Update rewrite ruls to handled encrypted and signed files
Add certutils from usecallmanager.nz Add etc/certs directory
This commit is contained in:
Diederik de Groot
7
etc/certs/encrypt
Executable file
7
etc/certs/encrypt
Executable file
@@ -0,0 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ $# -gt 0 ]; then
|
||||
# Encrypt SEPMAC.cnf.xml
|
||||
openssl enc -aes-256-cbc -salt -in ../../tftpboot/settings/${1} -out ../../tftpboot/settings/${1}.enc -k tftp.pem
|
||||
../../tools/certutils/sgnfile -b ../../tftpboot/settings/${1}.enc -c tftp.pem
|
||||
fi
|
||||
17
etc/certs/gencerts
Executable file
17
etc/certs/gencerts
Executable file
@@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
[ -f CA.pem ] && rm *.pem
|
||||
# Create a CA certificate valid for 20 years. This will function as the SAST (System Administrator Security Token) certificate.
|
||||
../../tools/certutils/gencert -n -C "Certificate Authority" -b 2048 -y 20 -o CA.pem
|
||||
# Create a certificate for Asterisk signed by the CA for 1 year. This will function as the CCM certificate.
|
||||
../../tools/certutils/gencert -c CA.pem -C Asterisk -b 2048 -y 1 -o asterisk.pem
|
||||
# Create a certificate for TFTP signed by the CA for 1 year. This will function as the TFTP certificate.
|
||||
../../tools/certutils/gencert -c CA.pem -C Asterisk -b 2048 -y 1 -o tftp.pem
|
||||
# Create a certificate for webserver signed by the CA for 1 year (optional). This will function as an HTTPS certificate.
|
||||
../../tools/certutils/gencert -c CA.pem -C WebServer -b 2048 -y 1 -o webserver.pem
|
||||
# Create a certificate for VPN signed by the CA for 1 year (optional).
|
||||
../../tools/certutils/gencert -c CA.pem -C VPN -b 2048 -y 1 -o vpn.pem
|
||||
# Create a certificate for CAPF signed by the CA for 1 year (optional).
|
||||
../../tools/certutils/gencert -c CA.pem -C CAPF -b 2048 -y 1 -o capf.pem
|
||||
# Create a certificate for TVS signed by the CA for 1 year (optional).
|
||||
../../tools/certutils/gencert -c CA.pem -C TVS -b 2048 -y 1 -o tvs.pem
|
||||
|
||||
16
etc/certs/gentlv
Executable file
16
etc/certs/gentlv
Executable file
@@ -0,0 +1,16 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ $# == 0 ]; then
|
||||
# Create ITLFile.tlv in the tftpboot provisioning directory, the certificate used to sign the .tlv file is automatically included as providing the SAST function.
|
||||
../../tools/certutils/tlvfile -b ../../tftpboot/settings/ITLFile.tlv -c CA.pem -r asterisk.pem -f ccm -r capf.pem -f capf -r tvs.pem -f tvs -r tftp.pem -f tftp -r webserver.pem -f https
|
||||
|
||||
else
|
||||
# Optionally, the default ITLFile.tlv can be overridden using a file name based on the MAC address of the phone, eg: ITLSEP58971ECC97C1.tlv.
|
||||
../../tools/certutils/tlvfile -b ../../tftpboot/settings/ITL${1}.tlv -c CA.pem -r asterisk.pem -f ccm -r capf.pem -f capf -r tvs.pem -f tvs -r tftp.pem -f tftp -r webserver.pem -f https -F ITLFile.tlv
|
||||
|
||||
# Optionally, additional certificates can be included using a file name based on the MAC address of the phone, eg: CTLSEP58971ECC97C1.tlv.
|
||||
# Example for the VPN certificate
|
||||
../../tools/certutils/tlvfile -b ../../tftpboot/settings/CTL${1}.tlv -c CA.pem -r vpn.pem -f https -F CTLFile.tlv
|
||||
|
||||
# Enable SIP-TLS mode by setting <transportLayerProtocol> to 3 and setting <deviceSecurityMode> to either 2 (Authenticated) or 3 (Encrypted) in SEPMAC.cnf.xml. Optionally, any XML services can be configured to use HTTPS.
