Skip to content

Commit

Permalink
include nginx and self-signed ssh certificate creation to get raspber…
Browse files Browse the repository at this point in the history
…rypi setup working with ZSeries which requires http+ssl (#25)
  • Loading branch information
tmack8001 authored Jun 25, 2020
1 parent cc9b643 commit 9ea2dc4
Show file tree
Hide file tree
Showing 3 changed files with 76 additions and 4 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ Python >= 3.6.9
#### Setup/Run
Clone this repo, then run
`sudo pip3 install -r requirements.txt` on *nix or `pip3 install -r requirements.txt` as an Administrator in windows
`sudo python3 server.py` on *nix or `python3 server.py` as an Administrator in windows
`sudo python3 server.py` on *nix or `python3 server.py` as an Administrator in windows (default host interface is `0.0.0.0` and port `80`, but these can be specified via command-line arguments like so `python3 server.py <interface> <port>`)

## Manual Recipe Editing
The table for adding/removing/editing recipe steps has several validation checks in it, but there is always the possiblity of ruining your Pico.
Expand Down
63 changes: 61 additions & 2 deletions scripts/pi/firstboot.sh
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ apt -y update
#apt -y upgrade
apt -y --autoremove purge ifupdown dhcpcd5 isc-dhcp-client isc-dhcp-common rsyslog avahi-daemon
apt-mark hold ifupdown dhcpcd5 isc-dhcp-client isc-dhcp-common rsyslog raspberrypi-net-mods openresolv avahi-daemon libnss-mdns
apt -y install libnss-resolve hostapd dnsmasq samba git python3 python3-pip
apt -y install libnss-resolve hostapd dnsmasq samba git python3 python3-pip nginx openssh-server

# Install Picobrew server
cd /
Expand Down Expand Up @@ -181,15 +181,74 @@ sed -i 's/.*IGNORE_RESOLVCONF.*/IGNORE_RESOLVCONF=yes/g' /etc/default/dnsmasq
# Setup dnsmasq
cat >> /etc/dnsmasq.conf <<EOF
address=/picobrew.com/${AP_IP}
address=/www.picobrew.com/${AP_IP}
server=8.8.8.8
server=8.8.4.4
EOF

# Add picobrew to /etc/hosts
cat >> /etc/hosts <<EOF
${AP_IP} picobrew.com
${AP_IP} www.picobrew.com
EOF

# Generate self-signed SSL certs
mkdir /certs
cat > /certs/req.cnf <<EOF
[v3_req]
keyUsage = critical, digitalSignature, keyAgreement
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = picobrew.com
DNS.2 = www.picobrew.com
EOF

openssl req -x509 -sha256 -newkey rsa:2048 -nodes -keyout /certs/domain.key -days 1825 -out /certs/domain.crt -subj "/CN=chiefwigms_Picobrew_Pico CA"

openssl req -newkey rsa:2048 -nodes -subj "/CN=picobrew.com" \
-keyout /certs/server.key -out /certs/server.csr

openssl x509 \
-CA /certs/domain.crt -CAkey /certs/domain.key -CAcreateserial \
-in /certs/server.csr \
-req -days 1825 -out /certs/server.crt -extfile /certs/req.cnf -extensions v3_req

cat /certs/server.crt /certs/domain.crt > /certs/bundle.crt

# Setup nginx for http and https
cat > /etc/nginx/sites-available/picobrew.com.conf <<EOF
server {
listen 80;
server_name picobrew.com;
location / {
proxy_set_header Host \$http_host;
proxy_pass http://localhost:8080;
}
}
server {
listen 443 ssl;
server_name picobrew.com;
ssl_certificate /certs/bundle.crt;
ssl_certificate_key /certs/server.key;
access_log /var/log/nginx/picobrew.access.log;
error_log /var/log/nginx/picobrew.error.log;
location / {
proxy_set_header Host \$http_host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_pass http://localhost:8080;
}
}
EOF
ln -s /etc/nginx/sites-available/picobrew.com.conf /etc/nginx/sites-enabled/picobrew.com.conf
systemctl stop nginx
systemctl start nginx

# Setup Samba
cat > /etc/samba/smb.conf <<EOF
[global]
Expand Down Expand Up @@ -240,7 +299,7 @@ then
git pull
pip3 install -r requirements.txt
echo 'Starting Picobrew Server...'
python3 server.py &
python3 server.py 0.0.0.0 8080 &
fi
exit 0
Expand Down
15 changes: 14 additions & 1 deletion server.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,19 @@
from app import create_app, socketio
import sys

# defaults
PORT=80
HOST='0.0.0.0'

if len(sys.argv) != 1 and len(sys.argv) != 3:
print("Usage: python {} OR python {} <HostName> <PortNumber>".format(sys.argv[0], sys.argv[0]))
sys.exit()

if len(sys.argv) == 3:
HOST=sys.argv[1]
PORT=sys.argv[2]

app = create_app(debug=True)

if __name__ == '__main__':
socketio.run(app, host='0.0.0.0', port=80)
socketio.run(app, host=HOST, port=PORT)

0 comments on commit 9ea2dc4

Please sign in to comment.