| Line 1... |
Line 1... |
| 1 |
#!/bin/bash
|
1 |
#!/bin/bash
|
| 2 |
# $Id: alcasar-https.sh 3225 2024-08-28 21:22:11Z rexy $
|
2 |
# $Id: alcasar-https.sh 3293 2025-07-16 22:50:45Z rexy $
|
| 3 |
|
3 |
|
| 4 |
# alcasar-https.sh
|
4 |
# alcasar-https.sh
|
| 5 |
# by Rexy
|
5 |
# by Rexy
|
| 6 |
# This script is distributed under the Gnu General Public License (GPL)
|
6 |
# This script is distributed under the Gnu General Public License (GPL)
|
| 7 |
|
7 |
|
| Line 9... |
Line 9... |
| 9 |
# enable or disable encryption on authentication flows
|
9 |
# enable or disable encryption on authentication flows
|
| 10 |
|
10 |
|
| 11 |
SED="/bin/sed -i"
|
11 |
SED="/bin/sed -i"
|
| 12 |
CONF_FILE="/usr/local/etc/alcasar.conf"
|
12 |
CONF_FILE="/usr/local/etc/alcasar.conf"
|
| 13 |
CHILLI_CONF_FILE="/etc/chilli.conf"
|
13 |
CHILLI_CONF_FILE="/etc/chilli.conf"
|
| - |
|
14 |
HTTPD_CONF_FILE="/etc/httpd/conf/sites.d/alcasar.conf"
|
| - |
|
15 |
HTTPD_80_CONF_FILE="/etc/httpd/conf/sites.d/00_default_vhosts.conf"
|
| 14 |
HOSTNAME=$(grep ^HOSTNAME= $CONF_FILE | cut -d'=' -f2)
|
16 |
HOSTNAME=$(grep ^HOSTNAME= $CONF_FILE | cut -d'=' -f2)
|
| 15 |
DOMAIN=$(grep ^DOMAIN= $CONF_FILE | cut -d'=' -f2)
|
17 |
DOMAIN=$(grep ^DOMAIN= $CONF_FILE | cut -d'=' -f2)
|
| 16 |
|
18 |
|
| 17 |
usage="Usage: alcasar-https.sh {--on | -on} | {--off | -off}"
|
19 |
usage="Usage: alcasar-https.sh {--on | -on} | {--off | -off}"
|
| 18 |
nb_args=$#
|
20 |
nb_args=$#
|
| Line 26... |
Line 28... |
| 26 |
case $args in
|
28 |
case $args in
|
| 27 |
-\? | -h* | --h*)
|
29 |
-\? | -h* | --h*)
|
| 28 |
echo "$usage"
|
30 |
echo "$usage"
|
| 29 |
exit 0
|
31 |
exit 0
|
| 30 |
;;
|
32 |
;;
|
| 31 |
--off | -off) # Chilli : disable HTTPS (it will listen only on 3990 port) + lighttpd : switch with an HTTP conf file
|
33 |
--off | -off) # Chilli : disable HTTPS (it will listen only on 3990 port) + Apache : remove "requireSSL" & redirection directive
|
| 32 |
$SED "s?^HTTPS_LOGIN=.*?HTTPS_LOGIN=off?" $CONF_FILE
|
34 |
$SED "s?^HTTPS_LOGIN=.*?HTTPS_LOGIN=off?" $CONF_FILE
|
| 33 |
$SED "s?^HTTPS_CHILLI=.*?HTTPS_CHILLI=off?" $CONF_FILE
|
35 |
$SED "s?^HTTPS_CHILLI=.*?HTTPS_CHILLI=off?" $CONF_FILE
|
| 34 |
$SED "s?^uamserver.*?uamserver\thttp://$HOSTNAME.$DOMAIN/intercept.php?" $CHILLI_CONF_FILE
|
36 |
$SED "s?^uamserver.*?uamserver\thttp://$HOSTNAME.$DOMAIN/intercept.php?" $CHILLI_CONF_FILE
|
| 35 |
$SED "s?^redirssl.*?#&?" $CHILLI_CONF_FILE
|
37 |
