Autres
/
RaspAP
mirror of https://github.com/billz/raspap-webgui.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Merge branch 'master' into feature/notracking

pull/543/head
Bill Zimmerman 4 years ago
committed by GitHub
parent
ff14e64bf9 26dc8d92da
commit
8fd1677974
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 497 additions and 337 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 17
      README.md
  2. 6
      config/config.php
  3. 4
      includes/defaults.php
  4. 2
      index.php
  5. 506
      installers/common.sh
  6. 41
      installers/configauth.sh
  7. 102
      installers/mkcert.sh
  8. 10
      installers/raspap.service
  9. 40
      installers/raspap.sudoers
  10. 24
      installers/raspapd.service
  11. 36
      installers/raspbian.sh
  12. 46
      installers/servicestart.sh

17
README.md
View File

@ -1,5 +1,5 @@
![](https://i.imgur.com/xeKD93p.png)
[![Release 2.3](https://img.shields.io/badge/Release-2.3-green.svg)](https://github.com/billz/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/billz/raspap-webgui/](https://img.shields.io/travis/com/billz/raspap-webgui/master) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
[![Release 2.3.1](https://img.shields.io/badge/Release-2.3.1-green.svg)](https://github.com/billz/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/billz/raspap-webgui/](https://img.shields.io/travis/com/billz/raspap-webgui/master) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
RaspAP lets you quickly get a WiFi access point up and running to share the internet connectivity of a Raspberry Pi. Our famous [Quick installer](#quick-installer) creates a known-good default configuration that "just works" on all current Raspberry Pis with onboard wireless. A handsome responsive interface gives you control over the relevant services and networking options. OpenVPN client support, SSL, security audits, themes and multilingual options round out the package.
@ -21,6 +21,7 @@ We hope you enjoy using RaspAP as much as we do creating it. Tell us how you use
- [Support us](#support-us)
- [Manual installation](#manual-installation)
- [802.11ac 5GHz support](#80211ac-5ghz-support)
- [Supported operating systems](#supported-operating-systems)
- [Multilingual support](#multilingual-support)
- [HTTPS support](#https-support)
- [OpenVPN support](#openvpn-support)
@ -86,6 +87,20 @@ Detailed manual setup instructions are provided [on our wiki](https://github.com
## 802.11ac 5GHz support
RaspAP provides an 802.11ac wireless mode option for supported hardware (currently the RPi 3B+/4) and wireless regulatory domains. See [this FAQ](https://github.com/billz/raspap-webgui/wiki/FAQs#80211ac) for more information.
## Supported operating systems
RaspAP was originally made for Raspbian, but now also installs on the following Debian-based distros.
| Distribution | Release | Architecture | Support |
|---|:---:|:---:|:---:|
| Raspbian | Buster | ARM | Official |
| Armbian | Buster | [ARM](https://docs.armbian.com/#supported-chips) | Official |
| Debian | Buster | ARM / x86_64 | Beta |
| Ubuntu | 18.04 LTS / 19.10 | ARM / x86_64 | Beta |
![](https://i.imgur.com/luiyYNw.png)
We find Armbian particularly well-suited for this project. Please note that "supported" is not a guarantee. If you are able to improve support for your preferred distro, we encourage you to [actively contribute](#how-to-contribute) to the project.
## Multilingual support
RaspAP uses [GNU Gettext](https://www.gnu.org/software/gettext/) to manage multilingual messages. In order to use RaspAP with one of our supported translations, you must configure a corresponding language package on your RPi. To list languages currently installed on your system, use `locale -a` at the shell prompt. To generate new locales, run `sudo dpkg-reconfigure locales` and select any other desired locales. Details are provided on our [wiki](https://github.com/billz/raspap-webgui/wiki/Translations#raspap-in-your-language).

6
config/config.php
View File

@ -1,6 +1,6 @@
<?php
define('RASPI_VERSION', '2.3');
define('RASPI_VERSION', '2.3.1');
define('RASPI_CONFIG', '/etc/raspap');
define('RASPI_CONFIG_NETWORKING', RASPI_CONFIG.'/networking');
define('RASPI_ADMIN_DETAILS', RASPI_CONFIG.'/raspap.auth');
@ -9,7 +9,7 @@ define('RASPI_CACHE_PATH', sys_get_temp_dir() . '/raspap');
// Constants for configuration file paths.
// These are typical for default RPi installs. Modify if needed.
define('RASPI_DNSMASQ_CONFIG', '/etc/dnsmasq.conf');
define('RASPI_DNSMASQ_CONFIG', '/etc/dnsmasq.d/090_raspap.conf');
define('RASPI_DNSMASQ_LEASES', '/var/lib/misc/dnsmasq.leases');
define('RASPI_ADBLOCK_LISTPATH', '/etc/raspap/adblock/');
define('RASPI_ADBLOCK_CONFIG', '/etc/dnsmasq.d/090_adblock.conf');
@ -32,7 +32,7 @@ define('RASPI_WIFICLIENT_ENABLED', true);
define('RASPI_HOTSPOT_ENABLED', true);
define('RASPI_NETWORK_ENABLED', true);
define('RASPI_DHCP_ENABLED', true);
define('RASPI_ADBLOCK_ENABLED', true);
define('RASPI_ADBLOCK_ENABLED', false);
define('RASPI_OPENVPN_ENABLED', false);
define('RASPI_TORPROXY_ENABLED', false);
define('RASPI_CONFAUTH_ENABLED', true);

4
includes/defaults.php
View File

@ -5,7 +5,7 @@ if (!defined('RASPI_CONFIG')) {
}
$defaults = [
'RASPI_VERSION' => '2.3',
'RASPI_VERSION' => '2.3.1',
'RASPI_CONFIG_NETWORKING' => RASPI_CONFIG.'/networking',
'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
'RASPI_WIFI_CLIENT_INTERFACE' => 'wlan0',
@ -33,7 +33,7 @@ $defaults = [
'RASPI_HOTSPOT_ENABLED' => true,
'RASPI_NETWORK_ENABLED' => true,
'RASPI_DHCP_ENABLED' => true,
'RASPI_ADBLOCK_ENABLED' => true,
'RASPI_ADBLOCK_ENABLED' => false,
'RASPI_OPENVPN_ENABLED' => false,
'RASPI_TORPROXY_ENABLED' => false,
'RASPI_CONFAUTH_ENABLED' => true,

