From 75d673239f2e73fa80af3fcf0058d439a7b95e89 Mon Sep 17 00:00:00 2001 From: Viktor Petersson Date: Sat, 31 Aug 2013 16:22:51 -0700 Subject: [PATCH] Adds SSL support. --- misc/enable_ssl.sh | 29 +++++++++++++++++++++++++++++ misc/screenly.crt | 19 +++++++++++++++++++ misc/screenly.key | 27 +++++++++++++++++++++++++++ misc/stunnel.conf | 7 +++++++ 4 files changed, 82 insertions(+) create mode 100755 misc/enable_ssl.sh create mode 100644 misc/screenly.crt create mode 100644 misc/screenly.key create mode 100644 misc/stunnel.conf diff --git a/misc/enable_ssl.sh b/misc/enable_ssl.sh new file mode 100755 index 00000000..03674fb4 --- /dev/null +++ b/misc/enable_ssl.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +echo "Upgrading Screenly..." +curl -sL https://raw.github.com/wireload/screenly-ose/master/misc/upgrade.sh | bash + +echo "Installing Stunnel..." +sudo apt-get -y -qq install stunnel4 +sudo ln -s ~/screenly/misc/stunnel.conf /etc/stunnel/screenly.conf + +echo "Enable Stunnel to start on boot.." +sudo sed -e 's/^ENABLED=0$/ENABLED=1/g' -i /etc/default/stunnel4 + +echo "Installing self-signed certificates..." +echo "NOTE: To improve security, you can use properly signed certificates. Just replace screenly.crt and screenly.key in /etc/ssl." +sudo cp ~/screenly/misc/screenly.crt /etc/ssl/ +sudo cp ~/screenly/misc/screenly.key /etc/ssl/ +sudo chown root:root /etc/ssl/screenly* +sudo chmod 600 /etc/ssl/screenly* + +echo "Modify Screenly Server to only listen on localhost (and only allow SSL connections)..." +sed -e 's/^.*listen.*/listen = 127.0.0.1:8080/g' -i ~/.screenly/screenly.conf + +echo "Restarting Screenly Server..." +sudo supervisorctl restart screenly + +echo "Starting Stunnel..." +sudo /etc/init.d/stunnel4 restart + +echo "You should be all set. You should be able to access Screenly's management interface at https:// diff --git a/misc/screenly.crt b/misc/screenly.crt new file mode 100644 index 00000000..fb812802 --- /dev/null +++ b/misc/screenly.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDIDCCAggCCQCurglCBjUMajANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJV +UzETMBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEChMMV2lyZUxvYWQgSW5jMRcw +FQYDVQQDEw5zY3JlZW5seS5sb2NhbDAeFw0xMzA4MzEyMjU5MDhaFw0xNDA4MzEy +MjU5MDhaMFIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRUwEwYD +VQQKEwxXaXJlTG9hZCBJbmMxFzAVBgNVBAMTDnNjcmVlbmx5LmxvY2FsMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+ktqasRmKoK3VxagLJRoi+MHANI +vLDpkpofkNcc//5VyxjsZu0nCwQje3G9revetaBpcx7f1Tlmh1lxj3MZ6G1btND8 +HziExCmF9gh2u5Z+0PHMYDd1OoSO8vSxqBuEMzj3NkmRKjhEzsZiXLGJbKEVt3le +b+jJMUtR5SssDvhFfF0oSGXEeeUhwdDiWF6nwNgbisoGxlCXgm43Tkz9NI6TpxA/ +gcB/ZlWCyzmZ+ZiupW5+/aU3mltgxLCQ4BEF1zgcVPw76cCQgLgr7MJq34Y74wq6 +a6SddVEgXmHVRW0fINEIT5/HgY38K+v40jNgYEo6EZnEV+/4lEf80qmEtQIDAQAB +MA0GCSqGSIb3DQEBBQUAA4IBAQAtNDXdE3cm7J43Sv8mfsbwShc1InTN/Cd+XM57 +6Ug9QYNcKdYJON8vOzgB9lgcqmfR/aQhYuKfX2lQApSkVFB10lsJGWs5ym4aWi17 +wvluQrONMkh4bBwtKIK0Q/V7OLU3RwmviqbfCWmEswp9GfGIiDUkKLW/iVMc+1PA +JNqQ1mefVs/abNBA2YKGgVGhrLzcqmX50FF39xw+5m2u3TkdHGlpjrc7f9Oo52cr +V7zw5NpcWUAV/7LsXUES6UVHRty7MFktKR2XqYnLd7RM5cOgUbYlMt5pCh111n0E +VGYaWP0/sl8tImJsAKVqqoFK+KhwAAbzveIYPzNHEooKGLmO +-----END CERTIFICATE----- diff --git a/misc/screenly.key b/misc/screenly.key new file mode 100644 index 00000000..de83d9dc --- /dev/null +++ b/misc/screenly.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEA1+ktqasRmKoK3VxagLJRoi+MHANIvLDpkpofkNcc//5Vyxjs +Zu0nCwQje3G9revetaBpcx7f1Tlmh1lxj3MZ6G1btND8HziExCmF9gh2u5Z+0PHM +YDd1OoSO8vSxqBuEMzj3NkmRKjhEzsZiXLGJbKEVt3leb+jJMUtR5SssDvhFfF0o +SGXEeeUhwdDiWF6nwNgbisoGxlCXgm43Tkz9NI6TpxA/gcB/ZlWCyzmZ+ZiupW5+ +/aU3mltgxLCQ4BEF1zgcVPw76cCQgLgr7MJq34Y74wq6a6SddVEgXmHVRW0fINEI +T5/HgY38K+v40jNgYEo6EZnEV+/4lEf80qmEtQIDAQABAoIBAFWXPl7QTf1zCzON +dOMnzWy55JUGSENk7nMLXhAQ9pIUxPXqP2zd/mhDj71T7ZmQs4zUtnjIeHsSci6d +qoLvYgndsEkRv6CwyxDoVQ6fdFIQ6tzxvc82rOYxvmlZz0ORBOs5XebLaxyNidle +k4ejaZMCmJVPK7y5T2iXLzPl1WVpE9eDttl6NTP8PsC/Nqroa5RwnIhyxVUojeN6 +Ri0SJKM7VKVFFHi/IcfslY2ye69VNuFKG465R8pqJupqTXVsTYg34M3O1RuvWA9H +In4kVAY4HVdXLm50VBYsplaxBt+/O5wGb9qDCODvfmYE0jw5mXUUmRMxfUHKgzP8 +JHUK9YECgYEA7mp2xJNZxskM1HkMLkEyETA8RcicrkGxFMATDKQZmQreZg5iuRMz +G2gc+1eElxCG1iEeuVKYx7ilOYQZAvsetvZw5nFW639FZ/auyki9Mxo4lVHFBrXK +t/shn0PIOI+BzJCdn1AzkxM0TH0kNT0rO+uvfsEuiGLyuMtTyG2q8D0CgYEA59XL +6zQ6eWSF+f2fxwc4WUQkUb9YmxcwSo2eCZon3YIEcs2YV5bCaw7AdOeMFcW0paWb +hPDOBLcp5uHTlZ9Sh7+n3ZVK3hZ7wIlp+E+5NFsePSNMqTW5tXH64VyWPxev2gor +fSs5P09Tvb0sqemoRMnq4WQZ4JmqyIe6iUhYddkCgYEAkYejH7LiJhkrH7cT3Fgn +e5557A7ctPGcahIkjp7MkUK1Jo65bEdv9tbCehmd8ahA5gwpeO4WHDN1h3o+2jb3 +NK+Rkti0OePiNee6IffspXjn+R2Equfk6hD9IP57BSt0C65qyIhoMuqSDe6FX4oL +DfR7l1/MS6w6hNp4NevbX/ECgYEAs6zW5esMhpiJ3T3bXv0Rht1w6IpLuac3HhCz +su1uiBYELJV6xCdrdl1weyoZP6aCYv7+kQGwKadrKi1LNmLMK7k1+F2EMKtsLcRS +BMiE2TblMKzy9RFWZHF55r9DEpLhDzNikRe2voJUfHDo9KbKasWy7AwQoil2WwQW +Zd9T78ECgYEAs2KWTs+ULtLIoEXiwHihjsBlMKIEZst4ZGjUBsfyruQa0xVsn5Bv +LEqLTPxp1HFOvjvFTESa2kU6dzSzLH0w0WCm9PmOe7xSeUbiojccxQabPD8knW40 +9AjYB0JsoJsDXEm+UI4XfNUv6pTflqQRdvAfs9VRbmlQebv4qtRvPIs= +-----END RSA PRIVATE KEY----- diff --git a/misc/stunnel.conf b/misc/stunnel.conf new file mode 100644 index 00000000..d17c40a7 --- /dev/null +++ b/misc/stunnel.conf @@ -0,0 +1,7 @@ +cert = /etc/ssl/screenly.crt +key = /etc/ssl/screenly.key +pid = /tmp/stunnel4.pid + +[https] +accept = 443 +connect = 127.0.0.1:8080