Accueil Explorer Aide
Connexion
labriqueinternet
/
vpnclient_ynh
miroir de https://github.com/labriqueinternet/vpnclient_ynh
3
0
Fork 0
Fichiers
Aborescence: fdb9776079
Branches Tags
vpnclient_ynh
/
scripts
/
install

install 6.0 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177 
  1. #!/bin/bash
    2. 

  2. 

  3. # Retrieve arguments
    4. 

  4. domain=${1}
    5. 

  5. url_path=${2}
    6. 

  6. server_name=${3}
    7. 

  7. crt_client_path=${4}
    8. 

  8. crt_client_key_path=${5}
    9. 

  9. crt_server_ca_path=${6}
    10. 

  10. login_user=${7}
    11. 

  11. login_passphrase=${8}
    12. 

  12. 

  13. # Check arguments
    14. 

  14. if [ -z "${server_name}" ]; then
    15. 

  15.   echo "ERROR: You need a VPN server name" >&2
    16. 

  16.   exit 1
    17. 

  17. fi
    18. 

  18. 

  19. if [ \( -z "${crt_client_path}" -a ! -z "${crt_client_key_path}" \)\
    20. 

  20.     -o \( ! -z "${crt_client_path}" -a -z "${crt_client_key_path}" \) ]; then
    21. 

  21. 

  22.   echo "ERROR: A client certificate is needed when you suggest a key (or vice versa)" >&2
    23. 

  23.   exit 1
    24. 

  24. fi
    25. 

  25. 

  26. if [ ! -z "${crt_client_key_path}" -a -z "${crt_server_ca_path}" ]; then
    27. 

  27.   echo "ERROR: If you can suggest a local path for the client certificates, you probably can suggest one other for the (mandatory) CA server" >&2
    28. 

  28.   exit 1
    29. 

  29. fi
    30. 

  30. 

  31. if [ \( -z "${login_user}" -a ! -z "${login_passphrase}" \)\
    32. 

  32.     -o \( ! -z "${login_user}" -a -z "${login_passphrase}" \) ]; then
    33. 

  33. 

  34.   echo "ERROR: A login password is needed when you suggest a login user (or vice versa)" >&2
    35. 

  35.   exit 1
    36. 

  36. fi
    37. 

  37. 

  38. if [ ! -z "${crt_client_path}" -a ! -f "${crt_client_path}" ]; then
    39. 

  39.   echo "ERROR: The local path <${crt_client_path}> does not exist" >&2
    40. 

  40.   exit 1
    41. 

  41. fi
    42. 

  42. 

  43. if [ ! -z "${crt_client_key_path}" -a ! -f "${crt_client_key_path}" ]; then
    44. 

  44.   echo "ERROR: The local path <${crt_client_key_path}> does not exist" >&2
    45. 

  45.   exit 1
    46. 

  46. fi
    47. 

  47. 

  48. if [ ! -z "${crt_server_ca_path}" -a ! -f "${crt_server_ca_path}" ]; then
    49. 

  49.   echo "ERROR: The local path <${crt_server_ca_path}> does not exist" >&2
    50. 

  50.   exit 1
    51. 

  51. fi
    52. 

  52. 

  53. # Check domain/path availability
    54. 

  54. sudo yunohost app checkurl ${domain}${url_path} -a vpnclient
    55. 

  55. if [ ! $? -eq 0 ]; then
    56. 

  56.   exit 1
    57. 

  57. fi
    58. 

  58. 

  59. # Install packages
    60. 

  60. #sudo apt-get update
    61. 

  61. sudo apt-get --assume-yes --force-yes install openvpn php5-fpm
    62. 

  62. 

  63. # Extra packages
    64. 

  64. sudo apt-get --assume-yes --force-yes install sipcalc
    65. 

  65. 

  66. # Save arguments
    67. 

  67. sudo yunohost app setting vpnclient server_name -v "${server_name}"
    68. 

  68. sudo yunohost app setting vpnclient server_port -v 1194
    69. 

  69. sudo yunohost app setting vpnclient server_proto -v udp
    70. 

  70. sudo yunohost app setting vpnclient ip6_addr -v none
    71. 

  71. sudo yunohost app setting vpnclient ip6_net -v none
    72. 

  72. sudo yunohost app setting vpnclient login_user -v "${login_user}"
    73. 

  73. sudo yunohost app setting vpnclient login_passphrase -v "${login_passphrase}"
    74. 

  74. 

  75. # Install IPv6 scripts
    76. 

  76. sudo install -o root -g root -m 0755 ../conf/ipv6_expanded /usr/local/bin/
    77. 

  77. sudo install -o root -g root -m 0755 ../conf/ipv6_compressed /usr/local/bin/
    78. 

  78. 

  79. # Copy confs
    80. 

  80. sudo chown root:admins /etc/openvpn/
    81. 

  81. sudo chmod 775 /etc/openvpn/
    82. 

  82. 

  83. sudo install -b -o root -g admins -m 0664 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
    84. 

  84. sudo install -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl.restore
    85. 

  85. sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
    86. 

  86. sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/vpnadmin.conf
    87. 

  87. 

  88. # Copy web sources
    89. 

