updated subst to comment ssl_dhparam if error generating dhparam

2019-01-08 00:43:28 -07:00 · 2019-01-08 00:43:28 -07:00 · 5c8778af29
parent ae5ddd84ff
commit 5c8778af29
2 changed files with 17 additions and 6 deletions
--- a/.vscode/numbered-bookmarks.json
+++ b/.vscode/numbered-bookmarks.json
@ -4,15 +4,15 @@
 			"fsPath": "$ROOTPATH$/setup.sh",
 			"bookmarks": [
 				-1,
-				30,
-				44,
-				701,
+				19,
+				54,
+				744,
 				-1,
 				-1,
 				-1,
 				-1,
-				-1,
-				611
+				657,
+				706
 			]
 		}
 	]
--- a/setup.sh
+++ b/setup.sh
@ -49,6 +49,7 @@ unset phpAddr
 unset phpPort
 unset phpSock
 unset dhsuccess
+unset disableDHParam
 unset copysuccess

 # set variables
@ -63,6 +64,7 @@ useSSL=0
 useCertbot=0
 generateDH=0
 noOSCP=0
+disableDHParam=0

 # set tags and files to update
 tag_servernames="<server name(s)>"
@ -649,7 +651,12 @@ if [ "${generateDH}" -eq 1 ]; then
        DHPath='/etc/ssl/certs/dhparam.pem'
    else
        echo -e "${err}-- error generating dhparam.pem --"
-        echo -e "you should manaully generate this file${norm}"
+        echo -e "you should manually generate this file${norm}"
+        echo -e "\n${warn}The relevant section of the NGINX configuration will be disabled${norm}\n"
+        # set DHPath to default BUT set flag to comment ssl_dhparam in mozModern_ssl.conf
+        DHPath='etc/ssl/certs/dhparam.pem'
+        disableDHParam=1
+
    fi
 fi

@ -696,6 +703,10 @@ if [ "${useSSL}" -eq 1 ]; then
        sed -i 's/^ssl_stapling/#ssl_stapling/g' "${configPath}/${file_mozmodern}"
        sed -i 's/^ssl_trusted/#ssl_trusted/' "${configPath}/${file_mozmodern}"
    fi
+    # comment ssl_dhparam line if error generating dhparam.pem
+    if [ "${disableDHParam}" -eq 1 ]; then
+        sed -i 's/^ssl_dhparam/#ssl_dhparam/' "${configPath}/${file_mozmodern}"
+    fi
 fi

 # process LAN IP in nginx.conf