2
index.php
View File

@ -13,7 +13,7 @@
* @author Lawrence Yau <sirlagz@gmail.com>
* @author Bill Zimmerman <billzimmerman@gmail.com>
* @license GNU General Public License, version 3 (GPL-3.0)
* @version 2.3
* @version 2.3.1
* @link https://github.com/billz/raspap-webgui
* @see http://sirlagz.net/2013/02/08/raspap-webgui/
*/

506
installers/common.sh
View File

@ -1,54 +1,48 @@
#!/bin/bash
#
# RaspAP installation functions.
# author: @billz
# license: GNU General Public License v3.0
raspap_dir="/etc/raspap"
raspap_user="www-data"
# RaspAP installation functions
# Author: @billz <billzimmerman@gmail.com>
# License: GNU General Public License v3.0
#
# You are not obligated to bundle the LICENSE file with your RaspAP projects as long
# as you leave these references intact in the header comments of your source files.
# Exit on error
set -o errexit
# Exit on error inside functions
set -o errtrace
# Turn on traces, disabled by default
# set -o xtrace
# Set defaults
readonly raspap_dir="/etc/raspap"
readonly raspap_user="www-data"
readonly raspap_sudoers="/etc/sudoers.d/090_raspap"
readonly raspap_dnsmasq="/etc/dnsmasq.d/090_raspap.conf"
readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
readonly rulesv4="/etc/iptables/rules.v4"
webroot_dir="/var/www/html"
version=`sed 's/\..*//' /etc/debian_version`
git_source_url="https://github.com/$repo" # $repo from install.raspap.com
# Determine Raspbian version, set default home location for lighttpd and
# php package to install
if [ "$version" -eq "10" ]; then
version_msg="Raspbian 10.0 (Buster)"
php_package="php7.3-cgi"
elif [ "$version" -eq "9" ]; then
version_msg="Raspbian 9.0 (Stretch)"
php_package="php7.0-cgi"
elif [ "$version" -eq "8" ]; then
install_error "Raspbian 8.0 (Jessie) and php5 are deprecated. Please upgrade."
elif [ "$version" -lt "8" ]; then
install_error "Raspbian ${version} is unsupported. Please upgrade."
fi
phpcgiconf=""
if [ "$php_package" = "php7.3-cgi" ]; then
phpcgiconf="/etc/php/7.3/cgi/php.ini"
elif [ "$php_package" = "php7.0-cgi" ]; then
phpcgiconf="/etc/php/7.0/cgi/php.ini"
fi
### NOTE: all the below functions are overloadable for system-specific installs
# Prompts user to set options for installation
function config_installation() {
install_log "Configure installation"
echo "Detected ${version_msg}"
# NOTE: all the below functions are overloadable for system-specific installs
# Prompts user to set installation options
function _config_installation() {
_install_log "Configure installation"
_get_linux_distro
echo "Detected OS: ${DESC}"
echo "Using GitHub repository: ${repo} ${branch} branch"
echo "Install directory: ${raspap_dir}"
echo -n "Install to Lighttpd root directory: ${webroot_dir}? [Y/n]: "
echo -n "Install to lighttpd root: ${webroot_dir}? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
read -e -p < /dev/tty "Enter alternate Lighttpd directory: " -i "/var/www/html" webroot_dir
read -e -p < /dev/tty "Enter alternate lighttpd directory: " -i "/var/www/html" webroot_dir
fi
else
echo -e
fi
echo "Install to Lighttpd directory: ${webroot_dir}"
echo "Installing to lighttpd directory: ${webroot_dir}"
echo -n "Complete installation with these values? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
@ -61,132 +55,230 @@ function config_installation() {
fi
}
# Determines host Linux distrubtion details
function _get_linux_distro() {
if type lsb_release >/dev/null 2>&1; then # linuxbase.org
OS=$(lsb_release -si)
RELEASE=$(lsb_release -sr)
CODENAME=$(lsb_release -sc)
DESC=$(lsb_release -sd)
elif [ -f /etc/os-release ]; then # freedesktop.org
. /etc/os-release
OS=$ID
RELEASE=$VERSION_ID
CODENAME=$VERSION_CODENAME
DESC=$PRETTY_NAME
else
_install_error "Unsupported Linux distribution"
fi
}
# Sets php package option based on Linux version, abort if unsupported distro
function _set_php_package() {
case $RELEASE in
"18.04"|"19.10") # Ubuntu Server
php_package="php7.4-cgi"
phpcgiconf="/etc/php/7.4/cgi/php.ini" ;;
"10")
php_package="php7.3-cgi"
phpcgiconf="/etc/php/7.3/cgi/php.ini" ;;
"9")
php_package="php7.0-cgi"
phpcgiconf="/etc/php/7.0/cgi/php.ini" ;;
"8")
_install_error "${DESC} and php5 are not supported. Please upgrade." ;;
*)
_install_error "${DESC} is unsupported. Please install on a supported distro." ;;
esac
}
# Runs a system software update to make sure we're using all fresh packages
function install_dependencies() {
install_log "Installing required packages"
sudo apt-get install $apt_option lighttpd $php_package git hostapd dnsmasq vnstat qrencode || install_error "Unable to install dependencies"
function _install_dependencies() {
_install_log "Installing required packages"
_set_php_package
if [ "$php_package" = "php7.4-cgi" ]; then
echo "Adding apt-repository ppa:ondrej/php"
sudo apt-get install software-properties-common || _install_error "Unable to install dependency"
sudo add-apt-repository ppa:ondrej/php || _install_error "Unable to add-apt-repository ppa:ondrej/php"
fi
if [ ${OS,,} = "debian" ] || [ ${OS,,} = "ubuntu" ]; then
dhcpcd_package="dhcpcd5"
fi
# Set dconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_error "Unable to install dependencies"
}
# Enables PHP for lighttpd and restarts service for settings to take effect
function enable_php_lighttpd() {
install_log "Enabling PHP for lighttpd"
function _enable_php_lighttpd() {
_install_log "Enabling PHP for lighttpd"
sudo lighttpd-enable-mod fastcgi-php
sudo service lighttpd force-reload
sudo systemctl restart lighttpd.service || install_error "Unable to restart lighttpd"
sudo systemctl restart lighttpd.service || _install_error "Unable to restart lighttpd"
}
# Verifies existence and permissions of RaspAP directory
function create_raspap_directories() {
install_log "Creating RaspAP directories"
function _create_raspap_directories() {
_install_log "Creating RaspAP directories"
if [ -d "$raspap_dir" ]; then
sudo mv $raspap_dir "$raspap_dir.`date +%F-%R`" || install_error "Unable to move old '$raspap_dir' out of the way"
sudo mv $raspap_dir "$raspap_dir.`date +%F-%R`" || _install_error "Unable to move old '$raspap_dir' out of the way"
fi
sudo mkdir -p "$raspap_dir" || install_error "Unable to create directory '$raspap_dir'"
sudo mkdir -p "$raspap_dir" || _install_error "Unable to create directory '$raspap_dir'"
# Create a directory for existing file backups.
sudo mkdir -p "$raspap_dir/backups"
# Create a directory to store networking configs
echo "Creating $raspap_dir/networking"
sudo mkdir -p "$raspap_dir/networking"
# Copy existing dhcpcd.conf to use as base config
cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'"
echo "Adding /etc/dhcpcd.conf as base configuration"
cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults > /dev/null
echo "Changing file ownership of $raspap_dir"
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_error "Unable to change file ownership for '$raspap_dir'"
}
# Generate hostapd logging and service control scripts
function create_hostapd_scripts() {
