Merge pull request #783 from nucleogenic/webui-https-support

Add HTTPS support to web UI
This commit is contained in:
Daniel Markstedt 2022-08-04 15:59:26 -07:00 committed by GitHub
commit 4e622a9ea9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 0 deletions

View File

@ -55,6 +55,8 @@ OLED_INSTALL_PATH="$BASE/python/oled"
CTRLBOARD_INSTALL_PATH="$BASE/python/ctrlboard" CTRLBOARD_INSTALL_PATH="$BASE/python/ctrlboard"
PYTHON_COMMON_PATH="$BASE/python/common" PYTHON_COMMON_PATH="$BASE/python/common"
SYSTEMD_PATH="/etc/systemd/system" SYSTEMD_PATH="/etc/systemd/system"
SSL_CERTS_PATH="/etc/ssl/certs"
SSL_KEYS_PATH="/etc/ssl/private"
HFS_FORMAT=/usr/bin/hformat HFS_FORMAT=/usr/bin/hformat
HFDISK_BIN=/usr/bin/hfdisk HFDISK_BIN=/usr/bin/hfdisk
LIDO_DRIVER=$BASE/lido-driver.img LIDO_DRIVER=$BASE/lido-driver.img
@ -147,6 +149,21 @@ function installRaScsiWebInterface() {
sudo usermod -a -G $USER www-data sudo usermod -a -G $USER www-data
if [ -f "$SSL_CERTS_PATH/rascsi-web.crt" ]; then
echo "SSL certificate $SSL_CERTS_PATH/rascsi-web.crt already exists."
else
echo "SSL certificate $SSL_CERTS_PATH/rascsi-web.crt does not exist; creating self-signed certificate..."
sudo mkdir -p "$SSL_CERTS_PATH" || true
sudo mkdir -p "$SSL_KEYS_PATH" || true
sudo openssl req -x509 -nodes -sha256 -days 3650 \
-newkey rsa:4096 \
-keyout "$SSL_KEYS_PATH/rascsi-web.key" \
-out "$SSL_CERTS_PATH/rascsi-web.crt" \
-subj '/CN=rascsi' \
-addext 'subjectAltName=DNS:rascsi' \
-addext 'extendedKeyUsage=serverAuth'
fi
sudo systemctl reload nginx || true sudo systemctl reload nginx || true
} }

View File

@ -3,6 +3,16 @@
server { server {
listen [::]:80 default_server; listen [::]:80 default_server;
listen 80 default_server; listen 80 default_server;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/certs/rascsi-web.crt;
ssl_certificate_key /etc/ssl/private/rascsi-web.key;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers off;
location / { location / {
proxy_pass http://127.0.0.1:8080; proxy_pass http://127.0.0.1:8080;