$SED "s?^redirssl.*?#&?" $CHILLI_CONF_FILE
|
| 36 |
$SED "s?^uamuissl.*?#&?" $CHILLI_CONF_FILE
|
38 |
$SED "s?^uamuissl.*?#&?" $CHILLI_CONF_FILE
|
| 37 |
/usr/bin/systemctl restart chilli
|
39 |
/usr/bin/systemctl restart chilli
|
| 38 |
rm -f /etc/lighttpd/vhosts.d/alcasar.conf
|
40 |
$SED "/<Directory \/var\/www\/html>/{n;/SSLRequireSSL/{d;};}" $HTTPD_CONF_FILE
|
| 39 |
ln -s /etc/lighttpd/vhosts.d/alcasar-without-ssl.conf /etc/lighttpd/vhosts.d/alcasar.conf
|
41 |
$SED "/redirect/d" $HTTPD_80_CONF_FILE
|
| 40 |
/usr/bin/systemctl restart lighttpd
|
42 |
/usr/bin/systemctl restart httpd
|
| 41 |
;;
|
43 |
;;
|
| 42 |
--on | -on) # Chilli : enable HTTPS (it will listen on ports 3990 (http) and 3991 (https) + lighttpd : switch with an HTTPS conf file
|
44 |
--on | -on) # Chilli : enable HTTPS (it will listen on ports 3990 (http) and 3991 (https) + apache : add "requireSSL" & redirection directive
|
| 43 |
$SED "s?^HTTPS_LOGIN=.*?HTTPS_LOGIN=on?" $CONF_FILE
|
45 |
$SED "s?^HTTPS_LOGIN=.*?HTTPS_LOGIN=on?" $CONF_FILE
|
| 44 |
$SED "s?^HTTPS_CHILLI=.*?HTTPS_CHILLI=on?" $CONF_FILE
|
46 |
$SED "s?^HTTPS_CHILLI=.*?HTTPS_CHILLI=on?" $CONF_FILE
|
| 45 |
$SED "s?^uamserver.*?uamserver\thttps://$HOSTNAME.$DOMAIN/intercept.php?" $CHILLI_CONF_FILE
|
47 |
$SED "s?^uamserver.*?uamserver\thttps://$HOSTNAME.$DOMAIN/intercept.php?" $CHILLI_CONF_FILE
|
| 46 |
$SED "s?^#redirssl.*?redirssl?" $CHILLI_CONF_FILE
|
48 |
$SED "s?^#redirssl.*?redirssl?" $CHILLI_CONF_FILE
|
| 47 |
$SED "s?^#uamuissl.*?uamuissl?" $CHILLI_CONF_FILE
|
49 |
$SED "s?^#uamuissl.*?uamuissl?" $CHILLI_CONF_FILE
|
| 48 |
/usr/bin/systemctl restart chilli
|
50 |
/usr/bin/systemctl restart chilli
|
| - |
|
51 |
$SED "/<Directory \/var\/www\/html>/{n;/SSLRequireSSL/{d;};}" $HTTPD_CONF_FILE # if already exist
|
| - |
|
52 |
$SED "/<Directory \/var\/www\/html>/a\ SSLRequireSSL" $HTTPD_CONF_FILE
|
| 49 |
rm -f /etc/lighttpd/vhosts.d/alcasar.conf
|
53 |
$SED "/redirect/d" $HTTPD_80_CONF_FILE # if already exist
|
| 50 |
ln -s /etc/lighttpd/vhosts.d/alcasar-with-ssl.conf /etc/lighttpd/vhosts.d/alcasar.conf
|
54 |
$SED "/<\/VirtualHost>/i\ redirect permanent \/ https:\/\/$HOSTNAME.$DOMAIN" $HTTPD_80_CONF_FILE
|
| 51 |
/usr/bin/systemctl restart lighttpd
|
55 |
/usr/bin/systemctl restart httpd
|
| 52 |
;;
|
56 |
;;
|
| 53 |
*)
|
57 |
*)
|
| 54 |
echo "Argument inconnu : $1"
|
58 |
echo "Argument inconnu : $1"
|
| 55 |
echo "$usage"
|
59 |
echo "$usage"
|
| 56 |
exit 1
|
60 |
exit 1
|