LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11834 Commits
1 Branch
46 MiB
Tree: 1ee9fb4aff
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1ee9fb4aff'
${ noResults }
openwrt-packages-dist/net/acme/files/acme-cbi.lua

104 lines
4.9 KiB
Raw Normal View History

acme: Add Luci app This adds a Luci configuration app for the ACME certificate package. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
8 years ago
acme: add support for nginx webserver This adds a metapakcge for acme luci ap without uhttpd dependency and adds entities and check to stop handle nginx server and modify the certificate set automatically. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
6 years ago
acme: Add Luci app This adds a Luci configuration app for the ACME certificate package. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
8 years ago
acme: Support running in webroot mode, detect other daemons on port 80 For configurations where another web server is running on port 80, running acme.sh in standalone mode fails. Try to detect this and refuse to run; and allow the user to configure a webroot directory to use the running webserver for certificate verification. This also updates acme.sh to the latest version. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
8 years ago
acme: Add Luci app This adds a Luci configuration app for the ACME certificate package. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
8 years ago
acme: Support running in webroot mode, detect other daemons on port 80 For configurations where another web server is running on port 80, running acme.sh in standalone mode fails. Try to detect this and refuse to run; and allow the user to configure a webroot directory to use the running webserver for certificate verification. This also updates acme.sh to the latest version. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
8 years ago
acme: Add Luci app This adds a Luci configuration app for the ACME certificate package. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
8 years ago
acme: add support for nginx webserver This adds a metapakcge for acme luci ap without uhttpd dependency and adds entities and check to stop handle nginx server and modify the certificate set automatically. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
6 years ago
acme: Add Luci app This adds a Luci configuration app for the ACME certificate package. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
8 years ago
acme: Fix whitespace and long lines, bump package rev Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
6 years ago
acme: add support for nginx webserver This adds a metapakcge for acme luci ap without uhttpd dependency and adds entities and check to stop handle nginx server and modify the certificate set automatically. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
6 years ago
acme: Fix whitespace and long lines, bump package rev Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
6 years ago
acme: Add Luci app This adds a Luci configuration app for the ACME certificate package. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
8 years ago
acme: add support for nginx webserver This adds a metapakcge for acme luci ap without uhttpd dependency and adds entities and check to stop handle nginx server and modify the certificate set automatically. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
6 years ago
acme: Add Luci app This adds a Luci configuration app for the ACME certificate package. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
8 years ago
acme: Support running in webroot mode, detect other daemons on port 80 For configurations where another web server is running on port 80, running acme.sh in standalone mode fails. Try to detect this and refuse to run; and allow the user to configure a webroot directory to use the running webserver for certificate verification. This also updates acme.sh to the latest version. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
8 years ago
acme: Not all fields should be mandatory in Luci Fixes #6370. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
6 years ago
acme: Support running in webroot mode, detect other daemons on port 80 For configurations where another web server is running on port 80, running acme.sh in standalone mode fails. Try to detect this and refuse to run; and allow the user to configure a webroot directory to use the running webserver for certificate verification. This also updates acme.sh to the latest version. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
8 years ago
acme: Add Luci app This adds a Luci configuration app for the ACME certificate package. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
8 years ago
acme: Support DNS mode Tested with dynu.com ddns. Install acme-dnsapi: # opkg install acme-dnsapi Example `/etc/config/acme`: config acme option state_dir '/etc/acme' option account_email email@example.org' option debug '0' config cert 'foo' option enabled '1' option use_staging '1' option keylength '2048' option update_uhttpd '0' option dns 'dns_dynu' list domains 'foo.dynu.com' list domains '*.foo.dynu.com' list credentials 'Dynu_ClientId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"' list credentials 'Dynu_Secret="yyyyyyyyyyyyyyyyyyyyyyyyy"' Run: # /etc/init.d/acme start Signed-off-by: Zhong Jianxin <azuwis@gmail.com>
7 years ago
acme: Not all fields should be mandatory in Luci Fixes #6370. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
6 years ago
acme: Support DNS mode Tested with dynu.com ddns. Install acme-dnsapi: # opkg install acme-dnsapi Example `/etc/config/acme`: config acme option state_dir '/etc/acme' option account_email email@example.org' option debug '0' config cert 'foo' option enabled '1' option use_staging '1' option keylength '2048' option update_uhttpd '0' option dns 'dns_dynu' list domains 'foo.dynu.com' list domains '*.foo.dynu.com' list credentials 'Dynu_ClientId="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"' list credentials 'Dynu_Secret="yyyyyyyyyyyyyyyyyyyyyyyyy"' Run: # /etc/init.d/acme start Signed-off-by: Zhong Jianxin <azuwis@gmail.com>
7 years ago
acme: Add Luci app This adds a Luci configuration app for the ACME certificate package. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
8 years ago
 
  1. --[[
  2. LuCI - Lua Configuration Interface
  3. 

