From 2071e6598cf784d2e02e2c1343e2af4de64170d6 Mon Sep 17 00:00:00 2001 From: Asif Bacchus Date: Sat, 5 Jan 2019 02:40:05 -0700 Subject: [PATCH] added DH preamble and option to generate --- .vscode/numbered-bookmarks.json | 2 +- setup.sh | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.vscode/numbered-bookmarks.json b/.vscode/numbered-bookmarks.json index 5fb2fc5..f97be01 100644 --- a/.vscode/numbered-bookmarks.json +++ b/.vscode/numbered-bookmarks.json @@ -5,7 +5,7 @@ "bookmarks": [ -1, 17, - 38, + 39, -1, -1, -1, diff --git a/setup.sh b/setup.sh index 50dcf30..bcedc9a 100644 --- a/setup.sh +++ b/setup.sh @@ -27,12 +27,13 @@ unset CAChainPath unset DHPath # set variables +regexIP4="(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" +regexHostname="(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])" serverNames_working=() serverNames=() detectedIP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p') -regexIP4="(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" -regexHostname="(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])" certbotFiles=(cert.pem chain.pem fullchain.pem privkey.pem) +generateDH=0 hostname=$(hostname) configPath="./etc.${hostname}" @@ -352,6 +353,11 @@ if [ "${useCertbot}" -eq 0 ]; then fi # dhparam: get location of DH Parameters file +echo -e "\n${mag}Generating your own Diffie-Hellman Parameters file helps make your SSL" +echo "communication more secure by helping create unique safe large-prime numbers" +echo "which are used to encrypt communication. You shouldn't use the any pre-supplied" +echo "dhparams.pem files that came with NGINX or your Linux install. You should generate your own. If you want this script to do that for you, please type" +echo -e "${warn}generate${mag} when at the prompt instead of a path${norm}\n" while true; do read -p "What is the path to your DH Parameters file? (default: /etc/ssl/certs/dhparam.pem) " inputDHPath case "${inputDHPath}" in @@ -386,6 +392,10 @@ while true; do echo -e "\n${cyan}---exiting---\n${norm}" exit 1 ;; + generate) + generateDH=1 + break + ;; *) # validate path if [ -f "${inputDHPath}" ]; then