|
||||
fi
|
||||
6
etc/certs/signfile
Executable file
6
etc/certs/signfile
Executable file
@@ -0,0 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ $# -gt 0 ]; then
|
||||
# Sign SEPMAC.cnf.xml
|
||||
../../tools/certutils/sgnfile -b ../../tftpboot/settings/$1 -c tftp.pem
|
||||
fi
|
||||
@@ -16,21 +16,21 @@ server {
|
||||
|
||||
location / {
|
||||
# settings
|
||||
rewrite ^/((.*)(\.cnf\.xml|\.tlv))$ /settings/$1 last;
|
||||
rewrite ^/((.*)(\.cnf\.xml|\.tlv)(\.enc)?(\.sgn)?)$ /settings/$1 last;
|
||||
|
||||
# firmware
|
||||
rewrite ^/((.*).(bin|bin.|loads|LOADS|sbn|SBN|sb2|sbin|zz|zup)(|\.sgn))$ /firmware/$1 last;
|
||||
rewrite ^/((.*).(bin|bin.|loads|LOADS|sbn|SBN|sb2|sbin|zz|zup)(\.sgn)?)$ /firmware/$1 last;
|
||||
|
||||
# locales
|
||||
rewrite ^/(.*)/((.*)-tones\.xml)$ /locales/countries/$1/$2 last;
|
||||
rewrite ^/(.*)/((.*)(-dictionary\.xml|\.jar))$ /locales/languages/$1/$2 last;
|
||||
rewrite ^/(.*)/((.*)-tones\.xml(\.sgn)?)$ /locales/countries/$1/$2 last;
|
||||
rewrite ^/(.*)/((.*)(-dictionary\.xml|\.jar)(\.sgn)?)$ /locales/languages/$1/$2 last;
|
||||
|
||||
# ringtones
|
||||
rewrite ^/([D|d]istinctive)?([R|r]ing[L|l]ist)\.(xml|XML)(\.sgn)?$ /ringtones/ringlist.xml last;
|
||||
#rewrite ^/((.*)(\.raw|\.pcm)(|\.sgn))$ /ringtones/$1 last;
|
||||
#rewrite ^/((.*)(\.raw|\.pcm)(\.sgn))?$ /ringtones/$1 last;
|
||||
|
||||
# wallpapers
|
||||
rewrite ^/Desktops/(.*)/(.*)$ /wallpapers/$1/$2 last;
|
||||
rewrite ^/Desktops/(.*)/((.*)(\.sgn)?)$ /wallpapers/$1/$2 last;
|
||||
try_files $uri $uri/ =404;
|
||||
autoindex off;
|
||||
}
|
||||
@@ -78,14 +78,14 @@ server {
|
||||
rewrite ^/firmware/(CP7905080003SCCP070409A.zup)$ /firmware/7905/$1 last;
|
||||
|
||||
# 7906_7911 firmware (java-based)
|
||||
rewrite ^/firmware/(apps11.+\.sbn)$ /firmware/7906/$1 last;
|
||||
rewrite ^/firmware/(cnu11.+\.sbn)$ /firmware/7906/$1 last;
|
||||
rewrite ^/firmware/(cvm11sccp.+\.sbn)$ /firmware/7906/$1 last;
|
||||
rewrite ^/firmware/(dsp11.+\.sbn)$ /firmware/7906/$1 last;
|
||||
rewrite ^/firmware/(jar11sccp.+\.sbn)$ /firmware/7906/$1 last;
|
||||
rewrite ^/firmware/(SCCP11.+\.loads)$ /firmware/7906/$1 last;
|
||||
rewrite ^/firmware/(term06.+\.loads)$ /firmware/7906/$1 last;
|
||||
rewrite ^/firmware/(term11.+\.loads)$ /firmware/7906/$1 last;
|
||||
rewrite ^/firmware/(apps11.+\.sbn)$ /firmware/7906_7911/$1 last;
|
||||
rewrite ^/firmware/(cnu11.+\.sbn)$ /firmware/7906_7911/$1 last;