  4. Copyright 2016 Toke Høiland-Jørgensen <toke@toke.dk>
  5. 

  6. # This program is free software; you can redistribute it and/or modify it under
  7. # the terms of the GNU General Public License as published by the Free Software
  8. # Foundation; either version 3 of the License, or (at your option) any later
  9. # version.
  10. 

  11. ]]--
  12. 

  13. local ipkg = require "luci.model.ipkg"
  14. 

  15. local nginx_presence = ipkg.installed("nginx-all-module") or ipkg.installed("nginx-ssl") or false
  16. 

  17. local uhttpd_presence = ipkg.installed("uhttpd") or false
  18. 

  19. m = Map("acme", translate("ACME certificates"),
  20. 	translate("This configures ACME (Letsencrypt) automatic certificate installation. " ..
  21.                   "Simply fill out this to have the router configured with Letsencrypt-issued " ..
  22.                   "certificates for the web interface. " ..
  23.                   "Note that the domain names in the certificate must already be configured to " ..
  24.                   "point at the router's public IP address. " ..
  25.                   "Once configured, issuing certificates can take a while. " ..
  26.                   "Check the logs for progress and any errors."))
  27. 

  28. s = m:section(TypedSection, "acme", translate("ACME global config"))
  29. s.anonymous = true
  30. 

  31. st = s:option(Value, "state_dir", translate("State directory"),
  32.               translate("Where certs and other state files are kept."))
  33. st.rmempty = false
  34. st.datatype = "directory"
  35. 

  36. ae = s:option(Value, "account_email", translate("Account email"),
  37.               translate("Email address to associate with account key."))
  38. ae.rmempty = false
  39. ae.datatype = "minlength(1)"
  40. 

  41. d = s:option(Flag, "debug", translate("Enable debug logging"))
  42. d.rmempty = false
  43. 

  44. cs = m:section(TypedSection, "cert", translate("Certificate config"))
  45. cs.anonymous = false
  46. cs.addremove = true
  47. 

  48. e = cs:option(Flag, "enabled", translate("Enabled"))
  49. e.rmempty = false
  50. 

  51. us = cs:option(Flag, "use_staging", translate("Use staging server"),
  52.                translate("Get certificate from the Letsencrypt staging server " ..
  53.                          "(use for testing; the certificate won't be valid)."))
  54. us.rmempty = false
  55. 

  56. kl = cs:option(Value, "keylength", translate("Key length"),
  57.                translate("Number of bits (minimum 2048)."))
  58. kl.rmempty = false
  59. kl.datatype = "and(uinteger,min(2048))"
  60. 

  61. if uhttpd_presence then
  62. u = cs:option(Flag, "update_uhttpd", translate("Use for uhttpd"),
  63.               translate("Update the uhttpd config with this certificate once issued " ..
  64.                         "(only select this for one certificate)." ..
  65.                         "Is also available luci-app-uhttpd to configure uhttpd form the LuCI interface."))
  66. u.rmempty = false
  67. end
  68. 

  69. if nginx_presence then
  70. u = cs:option(Flag, "update_nginx", translate("Use for nginx"),
  71.               translate("Update the nginx config with this certificate once issued " ..
  72.                         "(only select this for one certificate)." ..
  73.                         "Nginx must support ssl, if not it won't start as it needs to be " ..
  74.                         "compiled with ssl support to use cert options"))
  75. u.rmempty = false
  76. end
  77. 

  78. wr = cs:option(Value, "webroot", translate("Webroot directory"),
  79.                translate("Webserver root directory. Set this to the webserver " ..
  80.                          "document root to run Acme in webroot mode. The web " ..
  81.                          "server must be accessible from the internet on port 80."))
  82. wr.optional = true
  83. 

  84. dom = cs:option(DynamicList, "domains", translate("Domain names"),
  85.                 translate("Domain names to include in the certificate. " ..
  86.                           "The first name will be the subject name, subsequent names will be alt names. " ..
  87.                           "Note that all domain names must point at the router in the global DNS."))
  88. dom.datatype = "list(string)"
  89. 

  90. dns = cs:option(Value, "dns", translate("DNS API"),
  91.                 translate("To use DNS mode to issue certificates, set this to the name of a DNS API supported by acme.sh. " ..
  92.                           "See https://github.com/Neilpang/acme.sh/tree/master/dnsapi for the list of available APIs. " ..
  93.                           "In DNS mode, the domain name does not have to resolve to the router IP. " ..
  94.                           "DNS mode is also the only mode that supports wildcard certificates. " ..
  95.                           "Using this mode requires the acme-dnsapi package to be installed."))
  96. dns.optional = true
  97. 

  98. cred = cs:option(DynamicList, "credentials", translate("DNS API credentials"),
  99.                  translate("The credentials for the DNS API mode selected above. " ..
  100.                            "See https://github.com/Neilpang/acme.sh/tree/master/dnsapi#how-to-use-dns-api for the format of credentials required by each API. " ..
  101.                            "Add multiple entries here in KEY=VAL shell variable format to supply multiple credential variables."))
  102. cred.datatype = "list(string)"
  103. 

  104. return m