Merge branch 'master' into feature/notracking

This commit is contained in:
Bill Zimmerman 2020-04-01 00:28:22 +02:00 committed by GitHub
commit 8fd1677974
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 495 additions and 335 deletions

View file

@ -1,5 +1,5 @@
![](https://i.imgur.com/xeKD93p.png) ![](https://i.imgur.com/xeKD93p.png)
[![Release 2.3](https://img.shields.io/badge/Release-2.3-green.svg)](https://github.com/billz/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/billz/raspap-webgui/](https://img.shields.io/travis/com/billz/raspap-webgui/master) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/) [![Release 2.3.1](https://img.shields.io/badge/Release-2.3.1-green.svg)](https://github.com/billz/raspap-webgui/releases) [![Awesome](https://awesome.re/badge.svg)](https://github.com/thibmaek/awesome-raspberry-pi) [![Financial Contributors on Open Collective](https://opencollective.com/raspap/all/badge.svg?label=financial+contributors)](https://opencollective.com/raspap) ![https://travis-ci.com/billz/raspap-webgui/](https://img.shields.io/travis/com/billz/raspap-webgui/master) [![Twitter URL](https://img.shields.io/twitter/url?label=%40RaspAP&logoColor=%23d8224c&url=https%3A%2F%2Ftwitter.com%2Frasp_ap)](https://twitter.com/rasp_ap) [![Subreddit subscribers](https://img.shields.io/reddit/subreddit-subscribers/RaspAP?style=social)](https://www.reddit.com/r/RaspAP/)
RaspAP lets you quickly get a WiFi access point up and running to share the internet connectivity of a Raspberry Pi. Our famous [Quick installer](#quick-installer) creates a known-good default configuration that "just works" on all current Raspberry Pis with onboard wireless. A handsome responsive interface gives you control over the relevant services and networking options. OpenVPN client support, SSL, security audits, themes and multilingual options round out the package. RaspAP lets you quickly get a WiFi access point up and running to share the internet connectivity of a Raspberry Pi. Our famous [Quick installer](#quick-installer) creates a known-good default configuration that "just works" on all current Raspberry Pis with onboard wireless. A handsome responsive interface gives you control over the relevant services and networking options. OpenVPN client support, SSL, security audits, themes and multilingual options round out the package.
@ -21,6 +21,7 @@ We hope you enjoy using RaspAP as much as we do creating it. Tell us how you use
- [Support us](#support-us) - [Support us](#support-us)
- [Manual installation](#manual-installation) - [Manual installation](#manual-installation)
- [802.11ac 5GHz support](#80211ac-5ghz-support) - [802.11ac 5GHz support](#80211ac-5ghz-support)
- [Supported operating systems](#supported-operating-systems)
- [Multilingual support](#multilingual-support) - [Multilingual support](#multilingual-support)
- [HTTPS support](#https-support) - [HTTPS support](#https-support)
- [OpenVPN support](#openvpn-support) - [OpenVPN support](#openvpn-support)
@ -86,6 +87,20 @@ Detailed manual setup instructions are provided [on our wiki](https://github.com
## 802.11ac 5GHz support ## 802.11ac 5GHz support
RaspAP provides an 802.11ac wireless mode option for supported hardware (currently the RPi 3B+/4) and wireless regulatory domains. See [this FAQ](https://github.com/billz/raspap-webgui/wiki/FAQs#80211ac) for more information. RaspAP provides an 802.11ac wireless mode option for supported hardware (currently the RPi 3B+/4) and wireless regulatory domains. See [this FAQ](https://github.com/billz/raspap-webgui/wiki/FAQs#80211ac) for more information.
## Supported operating systems
RaspAP was originally made for Raspbian, but now also installs on the following Debian-based distros.
| Distribution | Release | Architecture | Support |
|---|:---:|:---:|:---:|
| Raspbian | Buster | ARM | Official |
| Armbian | Buster | [ARM](https://docs.armbian.com/#supported-chips) | Official |
| Debian | Buster | ARM / x86_64 | Beta |
| Ubuntu | 18.04 LTS / 19.10 | ARM / x86_64 | Beta |
![](https://i.imgur.com/luiyYNw.png)
We find Armbian particularly well-suited for this project. Please note that "supported" is not a guarantee. If you are able to improve support for your preferred distro, we encourage you to [actively contribute](#how-to-contribute) to the project.
## Multilingual support ## Multilingual support
RaspAP uses [GNU Gettext](https://www.gnu.org/software/gettext/) to manage multilingual messages. In order to use RaspAP with one of our supported translations, you must configure a corresponding language package on your RPi. To list languages currently installed on your system, use `locale -a` at the shell prompt. To generate new locales, run `sudo dpkg-reconfigure locales` and select any other desired locales. Details are provided on our [wiki](https://github.com/billz/raspap-webgui/wiki/Translations#raspap-in-your-language). RaspAP uses [GNU Gettext](https://www.gnu.org/software/gettext/) to manage multilingual messages. In order to use RaspAP with one of our supported translations, you must configure a corresponding language package on your RPi. To list languages currently installed on your system, use `locale -a` at the shell prompt. To generate new locales, run `sudo dpkg-reconfigure locales` and select any other desired locales. Details are provided on our [wiki](https://github.com/billz/raspap-webgui/wiki/Translations#raspap-in-your-language).

