From 9fba7b193591cfc6ca8597f779ba2a015055f920 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roni=20V=C3=A4yrynen?= Date: Tue, 26 Apr 2022 08:56:05 +0300 Subject: [PATCH] feat: add possibility to use custom CA with XO --- sample.xo-install.cfg | 5 +++++ xo-install.sh | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/sample.xo-install.cfg b/sample.xo-install.cfg index 7249bbe..2fa5399 100644 --- a/sample.xo-install.cfg +++ b/sample.xo-install.cfg @@ -75,6 +75,11 @@ PRESERVE="3" #PATH_TO_HTTPS_CERT=$INSTALLDIR/xo.crt #PATH_TO_HTTPS_KEY=$INSTALLDIR/xo.key +# location of CA certificate file. +# define this if your host certificate is issued by a custom CA and you want XO to trust itself. +# file can contain multiple certificates +#PATH_TO_HOST_CA= + # If set to true together with cert/key paths, defined pem key/certificate will be created if neither exists. # options: true/false #AUTOCERT="false" diff --git a/xo-install.sh b/xo-install.sh index 74cff9d..64111f5 100755 --- a/xo-install.sh +++ b/xo-install.sh @@ -39,6 +39,7 @@ OS_CHECK="${OS_CHECK:-"true"}" ARCH_CHECK="${ARCH_CHECK:-"true"}" PATH_TO_HTTPS_CERT="${PATH_TO_HTTPS_CERT:-""}" PATH_TO_HTTPS_KEY="${PATH_TO_HTTPS_KEY:-""}" +PATH_TO_HOST_CA="${PATH_TO_HOST_CA:-""}" AUTOCERT="${AUTOCERT:-"false"}" USESUDO="${USESUDO:-"false"}" GENSUDO="${GENSUDO:-"false"}" @@ -720,6 +721,10 @@ function InstallXO { printinfo "Adding WorkingDirectory parameter to systemd service configuration file" # shellcheck disable=SC1117 runcmd "sed -i \"/ExecStart=.*/a WorkingDirectory=$INSTALLDIR/xo-server\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/xo-server.service" + if [[ -n "$PATH_TO_HOST_CA" ]]; then + printinfo "Adding custom CA environment variable to systemd service configuration file" + runcmd "sed -i \"/Environment=.*/a Environment=NODE_EXTRA_CA_CERTS=$PATH_TO_HOST_CA\" $INSTALLDIR/xo-builds/xen-orchestra-$TIME/packages/xo-server/xo-server.service" + fi # if service not running as root, we need to deal with the fact that port binding might not be allowed if [[ "$XOUSER" != "root" ]]; then