install_log "Creating hostapd logging & control scripts"
sudo mkdir $raspap_dir/hostapd || install_error "Unable to create directory '$raspap_dir/hostapd'"
function _create_hostapd_scripts() {
_install_log "Creating hostapd logging & control scripts"
sudo mkdir $raspap_dir/hostapd || _install_error "Unable to create directory '$raspap_dir/hostapd'"
# Move logging shell scripts
sudo cp "$webroot_dir/installers/"*log.sh "$raspap_dir/hostapd" || install_error "Unable to move logging scripts"
sudo cp "$webroot_dir/installers/"*log.sh "$raspap_dir/hostapd" || _install_error "Unable to move logging scripts"
# Move service control shell scripts
sudo cp "$webroot_dir/installers/"service*.sh "$raspap_dir/hostapd" || install_error "Unable to move service control scripts"
sudo cp "$webroot_dir/installers/"service*.sh "$raspap_dir/hostapd" || _install_error "Unable to move service control scripts"
# Make enablelog.sh and disablelog.sh not writable by www-data group.
sudo chown -c root:"$raspap_user" "$raspap_dir/hostapd/"*.sh || install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/hostapd/"*.sh || install_error "Unable to change file permissions"
sudo chown -c root:"$raspap_user" "$raspap_dir/hostapd/"*.sh || _install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/hostapd/"*.sh || _install_error "Unable to change file permissions"
}
# Generate lighttpd service control scripts
function create_lighttpd_scripts() {
install_log "Creating lighttpd control scripts"
sudo mkdir $raspap_dir/lighttpd || install_error "Unable to create directory '$raspap_dir/lighttpd"
function _create_lighttpd_scripts() {
_install_log "Creating lighttpd control scripts"
sudo mkdir $raspap_dir/lighttpd || _install_error "Unable to create directory '$raspap_dir/lighttpd"
# Move service control shell scripts
sudo cp "$webroot_dir/installers/"configport.sh "$raspap_dir/lighttpd" || install_error "Unable to move service control scripts"
sudo cp "$webroot_dir/installers/"configport.sh "$raspap_dir/lighttpd" || _install_error "Unable to move service control scripts"
# Make configport.sh writable by www-data group
sudo chown -c root:"$raspap_user" "$raspap_dir/lighttpd/"*.sh || install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/lighttpd/"*.sh || install_error "Unable to change file permissions"
sudo chown -c root:"$raspap_user" "$raspap_dir/lighttpd/"*.sh || _install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/lighttpd/"*.sh || _install_error "Unable to change file permissions"
}
# Prompt to install adblock
function _prompt_install_adblock() {
if [ "$install_adblock" == 1 ]; then
_install_log "Configure ad blocking (Beta)"
echo -n "Download blocklists and enable ad blocking? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
_install_adblock
fi
fi
fi
}
# Download notracking adblock lists and enable option
function _install_adblock() {
_install_log "Creating ad block base configuration (Beta)"
notracking_url="https://raw.githubusercontent.com/notracking/hosts-blocklists/master/"
if [ ! -d "$raspap_dir/adblock" ]; then
echo "Creating $raspap_dir/adblock"
sudo mkdir -p "$raspap_dir/adblock"
fi
if [ ! -f /tmp/hostnames.txt ]; then
echo "Fetching latest hostnames list"
wget ${notracking_url}hostnames.txt -O /tmp/hostnames.txt || _install_error "Unable to download notracking hostnames"
fi
if [ ! -f /tmp/domains.txt ]; then
echo "Fetching latest domains list"
wget ${notracking_url}domains.txt -O /tmp/domains.txt || _install_error "Unable to download notracking domains"
fi
echo "Adding blocklists to $raspap_dir/adblock"
sudo cp /tmp/hostnames.txt $raspap_dir/adblock || _install_error "Unable to move notracking hostnames"
sudo cp /tmp/domains.txt $raspap_dir/adblock || _install_error "Unable to move notracking domains"
echo "Moving and setting permissions for blocklist update script"
sudo cp "$webroot_dir/installers/"update_blocklist.sh "$raspap_dir/adblock" || _install_error "Unable to move blocklist update script"
# Make blocklists and update script writable by www-data group
sudo chown -c root:"$raspap_user" "$raspap_dir/adblock/"*.* || _install_error "Unable to change owner/group"
sudo chmod 750 "$raspap_dir/adblock/"*.sh || install_error "Unable to change file permissions"
echo "Enabling ad blocking management option"
sudo sed -i "s/\('RASPI_ADBLOCK_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_error "Unable to modify config.php"
echo "Done."
}
# Prompt to install openvpn
function prompt_install_openvpn() {
install_log "Setting up OpenVPN support (beta)"
function _prompt_install_openvpn() {
_install_log "Setting up OpenVPN support"
echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
install_openvpn
_install_openvpn
fi
elif [ "$ovpn_option" == 1 ]; then
install_openvpn
_install_openvpn
fi
}
# Install openvpn and enable client configuration option
function install_openvpn() {
install_log "Installing OpenVPN and enabling client configuration"
sudo apt-get install -y openvpn || install_error "Unable to install openvpn"
sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || install_error "Unable to modify config.php"
function _install_openvpn() {
_install_log "Installing OpenVPN and enabling client configuration"
sudo apt-get install -y openvpn || _install_error "Unable to install openvpn"
sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_error "Unable to modify config.php"
echo "Enabling openvpn-client service on boot"
sudo systemctl enable openvpn-client@client || install_error "Unable to enable openvpn-client daemon"
create_openvpn_scripts || install_error "Unable to create openvpn control scripts"
sudo systemctl enable openvpn-client@client || _install_error "Unable to enable openvpn-client daemon"
_create_openvpn_scripts || _install_error "Unable to create openvpn control scripts"
}
# Generate openvpn logging and auth control scripts
function create_openvpn_scripts() {
install_log "Creating OpenVPN control scripts"
sudo mkdir $raspap_dir/openvpn || install_error "Unable to create directory '$raspap_dir/openvpn'"
function _create_openvpn_scripts() {
_install_log "Creating OpenVPN control scripts"
sudo mkdir $raspap_dir/openvpn || _install_error "Unable to create directory '$raspap_dir/openvpn'"
# Move service auth control shell scripts
sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || install_error "Unable to move auth control script"
sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || _install_error "Unable to move auth control script"
# Make configauth.sh writable by www-data group
sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/openvpn/"*.sh || install_error "Unable to change file permissions"
sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || _install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/openvpn/"*.sh || _install_error "Unable to change file permissions"
}
# Fetches latest files from github to webroot
function download_latest_files() {
function _download_latest_files() {
if [ ! -d "$webroot_dir" ]; then
