Commit eebc93bd authored by mehdi's avatar mehdi

Regenerating CRL on each start & every week. Fixes #14

parent e2503c68
......@@ -19,7 +19,13 @@
"addons": {
"oauth": {},
"ldap": {},
"localstorage": {}
"localstorage": {},
"scheduler": {
"update_feeds": {
"schedule": "0 5 * * 0",
"command": "/app/code/regen-crl.sh"
}
}
},
"capabilities": [
"net_admin"
......
......@@ -30,8 +30,8 @@ ADD app /app/code/app
# Somehow postinstall is not run automatically when building docker image
RUN npm run postinstall
ADD start.sh server.js openvpn-conf.sh openvpn-on-client-connect.sh openvpn-on-client-disconnect.sh openvpn-on-learn-address.sh /app/code/
RUN chmod +x start.sh openvpn-conf.sh openvpn-on-client-connect.sh openvpn-on-client-disconnect.sh openvpn-on-learn-address.sh
ADD start.sh server.js openvpn-conf.sh openvpn-on-client-connect.sh openvpn-on-client-disconnect.sh openvpn-on-learn-address.sh easyrsa-config.sh regen-crl.sh /app/code/
RUN chmod +x start.sh openvpn-conf.sh openvpn-on-client-connect.sh openvpn-on-client-disconnect.sh openvpn-on-learn-address.sh easyrsa-config.sh regen-crl.sh
RUN mkdir -p /app/data
......
#!/usr/bin/env bash
export EASY_RSA="/app/code/easyrsa/"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_DIR="/app/data/keys/"
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
export KEY_SIZE=2048
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Cloudron"
export KEY_EMAIL="support@cloudron.io"
export KEY_OU="Cloudron"
export KEY_NAME="EasyRSA"
export KEY_CONFIG="/app/code/easyrsa/openssl-1.0.0.cnf"
#!/usr/bin/env bash
source ./easyrsa-config.sh
KEY_ALTNAMES="" KEY_CN="" ${OPENSSL} ca -gencrl -out /app/data/keys/crl.pem -config "$KEY_CONFIG"
......@@ -12,24 +12,7 @@ fi
# Generate random management token for admin api
dd if=/dev/urandom bs=256 count=1 | base64 > /run/admin-token
export EASY_RSA="/app/code/easyrsa/"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_DIR="/app/data/keys/"
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
export KEY_SIZE=2048
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Cloudron"
export KEY_EMAIL="support@cloudron.io"
export KEY_OU="Cloudron"
export KEY_NAME="EasyRSA"
export KEY_CONFIG="/app/code/easyrsa/openssl-1.0.0.cnf"
source ./easyrsa-config.sh
# The first time this is run, initialize OpenVPN keys
if [ ! -d /app/data/keys ]; then
......@@ -38,11 +21,11 @@ if [ ! -d /app/data/keys ]; then
openvpn --genkey --secret /app/data/keys/ta.key
/app/code/easyrsa/build-dh
/app/code/easyrsa/pkitool --server cloudron
# Generating empty CRL file
KEY_ALTNAMES="" KEY_CN="" ${OPENSSL} ca -gencrl -out /app/data/keys/crl.pem -config "$KEY_CONFIG"
fi
# initializing / regenerating CRL file
./regen-crl.sh
# Writing OpenVPN config
./openvpn-conf.sh > /run/openvpn.conf
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment