diff --git a/cmd/install.go b/cmd/install.go index 56f1c29..8536314 100644 --- a/cmd/install.go +++ b/cmd/install.go @@ -25,7 +25,7 @@ var installCmd = &cobra.Command{ pterm.Println() // Supported relay options - options := []string{"Khatru Pyramid", "strfry", "Khatru29", "strfry29", "WoT Relay"} + options := []string{khatru_pyramid.RelayName, strfry.RelayName, khatru29.RelayName, strfry29.RelayName, wot_relay.RelayName} // Use PTerm's interactive select feature to present the options to the user and capture their selection // The Show() method displays the options and waits for the user's input @@ -36,23 +36,23 @@ var installCmd = &cobra.Command{ var privKey string var pubKey string - if selectedRelayOption == "Khatru Pyramid" || selectedRelayOption == "WoT Relay" { + if selectedRelayOption == khatru_pyramid.RelayName || selectedRelayOption == wot_relay.RelayName { pterm.Println() pubKey, _ = pterm.DefaultInteractiveTextInput.Show("Public key (hex not npub)") - } else if selectedRelayOption == "Khatru29" || selectedRelayOption == "strfry29" { + } else if selectedRelayOption == khatru29.RelayName || selectedRelayOption == strfry29.RelayName { pterm.Println() privKeyInput := pterm.DefaultInteractiveTextInput.WithMask("*") privKey, _ = privKeyInput.Show("Private key (hex not nsec)") } var relayContact string - if selectedRelayOption == "Khatru Pyramid" || selectedRelayOption == "Khatru29" { + if selectedRelayOption == khatru_pyramid.RelayName || selectedRelayOption == khatru29.RelayName { pterm.Println() pterm.Println(pterm.Yellow("Leave email empty if you don't want to provide relay contact information.")) pterm.Println() relayContact, _ = pterm.DefaultInteractiveTextInput.Show("Email address") - } else if selectedRelayOption == "WoT Relay" { + } else if selectedRelayOption == wot_relay.RelayName { pterm.Println() pterm.Println(pterm.Yellow("If you leave the relay contact information empty, then the relay's public key will be used.")) @@ -70,7 +70,7 @@ var installCmd = &cobra.Command{ // Step 2: Configure the firewall network.ConfigureFirewall() - if selectedRelayOption == "Khatru Pyramid" { + if selectedRelayOption == khatru_pyramid.RelayName { // Step 3: Configure Nginx for HTTP khatru_pyramid.ConfigureNginxHttp(relayDomain) @@ -89,7 +89,7 @@ var installCmd = &cobra.Command{ // Step 8: Show success messages khatru_pyramid.SuccessMessages(relayDomain, httpsEnabled) - } else if selectedRelayOption == "strfry" { + } else if selectedRelayOption == strfry.RelayName { // Step 3: Configure Nginx for HTTP strfry.ConfigureNginxHttp(relayDomain) @@ -108,7 +108,7 @@ var installCmd = &cobra.Command{ // Step 8: Show success messages strfry.SuccessMessages(relayDomain, httpsEnabled) - } else if selectedRelayOption == "Khatru29" { + } else if selectedRelayOption == khatru29.RelayName { // Step 3: Configure Nginx for HTTP khatru29.ConfigureNginxHttp(relayDomain) @@ -127,7 +127,7 @@ var installCmd = &cobra.Command{ // Step 8: Show success messages khatru29.SuccessMessages(relayDomain, httpsEnabled) - } else if selectedRelayOption == "strfry29" { + } else if selectedRelayOption == strfry29.RelayName { // Step 3: Configure Nginx for HTTP strfry29.ConfigureNginxHttp(relayDomain) @@ -146,7 +146,7 @@ var installCmd = &cobra.Command{ // Step 8: Show success messages strfry29.SuccessMessages(relayDomain, httpsEnabled) - } else if selectedRelayOption == "WoT Relay" { + } else if selectedRelayOption == wot_relay.RelayName { // Step 3: Configure Nginx for HTTP wot_relay.ConfigureNginxHttp(relayDomain) diff --git a/cmd/root.go b/cmd/root.go index d64abfd..e9fb8d3 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -11,7 +11,7 @@ var rootCmd = &cobra.Command{ Use: "rwz", Short: "A wizard for Nostr relay runners", Long: `rwz is a CLI tool for Nostr relay operators that -helps install and configure your specified relay.