sudo mkdir -p $webroot_dir || install_error "Unable to create new webroot directory"
sudo mkdir -p $webroot_dir || _install_error "Unable to create new webroot directory"
fi
if [ -d "$webroot_dir" ]; then
sudo mv $webroot_dir "$webroot_dir.`date +%F-%R`" || install_error "Unable to remove old webroot directory"
sudo mv $webroot_dir "$webroot_dir.`date +%F-%R`" || _install_error "Unable to remove old webroot directory"
fi
install_log "Cloning latest files from github"
git clone --branch $branch --depth 1 $git_source_url /tmp/raspap-webgui || install_error "Unable to download files from github"
_install_log "Cloning latest files from github"
git clone --branch $branch --depth 1 $git_source_url /tmp/raspap-webgui || _install_error "Unable to download files from github"
sudo mv /tmp/raspap-webgui $webroot_dir || install_error "Unable to move raspap-webgui to web root"
sudo mv /tmp/raspap-webgui $webroot_dir || _install_error "Unable to move raspap-webgui to web root"
}
# Sets files ownership in web root directory
function change_file_ownership() {
function _change_file_ownership() {
if [ ! -d "$webroot_dir" ]; then
install_error "Web root directory doesn't exist"
_install_error "Web root directory doesn't exist"
fi
install_log "Changing file ownership in web root directory"
sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || install_error "Unable to change file ownership for '$webroot_dir'"
_install_log "Changing file ownership in web root directory"
sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || _install_error "Unable to change file ownership for '$webroot_dir'"
}
# Check for existing /etc/network/interfaces and /etc/hostapd/hostapd.conf files
function check_for_old_configs() {
# Check for existing configuration files
function _check_for_old_configs() {
if [ -f /etc/network/interfaces ]; then
sudo cp /etc/network/interfaces "$raspap_dir/backups/interfaces.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/interfaces.`date +%F-%R`" "$raspap_dir/backups/interfaces"
@ -197,8 +289,8 @@ function check_for_old_configs() {
sudo ln -sf "$raspap_dir/backups/hostapd.conf.`date +%F-%R`" "$raspap_dir/backups/hostapd.conf"
fi
if [ -f /etc/dnsmasq.conf ]; then
sudo cp /etc/dnsmasq.conf "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`"
if [ -f $raspap_dnsmasq ]; then
sudo cp $raspap_dnsmasq "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`" "$raspap_dir/backups/dnsmasq.conf"
fi
@ -207,11 +299,6 @@ function check_for_old_configs() {
sudo ln -sf "$raspap_dir/backups/dhcpcd.conf.`date +%F-%R`" "$raspap_dir/backups/dhcpcd.conf"
fi
if [ -f /etc/rc.local ]; then
sudo cp /etc/rc.local "$raspap_dir/backups/rc.local.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/rc.local.`date +%F-%R`" "$raspap_dir/backups/rc.local"
fi
for file in /etc/systemd/network/raspap-*.net*; do
if [ -f "${file}" ]; then
filename=$(basename $file)
@ -222,58 +309,76 @@ function check_for_old_configs() {
}
# Move configuration file to the correct location
function move_config_file() {
function _move_config_file() {
if [ ! -d "$raspap_dir" ]; then
install_error "'$raspap_dir' directory doesn't exist"
_install_error "'$raspap_dir' directory doesn't exist"
fi
install_log "Moving configuration file to '$raspap_dir'"
sudo cp "$webroot_dir"/raspap.php "$raspap_dir" || install_error "Unable to move files to '$raspap_dir'"
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'"
_install_log "Moving configuration file to '$raspap_dir'"
sudo cp "$webroot_dir"/raspap.php "$raspap_dir" || _install_error "Unable to move files to '$raspap_dir'"
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_error "Unable to change file ownership for '$raspap_dir'"
}
# Set up default configuration
function default_configuration() {
install_log "Setting up hostapd"
function _default_configuration() {
_install_log "Applying default configuration to installed services"
if [ -f /etc/default/hostapd ]; then
sudo mv /etc/default/hostapd /tmp/default_hostapd.old || install_error "Unable to remove old /etc/default/hostapd file"
sudo mv /etc/default/hostapd /tmp/default_hostapd.old || _install_error "Unable to remove old /etc/default/hostapd file"
fi
sudo cp $webroot_dir/config/default_hostapd /etc/default/hostapd || install_error "Unable to move hostapd defaults file"
sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || install_error "Unable to move hostapd configuration file"
sudo cp $webroot_dir/config/dnsmasq.conf /etc/dnsmasq.conf || install_error "Unable to move dnsmasq configuration file"
sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || install_error "Unable to move dhcpcd configuration file"
sudo cp $webroot_dir/config/default_hostapd /etc/default/hostapd || _install_error "Unable to move hostapd defaults file"
sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || _install_error "Unable to move hostapd configuration file"
sudo cp $webroot_dir/config/dnsmasq.conf $raspap_dnsmasq || _install_error "Unable to move dnsmasq configuration file"
sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || _install_error "Unable to move dhcpcd configuration file"
[ -d /etc/dnsmasq.d ] || sudo mkdir /etc/dnsmasq.d
sudo systemctl stop systemd-networkd
sudo systemctl disable systemd-networkd
sudo cp $webroot_dir/config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev || install_error "Unable to move br0 netdev file"
sudo cp $webroot_dir/config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network || install_error "Unable to move br0 member file"
sudo cp $webroot_dir/config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev || _install_error "Unable to move br0 netdev file"
sudo cp $webroot_dir/config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network || _install_error "Unable to move br0 member file"
if [ ! -f "$webroot_dir/includes/config.php" ]; then
sudo cp "$webroot_dir/config/config.php" "$webroot_dir/includes/config.php"
fi
}
# Install and enable RaspAP daemon
function _enable_raspap_daemon() {
_install_log "Enabling RaspAP daemon"
echo "Disable with: sudo systemctl disable raspapd.service"
sudo cp $webroot_dir/installers/raspapd.service /lib/systemd/system/ || _install_error "Unable to move raspap.service file"
sudo systemctl daemon-reload
sudo systemctl enable raspapd.service || _install_error "Failed to enable raspap.service"
}
# Generate required lines for Rasp AP to place into rc.local file.
# #RASPAP is for removal script
lines=(
'echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward #RASPAP'
'iptables -t nat -A POSTROUTING -j MASQUERADE #RASPAP'
'iptables -t nat -A POSTROUTING -s 192.168.50.0\/24 ! -d 192.168.50.0\/24 -j MASQUERADE #RASPAP'
# Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon
function _configure_networking() {
_install_log "Configuring networking"
echo "Enabling IP forwarding"
echo "net.ipv4.ip_forward=1" | sudo tee $raspap_sysctl > /dev/null || _install_error "Unable to set IP forwarding"
