Merge branch 'master' into 53-wifi

5 years ago · 44e4a395fc
3 changed files with 17 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -50,6 +50,9 @@ Tested Operating Systems (in order of thoroughness):
 - Debian 10 (Buster)
 - Raspbian Buster
 Tested Browsers:
 - Firefox
 The default tests are run on DigitalOcean Droplets: 2GB RAM, 1 CPU, 50GB hard disk.
 The Mistborn docker images exist for these architectures:
@ -265,6 +268,8 @@ These are the default credentials to use in the services you choose to use:
 | Cockpit | cockpit | {{default mistborn password}} |
 | Nextcloud | mistborn | {{default mistborn password}} |
 You can find the credentials sent to the Docker containers in: `/opt/mistborn/.envs/.production/`
 # Gateway Setup
 Mistborn will generate the Wireguard configuration script for the Gateway. From a base Ubuntu/Debian/Raspbian operating system the following packages are recommended to be installed beforehand:
@ -457,6 +462,9 @@ Many features and refinements are in the works at various stages including:
 - Internal network scan tool and feedback
 - Anomaly detection in network traffic
 # Follow
 You can find recent bugfixes, functional additions, some extra documentation and more at the Cyber5K Patreon page: [https://www.patreon.com/cyber5k](https://www.patreon.com/cyber5k)
 # Contact
 Contact me at [steven@cyber5k.com](mailto:steven@cyber5k.com)
--- a/scripts/install.sh
+++ b/scripts/install.sh
@ -209,8 +209,8 @@ cp ./compose/production/traefik/traefik.toml.template ./compose/production/traef
 # setup tls certs 
 source ./scripts/subinstallers/openssl.sh
-sudo rm -rf ../mistborn_volumes/base/tls
+#sudo rm -rf ../mistborn_volumes/base/tls
-sudo mv ./tls ../mistborn_volumes/base/
+#sudo mv ./tls ../mistborn_volumes/base/
 # enable and run setup to generate .env
 sudo systemctl enable Mistborn-setup.service
--- a/scripts/subinstallers/openssl.sh
+++ b/scripts/subinstallers/openssl.sh
@ -1,6 +1,6 @@
 #!/bin/bash
-KEY_FOLDER="./tls/"
+KEY_FOLDER="/opt/mistborn_volumes/base/tls/"
 CRT_FILE="cert.crt"
 KEY_FILE="cert.key"
@ -11,11 +11,15 @@ KEY_PATH="$KEY_FOLDER/$KEY_FILE"
 sudo -E apt-get install -y openssl
 # make folder
-mkdir -p $KEY_FOLDER
+sudo -E mkdir -p $KEY_FOLDER
 # clean old crt and key
 sudo -E rm -f ${KEY_FOLDER}/*
 # generate crt and key
-openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:4096 -keyout $KEY_PATH -out $CRT_PATH -subj "/C=US/ST=New York/L=New York/O=cyber5k/OU=mistborn/CN=*.mistborn/emailAddress=mistborn@localhost"
+sudo -E openssl req -x509 -sha256 -nodes -days 397 -newkey rsa:4096 -keyout $KEY_PATH -out $CRT_PATH -addext "subjectAltName = DNS:*.mistborn" -addext extendedKeyUsage=serverAuth -subj "/C=US/ST=New York/L=New York/O=cyber5k/OU=mistborn/CN=*.mistborn/emailAddress=mistborn@localhost"
 # set permissions
 sudo -E chown -R mistborn:mistborn ${KEY_FOLDER}
 chmod 644 $CRT_PATH
 chmod 600 $KEY_PATH