`, +helps install and configure your relays.`, } // Execute adds all child commands to the root command and sets flags appropriately. diff --git a/pkg/network/certbot.go b/pkg/network/certbot.go index 284544a..a8b88bc 100644 --- a/pkg/network/certbot.go +++ b/pkg/network/certbot.go @@ -43,26 +43,24 @@ func GetCertificates(domainName string) bool { spinner, _ := pterm.DefaultSpinner.Start("Checking SSL/TLS certificates...") - certificatePath := fmt.Sprintf("/etc/letsencrypt/live/%s", domainName) - // Check if certificates already exist - if files.FileExists(fmt.Sprintf("%s/fullchain.pem", certificatePath)) && - files.FileExists(fmt.Sprintf("%s/privkey.pem", certificatePath)) && - files.FileExists(fmt.Sprintf("%s/chain.pem", certificatePath)) { + if files.FileExists(fmt.Sprintf("%s/%s/%s", CertificateDirPath, domainName, FullchainFile)) && + files.FileExists(fmt.Sprintf("%s/%s/%s", CertificateDirPath, domainName, PrivkeyFile)) && + files.FileExists(fmt.Sprintf("%s/%s/%s", CertificateDirPath, domainName, ChainFile)) { spinner.Info("SSL/TLS certificates already exist.") return true } spinner.UpdateText("Obtaining SSL/TLS certificates...") if email == "" { - cmd := exec.Command("certbot", "certonly", "--webroot", "-w", fmt.Sprintf("/var/www/%s", domainName), "-d", domainName, "--agree-tos", "--no-eff-email", "-q", "--register-unsafely-without-email") + cmd := exec.Command("certbot", "certonly", "--webroot", "-w", fmt.Sprintf("%s/%s", WWWDirPath, domainName), "-d", domainName, "--agree-tos", "--no-eff-email", "-q", "--register-unsafely-without-email") err := cmd.Run() if err != nil { pterm.Error.Println(fmt.Sprintf("Certbot failed to obtain the certificate for %s: %v", domainName, err)) os.Exit(1) } } else { - cmd := exec.Command("certbot", "certonly", "--webroot", "-w", fmt.Sprintf("/var/www/%s", domainName), "-d", domainName, "--email", email, "--agree-tos", "--no-eff-email", "-q") + cmd := exec.Command("certbot", "certonly", "--webroot", "-w", fmt.Sprintf("%s/%s", WWWDirPath, domainName), "-d", domainName, "--email", email, "--agree-tos", "--no-eff-email", "-q") err := cmd.Run() if err != nil { pterm.Error.Println(fmt.Sprintf("Certbot failed to obtain the certificate for %s: %v", domainName, err)) diff --git a/pkg/network/constants.go b/pkg/network/constants.go new file mode 100644 index 0000000..c78943c --- /dev/null +++ b/pkg/network/constants.go @@ -0,0 +1,8 @@ +package network + +const CertificateDirPath = "/etc/letsencrypt/live" +const FullchainFile = "fullchain.pem" +const PrivkeyFile = "privkey.pem" +const ChainFile = "chain.pem" +const WWWDirPath = "/var/www" +const AcmeChallengeDirPath = ".well-known/acme-challenge" diff --git a/pkg/relays/constants.go b/pkg/relays/constants.go index dc10537..ce50f17 100644 --- a/pkg/relays/constants.go +++ b/pkg/relays/constants.go @@ -1,3 +1,4 @@ package relays const BinaryDestDir = "/usr/local/bin" +const TmpDirPath = "/tmp" diff --git a/pkg/relays/khatru29/install.go b/pkg/relays/khatru29/install.go index a5f2b9b..fd4c553 100644 --- a/pkg/relays/khatru29/install.go +++ b/pkg/relays/khatru29/install.go @@ -16,7 +16,7 @@ func InstallRelayBinary() { tmpFileName := filepath.Base(DownloadURL) // Temporary file path - tmpFilePath := fmt.Sprintf("/tmp/%s", tmpFileName) + tmpFilePath := fmt.Sprintf("%s/%s", relays.TmpDirPath, tmpFileName) // Check if the temporary file exists and remove it if it does files.RemoveFile(tmpFilePath) diff --git a/pkg/relays/khatru29/nginx_http.go b/pkg/relays/khatru29/nginx_http.go index 438ea01..55c5ebb 100644 --- a/pkg/relays/khatru29/nginx_http.go +++ b/pkg/relays/khatru29/nginx_http.go @@ -2,6 +2,7 @@ package khatru29 import ( "fmt" + "github.com/nodetec/rwz/pkg/network" "github.com/nodetec/rwz/pkg/utils/directories" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" @@ -14,7 +15,7 @@ func ConfigureNginxHttp(domainName string) { files.RemoveFile(NginxConfigFilePath) - directories.CreateDirectory(fmt.Sprintf("/var/www/%s/.well-known/acme-challenge/", domainName), 0755) + directories.CreateDirectory(fmt.Sprintf("%s/%s/%s/", network.WWWDirPath, domainName, network.AcmeChallengeDirPath), 0755) configContent := fmt.Sprintf(`map $http_upgrade $connection_upgrade { default upgrade; @@ -25,14 +26,13 @@ upstream websocket_khatru29 { server 0.0.0.0:5577; } -# %s server { listen 80; listen [::]:80; server_name %s; - location /.well-known/acme-challenge/ { - root /var/www/%s; + location /%s/ { + root %s/%s; allow all; } @@ -79,7 +79,7 @@ server { return 301 http://%s$request_uri; } } -`, domainName, domainName, domainName, domainName, domainName) +`, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) diff --git a/pkg/relays/khatru29/nginx_https.go b/pkg/relays/khatru29/nginx_https.go index c048fa8..681eb25 100644 --- a/pkg/relays/khatru29/nginx_https.go +++ b/pkg/relays/khatru29/nginx_https.go @@ -2,6 +2,7 @@ package khatru29 import ( "fmt" + "github.com/nodetec/rwz/pkg/network" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" "github.com/pterm/pterm" @@ -27,7 +28,7 @@ server { listen [::]:443 ssl http2; server_name %s; - root /var/www/%s; + root %s/%s; location / { # First attempt to serve request as file, then @@ -48,10 +49,10 @@ server { # Test configuration: # https://www.ssllabs.com/ssltest/analyze.html # https://cryptcheck.fr/ - ssl_certificate /etc/letsencrypt/live/%s/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/%s/privkey.pem; + ssl_certificate %s/%s/%s; + ssl_certificate_key %s/%s/%s; # Verify chain of trust of OCSP response using Root CA and Intermediate certs - ssl_trusted_certificate /etc/letsencrypt/live/%s/chain.pem; + ssl_trusted_certificate %s/%s/%s; # TODO # Add support to generate the file in the script @@ -109,8 +110,8 @@ server { listen [::]:80; server_name %s; - location /.well-known/acme-challenge/ { - root /var/www/%s; + location /%s/ { + root %s/%s; allow all; } @@ -118,7 +119,7 @@ server { return 301 https://%s$request_uri; } } -`, domainName, domainName, domainName, domainName, domainName, domainName, domainName, domainName) +`, domainName, network.WWWDirPath, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) diff --git a/pkg/relays/khatru_pyramid/install.go b/pkg/relays/khatru_pyramid/install.go index 01c1de6..eede454 100644 --- a/pkg/relays/khatru_pyramid/install.go +++ b/pkg/relays/khatru_pyramid/install.go @@ -16,7 +16,7 @@ func InstallRelayBinary() { tmpFileName := filepath.Base(DownloadURL) // Temporary file path - tmpFilePath := fmt.Sprintf("/tmp/%s", tmpFileName) + tmpFilePath := fmt.Sprintf("%s/%s", relays.TmpDirPath, tmpFileName) // Check if the temporary file exists and remove it if it does files.RemoveFile(tmpFilePath) diff --git a/pkg/relays/khatru_pyramid/nginx_http.go b/pkg/relays/khatru_pyramid/nginx_http.go index 894d038..92e9816 100644 --- a/pkg/relays/khatru_pyramid/nginx_http.go +++ b/pkg/relays/khatru_pyramid/nginx_http.go @@ -2,6 +2,7 @@ package khatru_pyramid import ( "fmt" + "github.com/nodetec/rwz/pkg/network" "github.com/nodetec/rwz/pkg/utils/directories" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" @@ -14,7 +15,7 @@ func ConfigureNginxHttp(domainName string) { files.RemoveFile(NginxConfigFilePath) - directories.CreateDirectory(fmt.Sprintf("/var/www/%s/.well-known/acme-challenge/", domainName), 0755) + directories.CreateDirectory(fmt.Sprintf("%s/%s/%s/", network.WWWDirPath, domainName, network.AcmeChallengeDirPath), 0755) configContent := fmt.Sprintf(`map $http_upgrade $connection_upgrade { default upgrade; @@ -25,14 +26,13 @@ upstream websocket_khatru_pyramid { server 0.0.0.0:3335; } -# %s server { listen 80; listen [::]:80; server_name %s; - location /.well-known/acme-challenge/ { - root /var/www/%s; + location /%s/ { + root %s/%s; allow all; } @@ -79,7 +79,7 @@ server { return 301 http://%s$request_uri; } } -`, domainName, domainName, domainName, domainName, domainName) +`, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) diff --git a/pkg/relays/khatru_pyramid/nginx_https.go b/pkg/relays/khatru_pyramid/nginx_https.go index acb66c3..c4be057 100644 --- a/pkg/relays/khatru_pyramid/nginx_https.go +++ b/pkg/relays/khatru_pyramid/nginx_https.go @@ -2,6 +2,7 @@ package khatru_pyramid import ( "fmt" + "github.com/nodetec/rwz/pkg/network" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" "github.com/pterm/pterm" @@ -27,7 +28,7 @@ server { listen [::]:443 ssl http2; server_name %s; - root /var/www/%s; + root %s/%s; location / { # First attempt to serve request as file, then @@ -48,10 +49,10 @@ server { # Test configuration: # https://www.ssllabs.com/ssltest/analyze.html # https://cryptcheck.fr/ - ssl_certificate /etc/letsencrypt/live/%s/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/%s/privkey.pem; + ssl_certificate %s/%s/%s; + ssl_certificate_key %s/%s/%s; # Verify chain of trust of OCSP response using Root CA and Intermediate certs - ssl_trusted_certificate /etc/letsencrypt/live/%s/chain.pem; + ssl_trusted_certificate %s/%s/%s; # TODO # Add support to generate the file in the script @@ -109,8 +110,8 @@ server { listen [::]:80; server_name %s; - location /.well-known/acme-challenge/ { - root /var/www/%s; + location /%s/ { + root %s/%s; allow all; } @@ -118,7 +119,7 @@ server { return 301 https://%s$request_uri; } } -`, domainName, domainName, domainName, domainName, domainName, domainName, domainName, domainName) +`, domainName, network.WWWDirPath, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) diff --git a/pkg/relays/strfry/install.go b/pkg/relays/strfry/install.go index 66c5a47..89391b7 100644 --- a/pkg/relays/strfry/install.go +++ b/pkg/relays/strfry/install.go @@ -25,7 +25,7 @@ func InstallRelayBinary() { tmpFileName := filepath.Base(DownloadURL) // Temporary file path - tmpFilePath := fmt.Sprintf("/tmp/%s", tmpFileName) + tmpFilePath := fmt.Sprintf("%s/%s", relays.TmpDirPath, tmpFileName) // Check if the temporary file exists and remove it if it does files.RemoveFile(tmpFilePath) diff --git a/pkg/relays/strfry/nginx_http.go b/pkg/relays/strfry/nginx_http.go index 74845cd..3eeab2b 100644 --- a/pkg/relays/strfry/nginx_http.go +++ b/pkg/relays/strfry/nginx_http.go @@ -2,6 +2,7 @@ package strfry import ( "fmt" + "github.com/nodetec/rwz/pkg/network" "github.com/nodetec/rwz/pkg/utils/directories" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" @@ -14,16 +15,15 @@ func ConfigureNginxHttp(domainName string) { files.RemoveFile(NginxConfigFilePath) - directories.CreateDirectory(fmt.Sprintf("/var/www/%s/.well-known/acme-challenge/", domainName), 0755) + directories.CreateDirectory(fmt.Sprintf("%s/%s/%s/", network.WWWDirPath, domainName, network.AcmeChallengeDirPath), 0755) - configContent := fmt.Sprintf(`# %s -server { + configContent := fmt.Sprintf(`server { listen 80; listen [::]:80; server_name %s; - location /.well-known/acme-challenge/ { - root /var/www/%s; + location /%s/ { + root %s/%s; allow all; } @@ -70,7 +70,7 @@ server { return 301 http://%s$request_uri; } } -`, domainName, domainName, domainName, domainName, domainName) +`, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) diff --git a/pkg/relays/strfry/nginx_https.go b/pkg/relays/strfry/nginx_https.go index 3f953a4..e8e9c74 100644 --- a/pkg/relays/strfry/nginx_https.go +++ b/pkg/relays/strfry/nginx_https.go @@ -2,6 +2,7 @@ package strfry import ( "fmt" + "github.com/nodetec/rwz/pkg/network" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" "github.com/pterm/pterm" @@ -18,7 +19,7 @@ func ConfigureNginxHttps(domainName string) { listen [::]:443 ssl http2; server_name %s; - root /var/www/%s; + root %s/%s; location / { # First attempt to serve request as file, then @@ -39,10 +40,10 @@ func ConfigureNginxHttps(domainName string) { # Test configuration: # https://www.ssllabs.com/ssltest/analyze.html # https://cryptcheck.fr/ - ssl_certificate /etc/letsencrypt/live/%s/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/%s/privkey.pem; + ssl_certificate %s/%s/%s; + ssl_certificate_key %s/%s/%s; # Verify chain of trust of OCSP response using Root CA and Intermediate certs - ssl_trusted_certificate /etc/letsencrypt/live/%s/chain.pem; + ssl_trusted_certificate %s/%s/%s; # TODO # Add support to generate the file in the script @@ -100,8 +101,8 @@ server { listen [::]:80; server_name %s; - location /.well-known/acme-challenge/ { - root /var/www/%s; + location /%s/ { + root %s/%s; allow all; } @@ -109,7 +110,7 @@ server { return 301 https://%s$request_uri; } } -`, domainName, domainName, domainName, domainName, domainName, domainName, domainName, domainName) +`, domainName, network.WWWDirPath, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) diff --git a/pkg/relays/strfry29/install.go b/pkg/relays/strfry29/install.go index bff5394..889b2b5 100644 --- a/pkg/relays/strfry29/install.go +++ b/pkg/relays/strfry29/install.go @@ -25,7 +25,7 @@ func InstallRelayBinary() { tmpFileName := filepath.Base(DownloadURL) // Temporary file path - tmpFilePath := fmt.Sprintf("/tmp/%s", tmpFileName) + tmpFilePath := fmt.Sprintf("%s/%s", relays.TmpDirPath, tmpFileName) // Check if the temporary file exists and remove it if it does files.RemoveFile(tmpFilePath) @@ -40,7 +40,7 @@ func InstallRelayBinary() { tmpFileName = filepath.Base(BinaryPluginDownloadURL) // Temporary file path - tmpFilePath = fmt.Sprintf("/tmp/%s", tmpFileName) + tmpFilePath = fmt.Sprintf("%s/%s", relays.TmpDirPath, tmpFileName) // Check if the temporary file exists and remove it if it does files.RemoveFile(tmpFilePath) diff --git a/pkg/relays/strfry29/nginx_http.go b/pkg/relays/strfry29/nginx_http.go index 42c462e..d0b3c46 100644 --- a/pkg/relays/strfry29/nginx_http.go +++ b/pkg/relays/strfry29/nginx_http.go @@ -2,6 +2,7 @@ package strfry29 import ( "fmt" + "github.com/nodetec/rwz/pkg/network" "github.com/nodetec/rwz/pkg/utils/directories" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" @@ -14,16 +15,15 @@ func ConfigureNginxHttp(domainName string) { files.RemoveFile(NginxConfigFilePath) - directories.CreateDirectory(fmt.Sprintf("/var/www/%s/.well-known/acme-challenge/", domainName), 0755) + directories.CreateDirectory(fmt.Sprintf("%s/%s/%s/", network.WWWDirPath, domainName, network.AcmeChallengeDirPath), 0755) - configContent := fmt.Sprintf(`# %s -server { + configContent := fmt.Sprintf(`server { listen 80; listen [::]:80; server_name %s; - location /.well-known/acme-challenge/ { - root /var/www/%s; + location /%s/ { + root %s/%s; allow all; } @@ -70,7 +70,7 @@ server { return 301 http://%s$request_uri; } } -`, domainName, domainName, domainName, domainName, domainName) +`, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) diff --git a/pkg/relays/strfry29/nginx_https.go b/pkg/relays/strfry29/nginx_https.go index 6ebe537..3a19bf8 100644 --- a/pkg/relays/strfry29/nginx_https.go +++ b/pkg/relays/strfry29/nginx_https.go @@ -2,6 +2,7 @@ package strfry29 import ( "fmt" + "github.com/nodetec/rwz/pkg/network" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" "github.com/pterm/pterm" @@ -18,7 +19,7 @@ func ConfigureNginxHttps(domainName string) { listen [::]:443 ssl http2; server_name %s; - root /var/www/%s; + root %s/%s; location / { # First attempt to serve request as file, then @@ -39,10 +40,10 @@ func ConfigureNginxHttps(domainName string) { # Test configuration: # https://www.ssllabs.com/ssltest/analyze.html # https://cryptcheck.fr/ - ssl_certificate /etc/letsencrypt/live/%s/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/%s/privkey.pem; + ssl_certificate %s/%s/%s; + ssl_certificate_key %s/%s/%s; # Verify chain of trust of OCSP response using Root CA and Intermediate certs - ssl_trusted_certificate /etc/letsencrypt/live/%s/chain.pem; + ssl_trusted_certificate %s/%s/%s; # TODO # Add support to generate the file in the script @@ -100,8 +101,8 @@ server { listen [::]:80; server_name %s; - location /.well-known/acme-challenge/ { - root /var/www/%s; + location /%s/ { + root %s/%s; allow all; } @@ -109,7 +110,7 @@ server { return 301 https://%s$request_uri; } } -`, domainName, domainName, domainName, domainName, domainName, domainName, domainName, domainName) +`, domainName, network.WWWDirPath, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) diff --git a/pkg/relays/wot_relay/install.go b/pkg/relays/wot_relay/install.go index fd24e55..56994c1 100644 --- a/pkg/relays/wot_relay/install.go +++ b/pkg/relays/wot_relay/install.go @@ -16,7 +16,7 @@ func InstallRelayBinary() { tmpFileName := filepath.Base(DownloadURL) // Temporary file path - tmpFilePath := fmt.Sprintf("/tmp/%s", tmpFileName) + tmpFilePath := fmt.Sprintf("%s/%s", relays.TmpDirPath, tmpFileName) // Check if the temporary file exists and remove it if it does files.RemoveFile(tmpFilePath) diff --git a/pkg/relays/wot_relay/nginx_http.go b/pkg/relays/wot_relay/nginx_http.go index 5d648f8..9c806ca 100644 --- a/pkg/relays/wot_relay/nginx_http.go +++ b/pkg/relays/wot_relay/nginx_http.go @@ -2,6 +2,7 @@ package wot_relay import ( "fmt" + "github.com/nodetec/rwz/pkg/network" "github.com/nodetec/rwz/pkg/utils/directories" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" @@ -14,7 +15,7 @@ func ConfigureNginxHttp(domainName string) { files.RemoveFile(NginxConfigFilePath) - directories.CreateDirectory(fmt.Sprintf("/var/www/%s/.well-known/acme-challenge/", domainName), 0755) + directories.CreateDirectory(fmt.Sprintf("%s/%s/%s/", network.WWWDirPath, domainName, network.AcmeChallengeDirPath), 0755) configContent := fmt.Sprintf(`map $http_upgrade $connection_upgrade { default upgrade; @@ -25,14 +26,13 @@ upstream websocket_wot_relay { server localhost:3334; } -# %s server { listen 80; listen [::]:80; server_name %s; - location /.well-known/acme-challenge/ { - root /var/www/%s; + location /%s/ { + root %s/%s; allow all; } @@ -81,7 +81,7 @@ server { return 301 http://%s$request_uri; } } -`, domainName, domainName, domainName, domainName, domainName) +`, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) diff --git a/pkg/relays/wot_relay/nginx_https.go b/pkg/relays/wot_relay/nginx_https.go index 28db8f0..9dde160 100644 --- a/pkg/relays/wot_relay/nginx_https.go +++ b/pkg/relays/wot_relay/nginx_https.go @@ -2,6 +2,7 @@ package wot_relay import ( "fmt" + "github.com/nodetec/rwz/pkg/network" "github.com/nodetec/rwz/pkg/utils/files" "github.com/nodetec/rwz/pkg/utils/systemd" "github.com/pterm/pterm" @@ -27,7 +28,7 @@ server { listen [::]:443 ssl http2; server_name %s; - root /var/www/%s; + root %s/%s; location / { # First attempt to serve request as file, then @@ -50,10 +51,10 @@ server { # Test configuration: # https://www.ssllabs.com/ssltest/analyze.html # https://cryptcheck.fr/ - ssl_certificate /etc/letsencrypt/live/%s/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/%s/privkey.pem; + ssl_certificate %s/%s/%s; + ssl_certificate_key %s/%s/%s; # Verify chain of trust of OCSP response using Root CA and Intermediate certs - ssl_trusted_certificate /etc/letsencrypt/live/%s/chain.pem; + ssl_trusted_certificate %s/%s/%s; # TODO # Add support to generate the file in the script @@ -111,8 +112,8 @@ server { listen [::]:80; server_name %s; - location /.well-known/acme-challenge/ { - root /var/www/%s; + location /%s/ { + root %s/%s; allow all; } @@ -120,7 +121,7 @@ server { return 301 https://%s$request_uri; } } -`, domainName, domainName, domainName, domainName, domainName, domainName, domainName, domainName) +`, domainName, network.WWWDirPath, domainName, network.CertificateDirPath, domainName, network.FullchainFile, network.CertificateDirPath, domainName, network.PrivkeyFile, network.CertificateDirPath, domainName, network.ChainFile, domainName, network.AcmeChallengeDirPath, network.WWWDirPath, domainName, domainName) files.WriteFile(NginxConfigFilePath, configContent, 0644) diff --git a/pkg/utils/systemd/utils.go b/pkg/utils/systemd/utils.go index 41bcf01..c719f4f 100644 --- a/pkg/utils/systemd/utils.go +++ b/pkg/utils/systemd/utils.go @@ -3,7 +3,6 @@ package systemd import ( "fmt" "github.com/pterm/pterm" - "log" "os" "os/exec" "text/template" @@ -75,9 +74,8 @@ func CreateServiceFile(serviceFilePath, serviceTemplate string) { func Reload() { err := exec.Command("systemctl", "daemon-reload").Run() if err != nil { - log.Fatalf("Error reloading systemd daemon: %v", err) pterm.Println() - pterm.Error.Println(fmt.Sprintf("Failed to execute service template: %v", err)) + pterm.Error.Println(fmt.Sprintf("Failed to reload systemd daemon: %v", err)) os.Exit(1) } }