|
||||
rewrite ^/firmware/(cvm11sccp.+\.sbn)$ /firmware/7906_7911/$1 last;
|
||||
rewrite ^/firmware/(dsp11.+\.sbn)$ /firmware/7906_7911/$1 last;
|
||||
rewrite ^/firmware/(jar11sccp.+\.sbn)$ /firmware/7906_7911/$1 last;
|
||||
rewrite ^/firmware/(SCCP11.+\.loads)$ /firmware/7906_7911/$1 last;
|
||||
rewrite ^/firmware/(term06.+\.loads)$ /firmware/7906_7911/$1 last;
|
||||
rewrite ^/firmware/(term11.+\.loads)$ /firmware/7906_7911/$1 last;
|
||||
|
||||
# 7910 firmware (ancient)
|
||||
rewrite ^/firmware/(P00405000700.bin)$ /firmware/7910/$1 last;
|
||||
@@ -104,13 +104,13 @@ server {
|
||||
rewrite ^/firmware/(cmterm_7920.4.0-03-02.bin)$ /firmware/7920/$1 last;
|
||||
|
||||
# 7921_7925 firmware (ancient)
|
||||
rewrite ^/firmware/(APPS-1.4.3.4.SBN)$ /firmware/7921/$1 last;
|
||||
rewrite ^/firmware/(CP7921G-1.4.3.4.LOADS)$ /firmware/7921/$1 last;
|
||||
rewrite ^/firmware/(GUI-1.4.3.4.SBN)$ /firmware/7921/$1 last;
|
||||
rewrite ^/firmware/(SYS-1.4.3.4.SBN)$ /firmware/7921/$1 last;
|
||||
rewrite ^/firmware/(TNUX-1.4.3.4.SBN)$ /firmware/7921/$1 last;
|
||||
rewrite ^/firmware/(TNUXR-1.4.3.4.SBN)$ /firmware/7921/$1 last;
|
||||
rewrite ^/firmware/(WLAN-1.4.3.4.SBN)$ /firmware/7921/$1 last;
|
||||
rewrite ^/firmware/(APPS-1.4.3.4.SBN)$ /firmware/7921_7925/$1 last;
|
||||
rewrite ^/firmware/(CP7921G-1.4.3.4.LOADS)$ /firmware/7921_7925/$1 last;
|
||||
rewrite ^/firmware/(GUI-1.4.3.4.SBN)$ /firmware/7921_7925/$1 last;
|
||||
rewrite ^/firmware/(SYS-1.4.3.4.SBN)$ /firmware/7921_7925/$1 last;
|
||||
rewrite ^/firmware/(TNUX-1.4.3.4.SBN)$ /firmware/7921_7925/$1 last;
|
||||
rewrite ^/firmware/(TNUXR-1.4.3.4.SBN)$ /firmware/7921_7925/$1 last;
|
||||
rewrite ^/firmware/(WLAN-1.4.3.4.SBN)$ /firmware/7921_7925/$1 last;
|
||||
|
||||
# 7926 firmware (ancient)
|
||||
rewrite ^/firmware/(APPSS-1.4.1SR1.SBN)$ /firmware/7926/$1 last;
|
||||
@@ -143,50 +143,50 @@ server {
|
||||
rewrite ^/firmware/(apps37sccp.1-4-5-7.bin)$ /firmware/7937/$1 last;
|
||||
|
||||
# 7940_7960 firmware (ancient)
|
||||
rewrite ^/firmware/(P0030801SR01.bin)$ /firmware/7940/$1 last;
|
||||
rewrite ^/firmware/(P0030801SR01.loads)$ /firmware/7940/$1 last;
|
||||
rewrite ^/firmware/(P0030801SR01.sb2)$ /firmware/7940/$1 last;
|
||||
rewrite ^/firmware/(P0030801SR01.sbn)$ /firmware/7940/$1 last;
|
||||
rewrite ^/firmware/(P0030801SR01.bin)$ /firmware/7940_7960/$1 last;
|
||||