View file

@ -1,6 +1,6 @@
<?php <?php
define('RASPI_VERSION', '2.3'); define('RASPI_VERSION', '2.3.1');
define('RASPI_CONFIG', '/etc/raspap'); define('RASPI_CONFIG', '/etc/raspap');
define('RASPI_CONFIG_NETWORKING', RASPI_CONFIG.'/networking'); define('RASPI_CONFIG_NETWORKING', RASPI_CONFIG.'/networking');
define('RASPI_ADMIN_DETAILS', RASPI_CONFIG.'/raspap.auth'); define('RASPI_ADMIN_DETAILS', RASPI_CONFIG.'/raspap.auth');
@ -9,7 +9,7 @@ define('RASPI_CACHE_PATH', sys_get_temp_dir() . '/raspap');
// Constants for configuration file paths. // Constants for configuration file paths.
// These are typical for default RPi installs. Modify if needed. // These are typical for default RPi installs. Modify if needed.
define('RASPI_DNSMASQ_CONFIG', '/etc/dnsmasq.conf'); define('RASPI_DNSMASQ_CONFIG', '/etc/dnsmasq.d/090_raspap.conf');
define('RASPI_DNSMASQ_LEASES', '/var/lib/misc/dnsmasq.leases'); define('RASPI_DNSMASQ_LEASES', '/var/lib/misc/dnsmasq.leases');
define('RASPI_ADBLOCK_LISTPATH', '/etc/raspap/adblock/'); define('RASPI_ADBLOCK_LISTPATH', '/etc/raspap/adblock/');
define('RASPI_ADBLOCK_CONFIG', '/etc/dnsmasq.d/090_adblock.conf'); define('RASPI_ADBLOCK_CONFIG', '/etc/dnsmasq.d/090_adblock.conf');
@ -32,7 +32,7 @@ define('RASPI_WIFICLIENT_ENABLED', true);
define('RASPI_HOTSPOT_ENABLED', true); define('RASPI_HOTSPOT_ENABLED', true);
define('RASPI_NETWORK_ENABLED', true); define('RASPI_NETWORK_ENABLED', true);
define('RASPI_DHCP_ENABLED', true); define('RASPI_DHCP_ENABLED', true);
define('RASPI_ADBLOCK_ENABLED', true); define('RASPI_ADBLOCK_ENABLED', false);
define('RASPI_OPENVPN_ENABLED', false); define('RASPI_OPENVPN_ENABLED', false);
define('RASPI_TORPROXY_ENABLED', false); define('RASPI_TORPROXY_ENABLED', false);
define('RASPI_CONFAUTH_ENABLED', true); define('RASPI_CONFAUTH_ENABLED', true);

View file

@ -5,7 +5,7 @@ if (!defined('RASPI_CONFIG')) {
} }
$defaults = [ $defaults = [
'RASPI_VERSION' => '2.3', 'RASPI_VERSION' => '2.3.1',
'RASPI_CONFIG_NETWORKING' => RASPI_CONFIG.'/networking', 'RASPI_CONFIG_NETWORKING' => RASPI_CONFIG.'/networking',
'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth', 'RASPI_ADMIN_DETAILS' => RASPI_CONFIG.'/raspap.auth',
'RASPI_WIFI_CLIENT_INTERFACE' => 'wlan0', 'RASPI_WIFI_CLIENT_INTERFACE' => 'wlan0',
@ -33,7 +33,7 @@ $defaults = [
'RASPI_HOTSPOT_ENABLED' => true, 'RASPI_HOTSPOT_ENABLED' => true,
'RASPI_NETWORK_ENABLED' => true, 'RASPI_NETWORK_ENABLED' => true,
'RASPI_DHCP_ENABLED' => true, 'RASPI_DHCP_ENABLED' => true,
'RASPI_ADBLOCK_ENABLED' => true, 'RASPI_ADBLOCK_ENABLED' => false,
'RASPI_OPENVPN_ENABLED' => false, 'RASPI_OPENVPN_ENABLED' => false,
'RASPI_TORPROXY_ENABLED' => false, 'RASPI_TORPROXY_ENABLED' => false,
'RASPI_CONFAUTH_ENABLED' => true, 'RASPI_CONFAUTH_ENABLED' => true,