sudo sysctl -p $raspap_sysctl || _install_error "Unable to execute sysctl"
sudo /etc/init.d/procps restart || _install_error "Unable to execute procps"
echo "Checking iptables rules"
rules=(
"-A POSTROUTING -j MASQUERADE"
"-A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE"
)
for line in "${lines[@]}"; do
if grep "$line" /etc/rc.local > /dev/null; then
echo "$line: Line already added"
for rule in "${rules[@]}"; do
if grep -- "$rule" $rulesv4 > /dev/null; then
echo "Rule already exits: ${rule}"
else
sudo sed -i "s/^exit 0$/$line\nexit 0/" /etc/rc.local
echo "Adding line $line"
rule=$(sed -e 's/^\(-A POSTROUTING\)/-t nat \1/' <<< $rule)
echo "Adding rule: ${rule}"
sudo iptables $rule || _install_error "Unable to execute iptables"
added=true
fi
done
# Force a reload of new settings in /etc/rc.local
sudo systemctl restart rc-local.service
sudo systemctl daemon-reload
# Persist rules if added
if [ "$added" = true ]; then
echo "Persisting IP tables rules"
sudo iptables-save | sudo tee $rulesv4 > /dev/null || _install_error "Unable to execute iptables-save"
fi
# Prompt to install RaspAP daemon
echo -n "Enable RaspAP control service (Recommended)? [Y/n]: "
@ -282,106 +387,42 @@ function default_configuration() {
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
enable_raspap_daemon
_enable_raspap_daemon
fi
else
echo -e
enable_raspap_daemon
_enable_raspap_daemon
fi
}
# Install and enable RaspAP daemon
function enable_raspap_daemon() {
install_log "Enabling RaspAP daemon"
echo "Disable with: sudo systemctl disable raspap.service"
sudo cp $webroot_dir/installers/raspap.service /lib/systemd/system/ || install_error "Unable to move raspap.service file"
sudo systemctl enable raspap.service || install_error "Failed to enable raspap.service"
}
# Add a single entry to the sudoers file
function sudo_add() {
sudo bash -c "echo \"$raspap_user ALL=(ALL) NOPASSWD:$1\" | (EDITOR=\"tee -a\" visudo)" \
|| install_error "Unable to patch /etc/sudoers"
}
}
# Adds www-data user to the sudoers file with restrictions on what the user can execute
function patch_system_files() {
# Set commands array
cmds=(
"/sbin/ifdown"
"/sbin/ifup"
"/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf"
"/bin/cat /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf"
"/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf"
"/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf"
"/sbin/wpa_cli -i wlan[0-9] scan_results"
"/sbin/wpa_cli -i wlan[0-9] scan"
"/sbin/wpa_cli -i wlan[0-9] reconfigure"
"/sbin/wpa_cli -i wlan[0-9] select_network"
"/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf"
"/bin/systemctl start hostapd.service"
"/bin/systemctl stop hostapd.service"
"/bin/systemctl start dnsmasq.service"
"/bin/systemctl stop dnsmasq.service"
"/bin/systemctl start openvpn-client@client"
"/bin/systemctl enable openvpn-client@client"
"/bin/systemctl stop openvpn-client@client"
"/bin/systemctl disable openvpn-client@client"
"/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf"
"/bin/cp /tmp/authdata /etc/openvpn/client/login.conf"
"/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.conf"
"/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf"
"/sbin/shutdown -h now"
"/sbin/reboot"
"/sbin/ip link set wlan[0-9] down"
"/sbin/ip link set wlan[0-9] up"
"/sbin/ip -s a f label wlan[0-9]"
"/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf"
"/etc/raspap/hostapd/enablelog.sh"
"/etc/raspap/hostapd/disablelog.sh"
"/etc/raspap/hostapd/servicestart.sh"
"/etc/raspap/lighttpd/configport.sh"
"/etc/raspap/openvpn/configauth.sh"
"/bin/chmod o+r /tmp/hostapd.log"
"/bin/chmod o+r /tmp/dnsmasq.log"
)
# Add sudoers file to /etc/sudoers.d/ and set file permissions
function _patch_system_files() {
# Check if sudoers needs patching
if [ $(sudo grep -c $raspap_user /etc/sudoers) -ne ${#cmds[@]} ]
then
# Sudoers file has incorrect number of commands. Wiping them out.
install_log "Cleaning system sudoers file"
sudo sed -i "/$raspap_user/d" /etc/sudoers
install_log "Patching system sudoers file"
# patch /etc/sudoers file
for cmd in "${cmds[@]}"
do
sudo_add $cmd
IFS=$'\n'
done
else
install_log "Sudoers file already patched"
# Create sudoers if not present
if [ ! -f $raspap_sudoers ]; then
_install_log "Adding raspap.sudoers to ${raspap_sudoers}"
sudo cp "$webroot_dir/installers/raspap.sudoers" $raspap_sudoers || _install_error "Unable to apply raspap.sudoers to $raspap_sudoers"
sudo chmod 0440 $raspap_sudoers || _install_error "Unable to change file permissions for $raspap_sudoers"
fi
# Add symlink to prevent wpa_cli cmds from breaking with multiple wlan interfaces
install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces"
_install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces"
if [ ! -f /usr/share/dhcpcd/hooks/10-wpa_supplicant ]; then
sudo ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /etc/dhcp/dhclient-enter-hooks.d/
fi
# Unmask and enable hostapd.service
install_log "Unmasking and enabling hostapd service"
_install_log "Unmasking and enabling hostapd service"
sudo systemctl unmask hostapd.service
sudo systemctl enable hostapd.service
}
# Optimize configuration of php-cgi.
function optimize_php() {
install_log "Optimize PHP configuration"
function _optimize_php() {
_install_log "Optimize PHP configuration"
if [ ! -f "$phpcgiconf" ]; then
install_warning "PHP configuration could not be found."
_install_warning "PHP configuration could not be found."
return
fi
@ -423,15 +464,14 @@ function optimize_php() {
if [ -f "/usr/sbin/phpenmod" ]; then
sudo phpenmod opcache
else
install_warning "phpenmod not found."
_install_warning "phpenmod not found."
fi
fi
fi
}
function install_complete() {
install_log "Installation completed!"
function _install_complete() {
_install_log "Installation completed!"
if [ "$assume_yes" == 0 ]; then
# Prompt to reboot if wired ethernet (eth0) is connected.
# With default_configuration this will create an active AP on restart.
@ -442,27 +482,29 @@ function install_complete() {
echo "Installation reboot aborted."
exit 0
fi
sudo shutdown -r now || install_error "Unable to execute shutdown"
sudo shutdown -r now || _install_error "Unable to execute shutdown"
fi
fi
}
function install_raspap() {
display_welcome
config_installation
update_system_packages
install_dependencies
enable_php_lighttpd
create_raspap_directories
optimize_php
check_for_old_configs
download_latest_files
change_file_ownership
create_hostapd_scripts
create_lighttpd_scripts
move_config_file
default_configuration
prompt_install_openvpn
patch_system_files
install_complete
function _install_raspap() {
_display_welcome
_config_installation
_update_system_packages
_install_dependencies
_enable_php_lighttpd
_create_raspap_directories
_optimize_php
_check_for_old_configs
_download_latest_files
_change_file_ownership
_create_hostapd_scripts
_create_lighttpd_scripts
_move_config_file
_default_configuration
_configure_networking
_prompt_install_openvpn
_prompt_install_adblock
_patch_system_files
_install_complete
}