  89. sudo mkdir -pm 0755 /var/www/vpnadmin/
    90. 

  90. sudo cp -a ../sources/* /var/www/vpnadmin/
    91. 

  91. 

  92. sudo chown -R root: /var/www/vpnadmin/
    93. 

  93. sudo chmod -R 0644 /var/www/vpnadmin/*
    94. 

  94. sudo find /var/www/vpnadmin/ -type d -exec chmod +x {} \;
    95. 

  95. 

  96. # Copy certificates
    97. 

  97. sudo mkdir -pm 0770 /etc/openvpn/keys/
    98. 

  98. sudo chown root:admins /etc/openvpn/keys/
    99. 

  99. 

  100. [ ! -z "${crt_client_path}" ] &&\
    101. 

  101.   sudo install -b -o root -g admins -m 0660 "${crt_client_path}" /etc/openvpn/keys/user.crt
    102. 

  102. 

  103. [ ! -z "${crt_client_key_path}" ] &&\
    104. 

  104.   sudo install -b -o root -g admins -m 0660 "${crt_client_key_path}" /etc/openvpn/keys/user.key
    105. 

  105. 

  106. [ ! -z "${crt_server_ca_path}" ] &&\
    107. 

  107.   sudo install -b -o root -g admins -m 0660 "${crt_server_ca_path}" /etc/openvpn/keys/ca-server.crt
    108. 

  108. 

  109. sudo rm -f "${crt_client_path}" "${crt_client_key_path}" "${crt_server_ca_path}"
    110. 

  110. 

  111. # Credentials file for (optional) login
    112. 

  112. sudo cat << EOF > /etc/openvpn/keys/credentials
    113. 

  113. ${login_user}
    114. 

  114. ${login_passphrase}
    115. 

  115. EOF
    116. 

  116. 

  117. sudo chown -R root:admins /etc/openvpn/keys/credentials
    118. 

  118. sudo chmod 0460 /etc/openvpn/keys/credentials
    119. 

  119. 

  120. # Create user for the web admin
    121. 

  121. sudo useradd -MUr vpnadmin
    122. 

  122. 

  123. # Fix confs
    124. 

  124. ## nginx
    125. 

  125. sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
    126. 

  126. sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
    127. 

  127. sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
    128. 

  128. 

  129. ## php-fpm
    130. 

  130. sudo sed 's|<TPL:PHP_NAME>|vpnadmin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
    131. 

  131. sudo sed 's|<TPL:PHP_USER>|admin|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
    132. 

  132. sudo sed 's|<TPL:PHP_GROUP>|admins|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
    133. 

  133. sudo sed 's|<TPL:NGINX_REALPATH>|/var/www/vpnadmin/|g' -i /etc/php5/fpm/pool.d/vpnadmin.conf
    134. 

  134. sudo sed 's|^;\?\s*max_execution_time.\+|max_execution_time = 600|' -i /etc/php5/fpm/php.ini
    135. 

  135. 

  136. # Fix sources
    137. 

  137. sudo sed "s|<TPL:NGINX_LOCATION>|${url_path}|g" -i /var/www/vpnadmin/config.php
    138. 

  138. 

  139. # Copy init script
    140. 

  140. sudo install -o root -g root -m 0755 ../conf/init_ynh-vpnclient /etc/init.d/ynh-vpnclient
    141. 

  141. 

  142. # Set default inits
    143. 

  143. # The openvpn configuration is modified before the start, so the service is disabled by default
    144. 

  144. # and the ynh-vpnclient service handles it.
    145. 

  145. sudo yunohost service add openvpn
    146. 

  146. sudo yunohost service stop openvpn
    147. 

  147. sudo yunohost service disable openvpn
    148. 

  148. 

  149. sudo yunohost service add php5-fpm
    150. 

  150. sudo yunohost service enable php5-fpm
    151. 

  151. 

  152. sudo yunohost service add ynh-vpnclient
    153. 

  153. sudo yunohost service enable ynh-vpnclient
    154. 

  154. sudo service ynh-vpnclient start
    155. 

  155. 

  156. sudo service nginx reload
    157. 

  157. 

  158. # Update SSO for vpnadmin
    159. 

  159. sudo yunohost app ssowatconf
    160. 

  160. 

  161. # Restart hotspot service if installed (and started) to change NAT configuration (now on tun0)
    162. 

  162. # A new start will fix the interface without unsetting all stuff
    163. 

  163. if [ -e /tmp/.ynh-hotspot-started ]; then
    164. 

  164.   sudo service ynh-hotspot start
    165. 

  165. fi
    166. 

  166. 

  167. # Check configuration consistency
    168. 

  168. 

  169. if [ -z "${crt_server_ca_path}" ]; then
    170. 

  170.   echo "WARNING: VPN Client is not started because you need to define a server CA through the web admin" >&2
    171. 

  171. fi
    172. 

  172. 

  173. if [ -z "${crt_client_key_path}" -a -z "${login_user}" ]; then
    174. 

  174.   echo "WARNING: VPN Client is not started because you need either a client certificate, either a username (or both)" >&2
    175. 

  175. fi
    176. 

  176. 

  177. exit 0
    178.