blob: c4d0025d699e69e40be9a4fccd24c630caed2462 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
|
#!/bin/sh /etc/rc.common
# Copyright (C) 2010 Jo-Philipp Wich
START=50
USE_PROCD=1
UHTTPD_BIN="/usr/sbin/uhttpd"
PX5G_BIN="/usr/sbin/px5g"
OPENSSL_BIN="/usr/bin/openssl"
append_arg() {
local cfg="$1"
local var="$2"
local opt="$3"
local def="$4"
local val
config_get val "$cfg" "$var"
[ -n "$val" -o -n "$def" ] && procd_append_param command "$opt" "${val:-$def}"
}
append_bool() {
local cfg="$1"
local var="$2"
local opt="$3"
local def="$4"
local val
config_get_bool val "$cfg" "$var" "$def"
[ "$val" = 1 ] && procd_append_param command "$opt"
}
generate_keys() {
local cfg="$1"
local key="$2"
local crt="$3"
local days bits country state location organization commonname
config_get days "$cfg" days
config_get bits "$cfg" bits
config_get country "$cfg" country
config_get state "$cfg" state
config_get location "$cfg" location
config_get organization "$cfg" organization
config_get commonname "$cfg" commonname
config_get key_type "$cfg" key_type
config_get ec_curve "$cfg" ec_curve
# Prefer px5g for certificate generation (existence evaluated last)
local GENKEY_CMD=""
local KEY_OPTS="rsa:${bits:-2048}"
local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
[ "$key_type" = "ec" ] && KEY_OPTS="ec -pkeyopt ec_paramgen_curve:${ec_curve:-P-256}"
[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform der -nodes"
[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
[ -n "$GENKEY_CMD" ] && {
$GENKEY_CMD \
-days ${days:-730} -newkey ${KEY_OPTS} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
-subj /C="${country:-ZZ}"/ST="${state:-Somewhere}"/L="${location:-Unknown}"/O="${organization:-OpenWrt$UNIQUEID}"/CN="${commonname:-OpenWrt}"
sync
mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}"
mv "${UHTTPD_CERT}.new" "${UHTTPD_CERT}"
}
}
create_httpauth() {
local cfg="$1"
local prefix username password
config_get prefix "$cfg" prefix
config_get username "$cfg" username
config_get password "$cfg" password
if [ -z "$prefix" ] || [ -z "$username" ] || [ -z "$password" ]; then
return
fi
echo "${prefix}:${username}:${password}" >>$httpdconf
haveauth=1
}
append_lua_prefix() {
local v="$1"
local prefix="${v%%=*}"
local handler="${v#*=}"
if [ "$prefix" != "$handler" ] && [ -n "$prefix" ] && [ -f "$handler" ]; then
procd_append_param command -l "$prefix" -L "$handler"
else
echo "Skipping invalid Lua prefix \"$v\"" >&2
fi
}
append_ucode_prefix() {
local v="$1"
local prefix="${v%%=*}"
local handler="${v#*=}"
if [ "$prefix" != "$handler" ] && [ -n "$prefix" ] && [ -f "$handler" ]; then
procd_append_param command -o "$prefix" -O "$handler"
else
echo "Skipping invalid ucode prefix \"$v\"" >&2
fi
}
start_instance()
{
UHTTPD_CERT=""
UHTTPD_KEY=""
local cfg="$1"
local realm="$(uci_get system.@system[0].hostname)"
local listen http https interpreter indexes path handler httpdconf haveauth
local enabled
config_get_bool enabled "$cfg" 'enabled' 1
[ $enabled -gt 0 ] || return
procd_open_instance
procd_set_param respawn
procd_set_param stderr 1
procd_set_param command "$UHTTPD_BIN" -f
config_get config "$cfg" config
if [ -z "$config" ]; then
mkdir -p /var/etc/uhttpd
httpdconf="/var/etc/uhttpd/httpd.${cfg}.conf"
rm -f ${httpdconf}
config_list_foreach "$cfg" httpauth create_httpauth
if [ "$haveauth" = "1" ]; then
procd_append_param command -c ${httpdconf}
[ -r /etc/httpd.conf ] && cat /etc/httpd.conf >>/var/etc/uhttpd/httpd.${cfg}.conf