rewrite ^/firmware/(P0030801SR01.loads)$ /firmware/7940_7960/$1 last;
|
||||
rewrite ^/firmware/(P0030801SR01.sb2)$ /firmware/7940_7960/$1 last;
|
||||
rewrite ^/firmware/(P0030801SR01.sbn)$ /firmware/7940_7960/$1 last;
|
||||
|
||||
# 7941_7961 firmware (java-based)
|
||||
rewrite ^/firmware/(apps41.+\.sbn)$ /firmware/7941/$1 last;
|
||||
rewrite ^/firmware/(cnu41.+\.sbn)$ /firmware/7941/$1 last;
|
||||
rewrite ^/firmware/(cvm41sccp.+\.sbn)$ /firmware/7941/$1 last;
|
||||
rewrite ^/firmware/(dsp41.+\.sbn)$ /firmware/7941/$1 last;
|
||||
rewrite ^/firmware/(jar41sccp.+\.sbn)$ /firmware/7941/$1 last;
|
||||
rewrite ^/firmware/(SCCP41.+\.loads)$ /firmware/7941/$1 last;
|
||||
rewrite ^/firmware/(term41.+\.loads)$ /firmware/7941/$1 last;
|
||||
rewrite ^/firmware/(term61.+\.loads)$ /firmware/7941/$1 last;
|
||||
rewrite ^/firmware/(apps41.+\.sbn)$ /firmware/7941_7961/$1 last;
|
||||
rewrite ^/firmware/(cnu41.+\.sbn)$ /firmware/7941_7961/$1 last;
|
||||
rewrite ^/firmware/(cvm41sccp.+\.sbn)$ /firmware/7941_7961/$1 last;
|
||||
rewrite ^/firmware/(dsp41.+\.sbn)$ /firmware/7941_7961/$1 last;
|
||||
rewrite ^/firmware/(jar41sccp.+\.sbn)$ /firmware/7941_7961/$1 last;
|
||||
rewrite ^/firmware/(SCCP41.+\.loads)$ /firmware/7941_7961/$1 last;
|
||||
rewrite ^/firmware/(term41.+\.loads)$ /firmware/7941_7961/$1 last;
|
||||
rewrite ^/firmware/(term61.+\.loads)$ /firmware/7941_7961/$1 last;
|
||||
|
||||
# 7942_7962 firmware (java-based)
|
||||
rewrite ^/firmware/(apps42.+\.sbn)$ /firmware/7942/$1 last;
|
||||
rewrite ^/firmware/(cnu42.+\.sbn)$ /firmware/7942/$1 last;
|
||||
rewrite ^/firmware/(cvm42sccp.+\.sbn)$ /firmware/7942/$1 last;
|
||||
rewrite ^/firmware/(dsp42.+\.sbn)$ /firmware/7942/$1 last;
|
||||
rewrite ^/firmware/(jar42sccp.+\.sbn)$ /firmware/7942/$1 last;
|
||||
rewrite ^/firmware/(SCCP42.+\.loads)$ /firmware/7942/$1 last;
|
||||
rewrite ^/firmware/(term42.+\.loads)$ /firmware/7942/$1 last;
|
||||
rewrite ^/firmware/(term62.+\.loads)$ /firmware/7942/$1 last;
|
||||
rewrite ^/firmware/(apps42.+\.sbn)$ /firmware/7942_7962/$1 last;
|
||||
rewrite ^/firmware/(cnu42.+\.sbn)$ /firmware/7942_7962/$1 last;
|
||||
rewrite ^/firmware/(cvm42sccp.+\.sbn)$ /firmware/7942_7962/$1 last;
|
||||
rewrite ^/firmware/(dsp42.+\.sbn)$ /firmware/7942_7962/$1 last;
|
||||
rewrite ^/firmware/(jar42sccp.+\.sbn)$ /firmware/7942_7962/$1 last;
|
||||
rewrite ^/firmware/(SCCP42.+\.loads)$ /firmware/7942_7962/$1 last;
|
||||
rewrite ^/firmware/(term42.+\.loads)$ /firmware/7942_7962/$1 last;
|
||||
rewrite ^/firmware/(term62.+\.loads)$ /firmware/7942_7962/$1 last;
|
||||
|
||||
# 7945_7965 firmware (java-based)
|
||||
rewrite ^/firmware/(apps45.+\.sbn)$ /firmware/7945/$1 last;
|
||||
rewrite ^/firmware/(cnu45.+\.sbn)$ /firmware/7945/$1 last;
|
||||
rewrite ^/firmware/(cvm45sccp.+\.sbn)$ /firmware/7945/$1 last;
|
||||
rewrite ^/firmware/(dsp45.+\.sbn)$ /firmware/7945/$1 last;
|
||||
rewrite ^/firmware/(jar45sccp.+\.sbn)$ /firmware/7945/$1 last;
|
||||
rewrite ^/firmware/(SCCP45.+\.loads)$ /firmware/7945/$1 last;
|
||||
rewrite ^/firmware/(term45.+\.loads)$ /firmware/7945/$1 last;
|
||||
rewrite ^/firmware/(term65.+\.loads)$ /firmware/7945/$1 last;
|
||||
rewrite ^/firmware/(apps45.+\.sbn)$ /firmware/7945_7965/$1 last;
|
||||
rewrite ^/firmware/(cnu45.+\.sbn)$ /firmware/7945_7965/$1 last;
|
||||
rewrite ^/firmware/(cvm45sccp.+\.sbn)$ /firmware/7945_7965/$1 last;
|
||||
rewrite ^/firmware/(dsp45.+\.sbn)$ /firmware/7945_7965/$1 last;
|
||||
rewrite ^/firmware/(jar45sccp.+\.sbn)$ /firmware/7945_7965/$1 last;
|
||||
rewrite ^/firmware/(SCCP45.+\.loads)$ /firmware/7945_7965/$1 last;
|
||||
rewrite ^/firmware/(term45.+\.loads)$ /firmware/7945_7965/$1 last;
|
||||
rewrite ^/firmware/(term65.+\.loads)$ /firmware/7945_7965/$1 last;
|
||||
|
||||
# 7970_7971 firmware (java-based)
|
||||
rewrite ^/firmware/(apps70.+\.sbn)$ /firmware/7970/$1 last;
|
||||
rewrite ^/firmware/(cnu70.+\.sbn)$ /firmware/7970/$1 last;
|
||||
rewrite ^/firmware/(cvm70sccp.+\.sbn)$ /firmware/7970/$1 last;
|
||||
rewrite ^/firmware/(dsp70.+\.sbn)$ /firmware/7970/$1 last;
|
||||
rewrite ^/firmware/(jar70sccp.+\.sbn)$ /firmware/7970/$1 last;
|
||||
rewrite ^/firmware/(SCCP70.+\.loads)$ /firmware/7970/$1 last;
|
||||
rewrite ^/firmware/(term70.+\.loads)$ /firmware/7970/$1 last;
|
||||
rewrite ^/firmware/(term71.+\.loads)$ /firmware/7970/$1 last;
|
||||
rewrite ^/firmware/(apps70.+\.sbn)$ /firmware/7970_7971/$1 last;
|
||||
rewrite ^/firmware/(cnu70.+\.sbn)$ /firmware/7970_7971/$1 last;
|
||||
rewrite ^/firmware/(cvm70sccp.+\.sbn)$ /firmware/7970_7971/$1 last;
|
||||
rewrite ^/firmware/(dsp70.+\.sbn)$ /firmware/7970_7971/$1 last;
|
||||
rewrite ^/firmware/(jar70sccp.+\.sbn)$ /firmware/7970_7971/$1 last;
|
||||
rewrite ^/firmware/(SCCP70.+\.loads)$ /firmware/7970_7971/$1 last;
|
||||
rewrite ^/firmware/(term70.+\.loads)$ /firmware/7970_7971/$1 last;
