHost \"${DEFAULT_DOMAIN_NAME}\"" >> /etc/prosody/prosody.cfg.lua
|
|
687
|
687
|
fi
|
|
688
|
688
|
echo ' ssl = {' >> /etc/prosody/prosody.cfg.lua
|
|
689
|
|
- echo " key = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
|
|
690
|
|
- if [ -f /etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
691
|
|
- echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
689
|
+ echo " key = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.key\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
690
|
+ if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
|
|
|
691
|
+ echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem\";" >> /etc/prosody/prosody.cfg.lua
|
|
692
|
692
|
else
|
|
693
|
|
- echo " certificate = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
693
|
+ echo " certificate = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt\";" >> /etc/prosody/prosody.cfg.lua
|
|
694
|
694
|
fi
|
|
695
|
695
|
echo " curve = $XMPP_ECC_CURVE;" >> /etc/prosody/prosody.cfg.lua
|
|
696
|
696
|
echo ' depth = "2";' >> /etc/prosody/prosody.cfg.lua
|
|
697
|
697
|
echo " ciphers = $XMPP_CIPHERS;" >> /etc/prosody/prosody.cfg.lua
|
|
698
|
698
|
echo ' options = {"no_sslv2", "no_sslv3" };' >> /etc/prosody/prosody.cfg.lua
|
|
699
|
|
- echo " dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
|
|
|
699
|
+ echo " dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" >> /etc/prosody/prosody.cfg.lua
|
|
700
|
700
|
echo ' }' >> /etc/prosody/prosody.cfg.lua
|
|
701
|
701
|
echo '' >> /etc/prosody/prosody.cfg.lua
|
|
702
|
702
|
echo 'Include "conf.d/*.cfg.lua"' >> /etc/prosody/prosody.cfg.lua
|
|
|
@@ -841,22 +841,19 @@ function install_xmpp {
|
|
841
|
841
|
chown root:default /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.*
|
|
842
|
842
|
|
|
843
|
843
|
cp -a /etc/prosody/conf.avail/example.com.cfg.lua /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
844
|
|
- if [ ! -d /etc/prosody/certs ]; then
|
|
845
|
|
- mkdir /etc/prosody/certs
|
|
846
|
|
- fi
|
|
847
|
844
|
|
|
848
|
845
|
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "1" ]]; then
|
|
849
|
|
- sed -i "s|/etc/prosody/certs/example.com.key|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
850
|
|
- sed -i "s|/etc/prosody/certs/example.com.crt|/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
846
|
+ sed -i "s|key =.*|key = /etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
847
|
+ sed -i "s|certificate =.*|certificate = /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
851
|
848
|
else
|
|
852
|
|
- sed -i 's|/etc/prosody/certs/example.com.key|/etc/prosody/certs/xmpp.key|g' /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
853
|
|
- sed -i 's|/etc/prosody/certs/example.com.crt|/etc/prosody/certs/xmpp.crt|g' /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
849
|
+ sed -i "s|key =.*|key = /etc/ssl/privates/xmpp.key|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
850
|
+ sed -i "s|certificate =.*|certificate = /etc/ssl/certs/xmpp.crt|g" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
854
|
851
|
fi
|
|
855
|
852
|
if ! grep -q "xmpp.dhparam" /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
856
|
853
|
if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME})" == "1" ]]; then
|
|
857
|
|
- sed -i "/certificate =/a\ dhparam = \"/etc/prosody/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
854
|
+ sed -i "/certificate =/a\ dhparam = \"/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.dhparam\";" /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
858
|
855
|
else
|
|
859
|
|
- sed -i '/certificate =/a\ dhparam = "/etc/prosody/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
|
856
|
+ sed -i '/certificate =/a\ dhparam = "/etc/ssl/certs/xmpp.dhparam";' /etc/prosody/conf.avail/xmpp.cfg.lua
|
|
860
|
857
|
fi
|
|
861
|
858
|
fi
|
|
862
|
859
|
if ! grep -q 'options = {"no_sslv2", "no_sslv3" }' /etc/prosody/conf.avail/xmpp.cfg.lua; then
|
|
|
@@ -935,8 +932,6 @@ function install_xmpp {
|
|
935
|
932
|
configure_firewall_for_xmpp
|
|
936
|
933
|
xmpp_email_headers
|
|
937
|
934
|
|
|
938
|
|
- cp /etc/ssl/certs/xmpp.* /etc/prosody/certs
|
|
939
|
|
- cp /etc/ssl/private/xmpp.* /etc/prosody/certs
|
|
940
|
935
|
update_default_domain
|
|
941
|
936
|
|
|
942
|
937
|
xmpp_create_config
|
Bob Mottram
пре 8 година