From aa2aab5991355267f37e6c7a75c853eda89aee72 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Mon, 10 Mar 2014 15:11:07 +0530 Subject: [PATCH] Self Signed SSL Certificate For The Issue #124 --- etc/nginx/common/locations.conf | 12 ++++++------ etc/nginx/conf.d/eeadmin.conf | 7 +++++-- usr/local/sbin/easyengine | 24 ++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 8 deletions(-) diff --git a/etc/nginx/common/locations.conf b/etc/nginx/common/locations.conf index e91dc9da..f03551b6 100644 --- a/etc/nginx/common/locations.conf +++ b/etc/nginx/common/locations.conf @@ -61,28 +61,28 @@ location ~ ^/(status|ping) { # PMA Settings location /pma { - return 301 $scheme://$host:22222/db/pma; + return 301 https://$host:22222/db/pma; } location /phpMyAdmin { - return 301 $scheme://$host:22222/db/pma; + return 301 https://$host:22222/db/pma; } location /phpmyadmin { - return 301 $scheme://$host:22222/db/pma; + return 301 https://$host:22222/db/pma; } # Adminer Settings location /adminer { - return 301 $scheme://$host:22222/db/adminer/; + return 301 https://$host:22222/db/adminer/; } # Memcache Settings location /memcache { - return 301 $scheme://$host:22222/php/memcache/; + return 301 https://$host:22222/php/memcache/; } # Opcache Settings location /opcache { - return 301 $scheme://$host:22222/php/opcache/; + return 301 https://$host:22222/php/opcache/; } diff --git a/etc/nginx/conf.d/eeadmin.conf b/etc/nginx/conf.d/eeadmin.conf index ca219e53..2e1a4399 100644 --- a/etc/nginx/conf.d/eeadmin.conf +++ b/etc/nginx/conf.d/eeadmin.conf @@ -1,12 +1,15 @@ -# WPSINGLE BASIC NGINX CONFIGURATION +# EasyEngine Admin Configuration server { - listen 22222; + listen 22222 ssl; server_name _; access_log /var/log/nginx/eeadmin.access.log rt_cache; error_log /var/log/nginx/eeadmin.error.log; + ssl_certificate /etc/nginx/ssl/eeadmin.crt; + ssl_certificate_key /etc/nginx/ssl/eeadmin.key; + root /var/www/eeadmin/htdocs; index index.php index.htm index.html; diff --git a/usr/local/sbin/easyengine b/usr/local/sbin/easyengine index 921b98cc..02773a73 100644 --- a/usr/local/sbin/easyengine +++ b/usr/local/sbin/easyengine @@ -273,6 +273,30 @@ COMMONNGINX() EEDEST="/etc/nginx/common" EEMD5SUM + # EEAdmin SSL Setup + if [ ! -d /etc/nginx/ssl ] + then + mkdir /etc/nginx/ssl || OwnError "Unable To Create /etc/nginx/ssl" + fi + + # Generate SSL Key + echo -e "\033[34mGenerating SSL Private Key, Please Wait...\e[0m" + openssl genrsa -out /etc/nginx/ssl/eeadmin.key 2048 &>> $INSTALLLOG \ + || OwnError "Unable To Generate SSL Private Key" + + echo -e "\033[34mGenerating a Certificate Signing Request (CSR), Please Wait...\e[0m" + openssl req -new -batch -subj /C=IN/ST=Maharashtra/O="rtCamp Solutions Pvt. Ltd."/localityName=Pune/commonName=127.0.0.1/organizationalUnitName=EasyEngine/emailAddress=$(git config user.email)/ -key /etc/nginx/ssl/eeadmin.key -out /etc/nginx/ssl/eeadmin.csr &>> $INSTALLLOG \ + || OwnError "Unable To Generate Certificate Signing Request (CSR)" + + echo -e "\033[34mRemoving Passphrase From SSL Private Key, Please Wait...\e[0m" + mv /etc/nginx/ssl/eeadmin.key /etc/nginx/ssl/eeadmin.key.org + openssl rsa -in /etc/nginx/ssl/eeadmin.key.org -out /etc/nginx/ssl/eeadmin.key &>> $INSTALLLOG \ + || OwnError "Unable To Remove Passphrase From SSL Private Key" + + echo -e "\033[34mGenerating SSL Certificate, Please Wait...\e[0m" + openssl x509 -req -days 3652 -in /etc/nginx/ssl/eeadmin.csr -signkey /etc/nginx/ssl/eeadmin.key -out /etc/nginx/ssl/eeadmin.crt &>> $INSTALLLOG \ + || OwnError "Unable To Generate SSL Certificate" + # White List IP Address echo -e "\033[34mEasyEngine (ee) Allow To Access Protected Files By Using Whitelisted IP Address Or HTTP Authentication\e[0m" stty echo