|
||||
rewrite ^/firmware/(term71.+\.loads)$ /firmware/7970_7971/$1 last;
|
||||
|
||||
# 7975 firmware (java-based)
|
||||
rewrite ^/firmware/(apps75.+\.sbn)$ /firmware/7975/$1 last;
|
||||
@@ -205,9 +205,15 @@ server {
|
||||
rewrite ^/firmware/(SCCP894x.+\.sgn)$ /firmware/894x/$1 last;
|
||||
rewrite ^/firmware/(SCCP894x.+\.loads)$ /firmware/894x/$1 last;
|
||||
|
||||
# ata186 / ata188 firmware (ancient)
|
||||
# ata186 firmware (ancient)
|
||||
rewrite ^/firmware/(ATA030204SCCP090202A.zup)$ /firmware/ata186/$1 last;
|
||||
|
||||
# ata188 firmware (ancient)
|
||||
rewrite ^/firmware/(ATA030204SCCP090202A.zup)$ /firmware/ata188/$1 last;
|
||||
|
||||
# SPA50x
|
||||
rewrite ^/firmware/(SPA504G-762.BIN)$ /firmware/spa50x/$1 last;
|
||||
|
||||
try_files $uri $uri/ =404;
|
||||
autoindex off;
|
||||
}
|
||||
|
||||
@@ -166,18 +166,20 @@ ri ^(ATA030204SCCP090202A.zup)$ firmware/ata186/\1
|
||||
# Sub-Directory Handling
|
||||
|
||||
# settings
|
||||
ri ^(.+\.cnf.xml)$ settings/\1
|
||||
ri ^\/(.+\-cnf.xml)$ settings/\1
|
||||
ri ^\/(SPA504G-cfg.xml)$ settings/\1
|
||||
ri ^(.+\.tlv)?$ settings/\1
|
||||
ri ^\/(.+\.tlv)?$ settings/\1
|
||||
ri ^((.+\.cnf.xml)(\.enc)?(\.sgn)?)$ settings/\1
|
||||
ri ^\/((.+\-cnf.xml)(\.enc)?(\.sgn)?)$ settings/\1
|
||||
ri ^\/((SPA504G-cfg.xml)(\.enc)?(\.sgn)?)$ settings/\1
|
||||
|
||||
# Keep firmware in a separate directory (optional)
|
||||
#ri ^(.+\.loads)$ firmware/\1
|
||||
#ri ^(.+\.sbn)$ firmware/\1
|
||||
|
||||
# Keep locales in a separate directory (optional)
|
||||
ri ^(.+)/(.+-sccp.jar)$ locales/languages/\1/\2
|
||||
ri ^(.+)/(.+-dictionary.xml)$ locales/languages/\1/\2
|
||||
ri ^(.+)/(.+-tones.xml)$ locales/countries/\1/\2
|
||||
ri ^(.+)\/(.+-sccp.jar)$ locales/languages/\1/\2
|
||||
ri ^(.+)\/(.+-dictionary.xml)$ locales/languages/\1/\2
|
||||
ri ^(.+)\/(.+-tones.xml)$ locales/countries/\1/\2
|
||||
|
||||
# Keep ring-tones in a separate directory (optional)
|
||||
ri ^([R|r]ing[L|l]ist)(\.xml|-wb\.xml)(\.sgn)?$ ringtones/ringlist.xml
|
||||
@@ -188,6 +190,8 @@ ri ^(.+)(\.raw|\.rwb)(\.sgn)?$ ringtones/\1\2\3
|
||||
ri ^Desktops/(.+)/(List\.xml)(\.sgn)?$ wallpapers/\1/\2\3
|
||||
ri ^Desktops/(.+)/(.+\.png)(\.sgn)?$ wallpapers/\1/\2\3
|
||||
|
||||
ri ^authorized_keys$ settings/authorized_keys
|
||||
|
||||
#
|
||||
# Generic Rules
|
||||
#
|
||||
|
||||
Reference in New Issue
Block a user