WebSVN – ALCASAR – Diff – /scripts/alcasar-conf.sh

 #!/bin/bash
-# $Id: alcasar-conf.sh 2811 2020-04-15 22:07:11Z rexy $
+# $Id: alcasar-conf.sh 2813 2020-04-26 21:26:32Z rexy $
 # alcasar-conf.sh
 # by REXY
 # This script is distributed under the Gnu General Public License (GPL)
 		cp -f /etc/pki/tls/certs/alcasar.crt* $DIR_UPDATE
 		cp -f /etc/pki/tls/private/alcasar.key* $DIR_UPDATE
 		[ -e /etc/pki/tls/private/alcasar.pem ] && cp -f /etc/pki/tls/private/alcasar.pem $DIR_UPDATE # since V3.3
 		cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE
 		cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE
-		if [ -e /etc/pki/tls/certs/server-chain.crt ]; then
+		if [ -e /etc/pki/tls/certs/server-chain.pem ]; then
-			cp -f /etc/pki/tls/certs/server-chain.crt* $DIR_UPDATE # autosigned and official if exist
+			cp -f /etc/pki/tls/certs/server-chain.pem $DIR_UPDATE # autosigned and official if exist
 		else
-			cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt
+			cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.pem
 		fi
 # pureip & safesearch status
 		[ -d /etc/dansguardian ] && dg_path=/etc/dansguardian || dg_path=/etc/e2guardian
 		if ! grep -Eq '^WL_SAFESEARCH=' $DIR_UPDATE/etc/alcasar.conf; then
 		cp -f $DIR_UPDATE/alcasar-ca.crt /etc/pki/CA/
 		cp -f $DIR_UPDATE/alcasar-ca.key /etc/pki/CA/private/
 		cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/
 		cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/
 		cp -f $DIR_UPDATE/alcasar.pem /etc/pki/tls/private/
-		[ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist
+		[ -e $DIR_UPDATE/server-chain.pem ] && cp -f $DIR_UPDATE/server-chain.pem /etc/pki/tls/certs/ # autosigned and official if exist
 		chown root:apache /etc/pki/CA; chmod 750 /etc/pki/CA
 		chmod 640 /etc/pki/CA/*
 		chown root:root /etc/pki/CA/private; chmod 700 /etc/pki/CA/private
 		chmod 600 /etc/pki/CA/private/*
 		chown -R root:apache /etc/pki/tls/private; chmod 750 /etc/pki/tls/private
 	local-zone: "$HOSTNAME.$DOMAIN" static
 	local-data: "$HOSTNAME.$DOMAIN A $PRIVATE_IP"
 	local-zone: "$HOSTNAME" static
 	local-data: "$HOSTNAME A $PRIVATE_IP"
 EOF
+		if [ "$HOSTNAME" != 'alcasar' ]
+		then
+			echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
+			echo -e "\tlocal-zone: \"alcasar A $PRIVATE_IP\"" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
+			echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf
+			echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf
+		fi
-		# Configuration file for lo of forward unbound
+		# Configuration file for lo of forward
 		cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf
 server:
 	interface: 127.0.0.1@53
 	access-control-view: 127.0.0.1/8 lo
 view:
 	local-zone: "$HOSTNAME" static
 	local-data: "$HOSTNAME A 127.0.0.1"
 	local-zone: "$DOMAIN." static
 	local-data: "$DOMAIN. A"
 EOF
-		if [ "$HOSTNAME" != 'alcasar' ]
-		then
-			echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
-			echo -e "\tlocal-zone: \"alcasar A $PRIVATE_IP\"" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf
-			echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf
-			echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf
-		fi
-		# Configuration file for $INTIF of forward unbound
+		# Configuration file for $INTIF of forward
 		cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf
 server:
 	interface: ${PRIVATE_IP}@53
 	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
 view:
 	name: "$INTIF"
 	view-first: yes
 EOF
-		# Configuration file for $INTIF of blacklist unbound
+		# Configuration file for $INTIF of blacklist
 		cat << EOF > /etc/unbound/conf.d/blacklist/iface.${INTIF}.conf
 server:
 	interface: ${PRIVATE_IP}@54
 	access-control: $PRIVATE_IP_MASK allow
 	access-control-tag: $PRIVATE_IP_MASK "blacklist"
 	access-control-tag-action: $PRIVATE_IP_MASK "blacklist" redirect
 	access-control-tag-data: $PRIVATE_IP_MASK "blacklist" "A $PRIVATE_IP"
 EOF
-		# Configuration file for $INTIF of whitelist unbound
+		# Configuration file for $INTIF of whitelist
 		cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf
 server:
 	interface: ${PRIVATE_IP}@55
 	access-control: $PRIVATE_IP_MASK allow
 	access-control-tag: $PRIVATE_IP_MASK "whitelist"
 	access-control-tag-action: $PRIVATE_IP_MASK "whitelist" redirect
 	access-control-tag-data: $PRIVATE_IP_MASK "whitelist" "A $PRIVATE_IP"
 EOF
-		# Configuration file for $INTIF of blackhole unbound
+		# Configuration file for $INTIF of blackhole
 		cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf
 server:
 	interface: ${PRIVATE_IP}@56
 	access-control-view: $PRIVATE_NETWORK_MASK $INTIF
 view:

Subversion Repositories ALCASAR

(root)/scripts/alcasar-conf.sh – Rev 2811 → 2813