mirror of
https://github.com/akuker/RASCSI.git
synced 2024-11-26 13:49:21 +00:00
Add HTTPS support to web UI
This commit is contained in:
parent
136e915f0c
commit
0a17633de3
@ -55,6 +55,8 @@ OLED_INSTALL_PATH="$BASE/python/oled"
|
|||||||
CTRLBOARD_INSTALL_PATH="$BASE/python/ctrlboard"
|
CTRLBOARD_INSTALL_PATH="$BASE/python/ctrlboard"
|
||||||
PYTHON_COMMON_PATH="$BASE/python/common"
|
PYTHON_COMMON_PATH="$BASE/python/common"
|
||||||
SYSTEMD_PATH="/etc/systemd/system"
|
SYSTEMD_PATH="/etc/systemd/system"
|
||||||
|
SSL_CERTS_PATH="/etc/ssl/certs"
|
||||||
|
SSL_KEYS_PATH="/etc/ssl/private"
|
||||||
HFS_FORMAT=/usr/bin/hformat
|
HFS_FORMAT=/usr/bin/hformat
|
||||||
HFDISK_BIN=/usr/bin/hfdisk
|
HFDISK_BIN=/usr/bin/hfdisk
|
||||||
LIDO_DRIVER=$BASE/lido-driver.img
|
LIDO_DRIVER=$BASE/lido-driver.img
|
||||||
@ -147,6 +149,21 @@ function installRaScsiWebInterface() {
|
|||||||
|
|
||||||
sudo usermod -a -G $USER www-data
|
sudo usermod -a -G $USER www-data
|
||||||
|
|
||||||
|
if [ -f "$SSL_CERTS_PATH/rascsi-web.crt" ]; then
|
||||||
|
echo "SSL certificate $SSL_CERTS_PATH/rascsi-web.crt already exists."
|
||||||
|
else
|
||||||
|
echo "SSL certificate $SSL_CERTS_PATH/rascsi-web.crt does not exist; creating self-signed certificate..."
|
||||||
|
sudo mkdir -p "$SSL_CERTS_PATH" || true
|
||||||
|
sudo mkdir -p "$SSL_KEYS_PATH" || true
|
||||||
|
sudo openssl req -x509 -nodes -sha256 -days 3650 \
|
||||||
|
-newkey rsa:4096 \
|
||||||
|
-keyout "$SSL_KEYS_PATH/rascsi-web.key" \
|
||||||
|
-out "$SSL_CERTS_PATH/rascsi-web.crt" \
|
||||||
|
-subj '/CN=rascsi' \
|
||||||
|
-addext 'subjectAltName=DNS:rascsi' \
|
||||||
|
-addext 'extendedKeyUsage=serverAuth'
|
||||||
|
fi
|
||||||
|
|
||||||
sudo systemctl reload nginx || true
|
sudo systemctl reload nginx || true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -3,6 +3,16 @@
|
|||||||
server {
|
server {
|
||||||
listen [::]:80 default_server;
|
listen [::]:80 default_server;
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/certs/rascsi-web.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/private/rascsi-web.key;
|
||||||
|
ssl_session_timeout 1d;
|
||||||
|
ssl_session_cache shared:MozSSL:10m;
|
||||||
|
ssl_session_tickets off;
|
||||||
|
ssl_protocols TLSv1.3;
|
||||||
|
ssl_prefer_server_ciphers off;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://127.0.0.1:8080;
|
proxy_pass http://127.0.0.1:8080;
|
||||||
|
Loading…
Reference in New Issue
Block a user