fi
fi
append_arg "$cfg" home "-h"
append_arg "$cfg" realm "-r" "${realm:-OpenWrt}"
append_arg "$cfg" config "-c"
append_arg "$cfg" cgi_prefix "-x"
[ -f /usr/lib/uhttpd_lua.so ] && {
local len
config_get len "$cfg" lua_prefix_LENGTH
if [ -n "$len" ]; then
config_list_foreach "$cfg" lua_prefix append_lua_prefix
else
config_get prefix "$cfg" lua_prefix
config_get handler "$cfg" lua_handler
append_lua_prefix "$prefix=$handler"
fi
}
[ -f /usr/lib/uhttpd_ubus.so ] && {
append_arg "$cfg" ubus_prefix "-u"
append_arg "$cfg" ubus_socket "-U"
append_bool "$cfg" ubus_cors "-X" 0
}
[ -f /usr/lib/uhttpd_ucode.so ] && {
config_list_foreach "$cfg" ucode_prefix append_ucode_prefix
}
append_arg "$cfg" script_timeout "-t"
append_arg "$cfg" network_timeout "-T"
append_arg "$cfg" http_keepalive "-k"
append_arg "$cfg" tcp_keepalive "-A"
append_arg "$cfg" error_page "-E"
append_arg "$cfg" max_requests "-n" 3
append_arg "$cfg" max_connections "-N"
append_bool "$cfg" no_ubusauth "-a" 0
append_bool "$cfg" no_symlinks "-S" 0
append_bool "$cfg" no_dirlists "-D" 0
append_bool "$cfg" rfc1918_filter "-R" 0
config_get alias_list "$cfg" alias
for alias in $alias_list; do
procd_append_param command -y "$alias"
done
config_get http "$cfg" listen_http
for listen in $http; do
procd_append_param command -p "$listen"
done
config_get interpreter "$cfg" interpreter
for path in $interpreter; do
procd_append_param command -i "$path"
done
config_get indexes "$cfg" index_page
for path in $indexes; do
procd_append_param command -I "$path"
done
config_get https "$cfg" listen_https
config_get UHTTPD_KEY "$cfg" key /etc/uhttpd.key
config_get UHTTPD_CERT "$cfg" cert /etc/uhttpd.crt
[ -f /lib/libustream-ssl.so ] && [ -n "$https" ] && {
[ -s "$UHTTPD_CERT" -a -s "$UHTTPD_KEY" ] || {
config_foreach generate_keys cert
}
[ -f "$UHTTPD_CERT" -a -f "$UHTTPD_KEY" ] && {
append_arg "$cfg" cert "-C"
append_arg "$cfg" key "-K"
for listen in $https; do
procd_append_param command -s "$listen"
done
}
append_bool "$cfg" redirect_https "-q" 0
}
config_get json_script "$cfg" json_script
for file in $json_script; do
[ -s "$file" ] && procd_append_param command -H "$file"
done
procd_close_instance
}
uhttpd_interfaces()
{
local cfg="$1"
local http https listen ips
config_get http "$cfg" listen_http
config_get https "$cfg" listen_https
for listen in $http $https; do
case "$listen" in
"" |\
"0.0.0.0:"* |\
"[::]:"* )
continue
;;
*.*.*.*:*)
ips="$ips ${listen%%:*}
"
;;
\[*\]:* )
listen="${listen:1}"
ips="$ips ${listen%%]:*}
"
;;
esac
done
ips="$( echo "$ips" | sort -u )"
echo "$ips"
}
resolve_iface()
{
local cfg="$1"
local ipaddr ipaddrs testip="$2"
config_get ipaddrs "$cfg" ipaddr
for ipaddr in $ipaddrs; do
[ "$ipaddr" = "$testip" ] && echo "$cfg"
done
}
get_interface_by_ip()
{
config_load network
config_foreach resolve_iface interface "$@"
}
service_triggers()
{
local iface ifaces all=0
procd_add_reload_trigger "uhttpd"
procd_add_raw_trigger acme.renew 5000 /etc/init.d/uhttpd reload
config_load uhttpd
ips="$(config_foreach uhttpd_interfaces uhttpd)"
[ -z "$ips" ] && return 0
for ip in $ips; do
iface="$(get_interface_by_ip $ip)"
[ -z "$iface" ] && all=1
ifaces="$ifaces $iface"
done
if [ "$all" = "1" ]; then
procd_add_raw_trigger "interface.*.up" 1000 /etc/init.d/uhttpd start
else
for iface in $ifaces; do
procd_add_raw_trigger "interface.$iface.up" 1000 /etc/init.d/uhttpd start
done
fi
}
start_service() {
config_load uhttpd
config_foreach start_instance uhttpd
}
|