41
installers/configauth.sh
View File

@ -6,9 +6,17 @@
# @author billz
# license: GNU General Public License v3.0
# Exit on error
set -o errexit
# Exit on error inside functions
set -o errtrace
# Turn on traces, disabled by default
#set -o xtrace
file=$1
auth=$2
interface=$3
readonly rulesv4="/etc/iptables/rules.v4"
if [ "$auth" = 1 ]; then
echo "Enabling auth-user-pass in OpenVPN client.conf"
@ -22,26 +30,27 @@ if [ "$auth" = 1 ]; then
fi
fi
# Generate iptables entries to place into rc.local file.
# #RASPAP is for uninstall script
echo "Checking iptables rules for $interface"
lines=(
"iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE #RASPAP"
"iptables -A FORWARD -i tun0 -o $interface -m state --state RELATED,ESTABLISHED -j ACCEPT #RASPAP"
"iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT #RASPAP"
# Configure NAT and forwarding with iptables
echo "Checking iptables rules"
rules=(
"-A POSTROUTING -o tun0 -j MASQUERADE"
"-A FORWARD -i tun0 -o ${interface} -m state --state RELATED,ESTABLISHED -j ACCEPT"
"-A FORWARD -i wlan0 -o tun0 -j ACCEPT"
)
for line in "${lines[@]}"; do
if grep "$line" /etc/rc.local > /dev/null; then
echo "$line: Line already added"
for rule in "${rules[@]}"; do
if grep -- "$rule" $rulesv4 > /dev/null; then
echo "Rule already exits: ${rule}"
else
sudo sed -i "s/^exit 0$/$line\nexit 0/" /etc/rc.local
echo "Adding rule: $line"
rule=$(sed -e 's/^\(-A POSTROUTING\)/-t nat \1/' <<< $rule)
echo "Adding rule: ${rule}"
sudo iptables $rule
added=true
fi
done
# Force a reload of new settings in /etc/rc.local
sudo systemctl restart rc-local.service
sudo systemctl daemon-reload
if [ "$added" = true ]; then
echo "Persisting IP tables rules"
sudo iptables-save | sudo tee $rulesv4 > /dev/null
fi

