|
#!/bin/sh
|
|
|
|
|
|
if [ -f "/etc/nginx/luci_nginx_ssl.conf" ] && [ -f "/etc/nginx/nginx.conf" ]; then
|
|
if [ ! "$(cat '/etc/nginx/nginx.conf' | grep -q 'return 301 https://$host$request_uri;')" ]; then
|
|
if [ -f "/etc/nginx/nginx.conf_old" ]; then
|
|
rm /etc/nginx/nginx.conf
|
|
else
|
|
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf_old
|
|
fi
|
|
mv /etc/nginx/luci_nginx_ssl.conf /etc/nginx/nginx.conf
|
|
core_number=$(grep -c ^processor /proc/cpuinfo)
|
|
sed -i "3s/.*/worker_processes "$core_number";/" /etc/nginx/nginx.conf
|
|
if [ -n "$(pgrep nginx)" ]; then
|
|
/etc/init.d/nginx restart
|
|
else
|
|
/etc/init.d/nginx start
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
|
|
if [ ! -f "/etc/nginx/nginx.key" ]; then
|
|
|
|
NGINX_KEY=/etc/nginx/nginx.key
|
|
NGINX_CER=/etc/nginx/nginx.cer
|
|
OPENSSL_BIN=/usr/bin/openssl
|
|
PX5G_BIN=/usr/sbin/px5g
|
|
|
|
# Prefer px5g for certificate generation (existence evaluated last)
|
|
GENKEY_CMD=""
|
|
UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
|
|
[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -nodes"
|
|
[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned"
|
|
[ -n "$GENKEY_CMD" ] && {
|
|
$GENKEY_CMD \
|
|
-days 730 -newkey rsa:2048 -keyout "${NGINX_KEY}.new" -out "${NGINX_CER}.new" \
|
|
-subj /C="ZZ"/ST="Somewhere"/L="Unknown"/O="OpenWrt""$UNIQUEID"/CN="OpenWrt"
|
|
sync
|
|
mv "${NGINX_KEY}.new" "${NGINX_KEY}"
|
|
mv "${NGINX_CER}.new" "${NGINX_CER}"
|
|
}
|
|
fi
|
|
|
|
|
|
exit 0
|