Created
July 10, 2024 11:34
-
-
Save mry/61125fba7b474c0c61cccc4100dd6e02 to your computer and use it in GitHub Desktop.
Patch unifi.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- /root/.acme.sh/deploy/unifi.bkp.sh 2024-07-10 13:29:01.699918327 +0200 | |
| +++ /root/.acme.sh/deploy/unifi.sh 2024-07-10 13:23:10.717345032 +0200 | |
| @@ -73,88 +73,6 @@ | |
| # Default reload commands accumulated as we auto-detect environments: | |
| _reload_cmd="" | |
| - # Unifi Controller environment (self hosted or any Cloud Key) -- | |
| - # auto-detect by file /usr/lib/unifi/data/keystore: | |
| - _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-/usr/lib/unifi/data/keystore}" | |
| - if [ -f "$_unifi_keystore" ]; then | |
| - _info "Installing certificate for Unifi Controller (Java keystore)" | |
| - _debug _unifi_keystore "$_unifi_keystore" | |
| - if ! _exists keytool; then | |
| - _err "keytool not found" | |
| - return 1 | |
| - fi | |
| - if [ ! -w "$_unifi_keystore" ]; then | |
| - _err "The file $_unifi_keystore is not writable, please change the permission." | |
| - return 1 | |
| - fi | |
| - | |
| - _unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-aircontrolenterprise}" | |
| - | |
| - _debug "Generate import pkcs12" | |
| - _import_pkcs12="$(_mktemp)" | |
| - _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root | |
| - # shellcheck disable=SC2181 | |
| - if [ "$?" != "0" ]; then | |
| - _err "Error generating pkcs12. Please re-run with --debug and report a bug." | |
| - return 1 | |
| - fi | |
| - | |
| - _debug "Import into keystore: $_unifi_keystore" | |
| - if keytool -importkeystore \ | |
| - -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \ | |
| - -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \ | |
| - -alias unifi -noprompt; then | |
| - _debug "Import keystore success!" | |
| - rm "$_import_pkcs12" | |
| - else | |
| - _err "Error importing into Unifi Java keystore." | |
| - _err "Please re-run with --debug and report a bug." | |
| - rm "$_import_pkcs12" | |
| - return 1 | |
| - fi | |
| - | |
| - if systemctl -q is-active unifi; then | |
| - _reload_cmd="${_reload_cmd:+$_reload_cmd && }service unifi restart" | |
| - fi | |
| - _services_updated="${_services_updated} unifi" | |
| - _info "Install Unifi Controller certificate success!" | |
| - elif [ "$DEPLOY_UNIFI_KEYSTORE" ]; then | |
| - _err "The specified DEPLOY_UNIFI_KEYSTORE='$DEPLOY_UNIFI_KEYSTORE' is not valid, please check." | |
| - return 1 | |
| - fi | |
| - | |
| - # Cloud Key environment (non-UnifiOS -- nginx serves admin pages) -- | |
| - # auto-detect by file /etc/ssl/private/cloudkey.key: | |
| - _cloudkey_certdir="${DEPLOY_UNIFI_CLOUDKEY_CERTDIR:-/etc/ssl/private}" | |
| - if [ -f "${_cloudkey_certdir}/cloudkey.key" ]; then | |
| - _info "Installing certificate for Cloud Key Gen1 (nginx admin pages)" | |
| - _debug _cloudkey_certdir "$_cloudkey_certdir" | |
| - if [ ! -w "$_cloudkey_certdir" ]; then | |
| - _err "The directory $_cloudkey_certdir is not writable; please check permissions." | |
| - return 1 | |
| - fi | |
| - # Cloud Key expects to load the keystore from /etc/ssl/private/unifi.keystore.jks. | |
| - # Normally /usr/lib/unifi/data/keystore is a symlink there (so the keystore was | |
| - # updated above), but if not, we don't know how to handle this installation: | |
| - if ! cmp -s "$_unifi_keystore" "${_cloudkey_certdir}/unifi.keystore.jks"; then | |
| - _err "Unsupported Cloud Key configuration: keystore not found at '${_cloudkey_certdir}/unifi.keystore.jks'" | |
| - return 1 | |
| - fi | |
| - | |
| - cat "$_cfullchain" >"${_cloudkey_certdir}/cloudkey.crt" | |
| - cat "$_ckey" >"${_cloudkey_certdir}/cloudkey.key" | |
| - (cd "$_cloudkey_certdir" && tar -cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks) | |
| - | |
| - if systemctl -q is-active nginx; then | |
| - _reload_cmd="${_reload_cmd:+$_reload_cmd && }service nginx restart" | |
| - fi | |
| - _info "Install Cloud Key Gen1 certificate success!" | |
| - _services_updated="${_services_updated} nginx" | |
| - elif [ "$DEPLOY_UNIFI_CLOUDKEY_CERTDIR" ]; then | |
| - _err "The specified DEPLOY_UNIFI_CLOUDKEY_CERTDIR='$DEPLOY_UNIFI_CLOUDKEY_CERTDIR' is not valid, please check." | |
| - return 1 | |
| - fi | |
| - | |
| # UnifiOS environment -- auto-detect by /data/unifi-core/config/unifi-core.key: | |
| _unifi_core_config="${DEPLOY_UNIFI_CORE_CONFIG:-/data/unifi-core/config}" | |
| if [ -f "${_unifi_core_config}/unifi-core.key" ]; then | |
| @@ -165,6 +83,9 @@ | |
| return 1 | |
| fi | |
| + cat "$_cfullchain" >"${_unifi_core_config}/unifi-core-direct.crt" | |
| + cat "$_ckey" >"${_unifi_core_config}/unifi-core-direct.key" | |
| + | |
| cat "$_cfullchain" >"${_unifi_core_config}/unifi-core.crt" | |
| cat "$_ckey" >"${_unifi_core_config}/unifi-core.key" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This patch works great, but only adds an SSL cert to the admin portal and not to the guest captive portal at domain.tld:8843/guest/s/default/#
Would you be willing to add a fix for this?