102
installers/mkcert.sh
View File

@ -1,19 +1,31 @@
#!/bin/bash
#
# RaspAP SSL certificate installation functions
# author: @billz
# license: GNU General Public License v3.0
# Author: @billz <billzimmerman@gmail.com>
# License: GNU General Public License v3.0
#
# You are not obligated to bundle the LICENSE file with your RaspAP projects as long
# as you leave these references intact in the header comments of your source files.
# Exit on error
set -o errexit
# Exit on error inside functions
set -o errtrace
# Turn on traces, disabled by default
# set -o xtrace
# Set defaults
certname=$HOSTNAME."local"
lighttpd_ssl="/etc/lighttpd/ssl"
lighttpd_conf="/etc/lighttpd/lighttpd.conf"
webroot_dir="/var/www/html"
mkcert_version="1.4.1"
readonly mkcert_version="1.4.1"
readonly git_source_url="https://github.com/FiloSottile/mkcert/releases/download/v${mkcert_version}"
### NOTE: all the below functions are overloadable for system-specific installs
function config_installation() {
install_log "Configure a new SSL certificate"
function _config_installation() {
_install_log "Configure a new SSL certificate"
echo "Current system hostname is $HOSTNAME"
echo -n "Create an SSL certificate for ${certname}? (Recommended) [y/N]"
if [ $assume_yes == 0 ]; then
@ -35,10 +47,10 @@ function config_installation() {
echo -e
fi
install_divider
_install_divider
echo "A new SSL certificate for: ${certname}"
echo "will be installed to lighttpd SSL directory: ${lighttpd_ssl}"
install_divider
_install_divider
echo -n "Complete installation with these values? [y/N]: "
if [ $assume_yes == 0 ]; then
read answer < /dev/tty
@ -52,43 +64,43 @@ function config_installation() {
}
# Installs pre-built mkcert binary for Arch Linux ARM
function install_mkcert() {
install_log "Fetching mkcert binary"
sudo wget -q https://github.com/FiloSottile/mkcert/releases/download/v${mkcert_version}/mkcert-v${mkcert_version}-linux-arm -O /usr/local/bin/mkcert || install_error "Unable to download mkcert"
function _install_mkcert() {
_install_log "Fetching mkcert binary"
sudo wget -q ${git_source_url}/mkcert-v${mkcert_version}-linux-arm -O /usr/local/bin/mkcert || _install_error "Unable to download mkcert"
sudo chmod +x /usr/local/bin/mkcert
install_log "Installing mkcert"
mkcert -install || install_error "Failed to install mkcert"
_install_log "Installing mkcert"
mkcert -install || _install_error "Failed to install mkcert"
}
# Generate a certificate for host
function generate_certificate() {
install_log "Generating a new certificate for $certname"
function _generate_certificate() {
_install_log "Generating a new certificate for $certname"
cd $HOME
mkcert $certname "*.${certname}.local" $certname || install_error "Failed to generate certificate for $certname"
mkcert $certname "*.${certname}.local" $certname || _install_error "Failed to generate certificate for $certname"
install_log "Combining private key and certificate"
cat $certname+2-key.pem $certname+2.pem > $certname.pem || install_error "Failed to combine key and certificate"
_install_log "Combining private key and certificate"
cat $certname+2-key.pem $certname+2.pem > $certname.pem || _install_error "Failed to combine key and certificate"
echo "OK"
}
# Create a directory for the combined .pem file in lighttpd
function create_lighttpd_dir() {
install_log "Creating SLL directory for lighttpd"
function _create_lighttpd_dir() {
_install_log "Creating SLL directory for lighttpd"
if [ ! -d "$lighttpd_ssl" ]; then
sudo mkdir -p "$lighttpd_ssl" || install_error "Failed to create lighttpd directory"
sudo mkdir -p "$lighttpd_ssl" || _install_error "Failed to create lighttpd directory"
fi
echo "OK"
install_log "Setting permissions and moving .pem file"
chmod 400 "$HOME/$certname".pem || install_error "Unable to set permissions for .pem file"
sudo mv "$HOME/$certname".pem /etc/lighttpd/ssl || install_error "Unable to move .pem file"
_install_log "Setting permissions and moving .pem file"
chmod 400 "$HOME/$certname".pem || _install_error "Unable to set permissions for .pem file"
sudo mv "$HOME/$certname".pem /etc/lighttpd/ssl || _install_error "Unable to move .pem file"
echo "OK"
}
# Generate config to enable SSL in lighttpd
function configure_lighttpd() {
install_log "Configuring lighttpd for SSL"
function _configure_lighttpd() {
_install_log "Configuring lighttpd for SSL"
lines=(
'server.modules += ("mod_openssl")'
'$SERVER["socket"] == ":443" {'
@ -110,22 +122,22 @@ function configure_lighttpd() {
}
# Copy rootCA.pem to RaspAP web root
function copy_rootca() {
install_log "Copying rootCA.pem to RaspAP web root"
sudo cp ${HOME}/.local/share/mkcert/rootCA.pem ${webroot_dir} || install_error "Unable to copy rootCA.pem to ${webroot_dir}"
function _copy_rootca() {
_install_log "Copying rootCA.pem to RaspAP web root"
sudo cp ${HOME}/.local/share/mkcert/rootCA.pem ${webroot_dir} || _install_error "Unable to copy rootCA.pem to ${webroot_dir}"
echo "OK"
}
# Restart lighttpd service
function restart_lighttpd() {
install_log "Restarting lighttpd service"
sudo systemctl restart lighttpd.service || install_error "Unable to restart lighttpd service"
function _restart_lighttpd() {
_install_log "Restarting lighttpd service"
sudo systemctl restart lighttpd.service || _install_error "Unable to restart lighttpd service"
sudo systemctl status lighttpd.service
}
function install_complete() {
install_log "SSL certificate install completed!"
install_divider
function _install_complete() {
_install_log "SSL certificate install completed!"
_install_divider
printf '%s\n' \
"Open a browser and enter the address: http://$certname/rootCA.pem" \
"Download the root certificate to your client and add it to your system keychain." \
@ -133,18 +145,18 @@ function install_complete() {
"Finally, enter the address https://$certname in your browser." \
"Enjoy an encrypted SSL connection to RaspAP 🔒" \
"For advanced options, run mkcert -help"
install_divider
_install_divider
}
function install_certificate() {
display_welcome
config_installation
install_mkcert
generate_certificate
create_lighttpd_dir
configure_lighttpd
copy_rootca
restart_lighttpd
install_complete
function _install_certificate() {
_display_welcome
_config_installation
_install_mkcert
_generate_certificate
_create_lighttpd_dir
_configure_lighttpd
_copy_rootca
_restart_lighttpd
_install_complete
}

10
installers/raspap.service
View File

@ -1,10 +0,0 @@
[Unit]
Description=RaspAP daemon
After=multi-user.target
[Service]
Type=idle
ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3
[Install]
WantedBy=multi-user.target

40
installers/raspap.sudoers
View File

@ -0,0 +1,40 @@
www-data ALL=(ALL) NOPASSWD:/sbin/ifdown
www-data ALL=(ALL) NOPASSWD:/sbin/ifup
www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf
www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan_results
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] reconfigure
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] select_network
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf
www-data ALL=(ALL) NOPASSWD:/bin/systemctl start hostapd.service
www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop hostapd.service
www-data ALL=(ALL) NOPASSWD:/bin/systemctl start dnsmasq.service
www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop dnsmasq.service
www-data ALL=(ALL) NOPASSWD:/bin/systemctl restart dnsmasq.service
www-data ALL=(ALL) NOPASSWD:/bin/systemctl start openvpn-client@client
www-data ALL=(ALL) NOPASSWD:/bin/systemctl enable openvpn-client@client
www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop openvpn-client@client
www-data ALL=(ALL) NOPASSWD:/bin/systemctl disable openvpn-client@client
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/login.conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_raspap.conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf
www-data ALL=(ALL) NOPASSWD:/sbin/shutdown -h now
www-data ALL=(ALL) NOPASSWD:/sbin/reboot
www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] down
www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] up
www-data ALL=(ALL) NOPASSWD:/sbin/ip -s a f label wlan[0-9]
www-data ALL=(ALL) NOPASSWD:/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf
www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/enablelog.sh
www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/disablelog.sh
www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/servicestart.sh
www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh
www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh

24
installers/raspapd.service
View File

@ -0,0 +1,24 @@
### BEGIN INIT INFO
# Provides: raspapd
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: S 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start RaspAP daemon at boot time
# Description: Enable service provided by daemon
### END INIT INFO
# Author: BillZ <billzimmerman@gmail.com>
[Unit]
Description=RaspAP Service Daemon
DefaultDependencies=no
After=multi-user.target
[Service]
Type=oneshot
ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3
RemainAfterExit=no
[Install]
WantedBy=multi-user.target

36
installers/raspbian.sh
View File

@ -1,8 +1,8 @@
#!/bin/bash
#
# RaspAP Quick Installer
# author: @billz
# license: GNU General Public License v3.0
# Author: @billz <billzimmerman@gmail.com>
# License: GNU General Public License v3.0
#
# Usage:
#
@ -27,13 +27,16 @@
# https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/common.sh
# - or -
# https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/mkcert.sh
#
# You are not obligated to bundle the LICENSE file with your RaspAP projects as long
# as you leave these references intact in the header comments of your source files.
# Set defaults
repo="billz/raspap-webgui"
branch="master"
VERSION=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
assume_yes=0
ovpn_option=1
readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
# Define usage notes
usage=$(cat << EOF
@ -59,6 +62,9 @@ while :; do
ovpn_option="$2"
shift
;;
-a|--adblock)
install_adblock=1
;;
-c|--cert|--certificate)
install_cert=1
;;
@ -75,7 +81,7 @@ while :; do
exit 1
;;
-v|--version)
printf "RaspAP v${VERSION} - simple AP setup and wifi mangement for the RaspberryPi\n"
printf "RaspAP v${RASPAP_LATEST} - simple AP setup and wifi mangement for the RaspberryPi\n"
exit 1
;;
-*|--*)
@ -93,7 +99,7 @@ done
UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
# Outputs a welcome message
function display_welcome() {
function _display_welcome() {
raspberry='\033[0;35m'
green='\033[1;32m'
@ -105,35 +111,35 @@ function display_welcome() {
echo -e " 88 88 88. .88 88 88. .88 88 88 88"
echo -e " dP dP 88888P8 88888P 88Y888P 88 88 dP"
echo -e " 88"
echo -e " dP version ${VERSION}"
echo -e " dP version ${RASPAP_LATEST}"
echo -e "${green}"
echo -e "The Quick Installer will guide you through a few easy steps\n\n"
}
# Outputs a RaspAP Install log line
function install_log() {
function _install_log() {
echo -e "\033[1;32mRaspAP Install: $*\033[m"
}
# Outputs a RaspAP Install Error log line and exits with status code 1
function install_error() {
function _install_error() {
echo -e "\033[1;37;41mRaspAP Install Error: $*\033[m"
exit 1
}
# Outputs a RaspAP Warning line
function install_warning() {
function _install_warning() {
echo -e "\033[1;33mWarning: $*\033[m"
}
# Outputs a RaspAP divider
function install_divider() {
function _install_divider() {
echo -e "\033[1;32m***************************************************************$*\033[m"
}
function update_system_packages() {
install_log "Updating sources"
sudo apt-get update || install_error "Unable to update package list"
function _update_system_packages() {
_install_log "Updating sources"
sudo apt-get update || _install_error "Unable to update package list"
}
# Fetch required installer functions
@ -141,11 +147,11 @@ if [ "${install_cert:-}" = 1 ]; then
source="mkcert"
wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
install_certificate || install_error "Unable to install certificate"
_install_certificate || _install_error "Unable to install certificate"
else
source="common"
wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
install_raspap || install_error "Unable to install RaspAP"
_install_raspap || _install_error "Unable to install RaspAP"
fi

46
installers/servicestart.sh
View File

@ -1,12 +1,12 @@
#!/bin/bash
# When wireless client AP mode is enabled, this script handles starting
# When wireless client AP or Bridge mode is enabled, this script handles starting
# up network services in a specific order and timing to avoid race conditions.
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=raspap
NAME=raspapd
DESC="Service control for RaspAP"
CONFIGFILE="/etc/raspap/hostapd.ini"
DAEMONPATH="/lib/systemd/system/raspap.service"
DAEMONPATH="/lib/systemd/system/raspapd.service"
OPENVPNENABLED=$(pidof openvpn | wc -l)
positional=()
@ -22,21 +22,33 @@ case $key in
;;
-s|--seconds)
seconds="$2"
shift # past argument
shift # past value
shift
shift
;;
-a|--action)
action="$2"
shift
shift
;;
esac
done
set -- "${positional[@]}"
echo "Stopping network services..."
systemctl stop openvpn-client@client
if [ $OPENVPNENABLED -eq 1 ]; then
systemctl stop openvpn-client@client
fi
systemctl stop systemd-networkd
systemctl stop hostapd.service
systemctl stop dnsmasq.service
systemctl stop dhcpcd.service
if [ -f "$DAEMONPATH" ]; then
if [ "${action}" = "stop" ]; then
echo "Services stopped. Exiting."
exit 0
fi
if [ -f "$DAEMONPATH" ] && [ ! -z "$interface" ]; then
echo "Changing RaspAP Daemon --interface to $interface"
sed -i "s/\(--interface \)[[:alnum:]]*/\1$interface/" "$DAEMONPATH"
fi
@ -49,6 +61,9 @@ if [ -r "$CONFIGFILE" ]; then
if [ "${config[BridgedEnable]}" = 1 ]; then
if [ "${interface}" = "br0" ]; then
echo "Stopping systemd-networkd"
systemctl stop systemd-networkd
echo "Restarting eth0 interface..."
ip link set down eth0
ip link set up eth0
@ -64,14 +79,21 @@ if [ -r "$CONFIGFILE" ]; then
echo "Disabling systemd-networkd"
systemctl disable systemd-networkd
echo "Removing br0 interface..."
ip link set down br0
ip link del dev br0
ip link ls up | grep -q 'br0' &> /dev/null
if [ $? == 0 ]; then
echo "Removing br0 interface..."
ip link set down br0
ip link del dev br0
fi
if [ "${config[WifiAPEnable]}" = 1 ]; then
if [ "${interface}" = "uap0" ]; then
echo "Removing uap0 interface..."
iw dev uap0 del
ip link ls up | grep -q 'uap0' &> /dev/null
if [ $? == 0 ]; then
echo "Removing uap0 interface..."
iw dev uap0 del
fi
echo "Adding uap0 interface to ${config[WifiManaged]}"
iw dev ${config[WifiManaged]} interface add uap0 type __ap

Write Preview
Loading…
Cancel
Save