View file

@ -13,7 +13,7 @@
* @author Lawrence Yau <sirlagz@gmail.com> * @author Lawrence Yau <sirlagz@gmail.com>
* @author Bill Zimmerman <billzimmerman@gmail.com> * @author Bill Zimmerman <billzimmerman@gmail.com>
* @license GNU General Public License, version 3 (GPL-3.0) * @license GNU General Public License, version 3 (GPL-3.0)
* @version 2.3 * @version 2.3.1
* @link https://github.com/billz/raspap-webgui * @link https://github.com/billz/raspap-webgui
* @see http://sirlagz.net/2013/02/08/raspap-webgui/ * @see http://sirlagz.net/2013/02/08/raspap-webgui/
*/ */

View file

@ -1,54 +1,48 @@
#!/bin/bash #!/bin/bash
# #
# RaspAP installation functions. # RaspAP installation functions
# author: @billz # Author: @billz <billzimmerman@gmail.com>
# license: GNU General Public License v3.0 # License: GNU General Public License v3.0
#
# You are not obligated to bundle the LICENSE file with your RaspAP projects as long
# as you leave these references intact in the header comments of your source files.
raspap_dir="/etc/raspap" # Exit on error
raspap_user="www-data" set -o errexit
# Exit on error inside functions
set -o errtrace
# Turn on traces, disabled by default
# set -o xtrace
# Set defaults
readonly raspap_dir="/etc/raspap"
readonly raspap_user="www-data"
readonly raspap_sudoers="/etc/sudoers.d/090_raspap"
readonly raspap_dnsmasq="/etc/dnsmasq.d/090_raspap.conf"
readonly raspap_sysctl="/etc/sysctl.d/90_raspap.conf"
readonly rulesv4="/etc/iptables/rules.v4"
webroot_dir="/var/www/html" webroot_dir="/var/www/html"
version=`sed 's/\..*//' /etc/debian_version`
git_source_url="https://github.com/$repo" # $repo from install.raspap.com git_source_url="https://github.com/$repo" # $repo from install.raspap.com
# Determine Raspbian version, set default home location for lighttpd and # NOTE: all the below functions are overloadable for system-specific installs
# php package to install
if [ "$version" -eq "10" ]; then
version_msg="Raspbian 10.0 (Buster)"
php_package="php7.3-cgi"
elif [ "$version" -eq "9" ]; then
version_msg="Raspbian 9.0 (Stretch)"
php_package="php7.0-cgi"
elif [ "$version" -eq "8" ]; then
install_error "Raspbian 8.0 (Jessie) and php5 are deprecated. Please upgrade."
elif [ "$version" -lt "8" ]; then
install_error "Raspbian ${version} is unsupported. Please upgrade."
fi
phpcgiconf="" # Prompts user to set installation options
if [ "$php_package" = "php7.3-cgi" ]; then function _config_installation() {
phpcgiconf="/etc/php/7.3/cgi/php.ini" _install_log "Configure installation"
elif [ "$php_package" = "php7.0-cgi" ]; then _get_linux_distro
phpcgiconf="/etc/php/7.0/cgi/php.ini" echo "Detected OS: ${DESC}"
fi echo "Using GitHub repository: ${repo} ${branch} branch"
### NOTE: all the below functions are overloadable for system-specific installs
# Prompts user to set options for installation
function config_installation() {
install_log "Configure installation"
echo "Detected ${version_msg}"
echo "Install directory: ${raspap_dir}" echo "Install directory: ${raspap_dir}"
echo -n "Install to Lighttpd root directory: ${webroot_dir}? [Y/n]: " echo -n "Install to lighttpd root: ${webroot_dir}? [Y/n]: "
if [ "$assume_yes" == 0 ]; then if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then if [ "$answer" != "${answer#[Nn]}" ]; then
read -e -p < /dev/tty "Enter alternate Lighttpd directory: " -i "/var/www/html" webroot_dir read -e -p < /dev/tty "Enter alternate lighttpd directory: " -i "/var/www/html" webroot_dir
fi fi
else else
echo -e echo -e
fi fi
echo "Install to Lighttpd directory: ${webroot_dir}" echo "Installing to lighttpd directory: ${webroot_dir}"
echo -n "Complete installation with these values? [Y/n]: " echo -n "Complete installation with these values? [Y/n]: "
if [ "$assume_yes" == 0 ]; then if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty read answer < /dev/tty
@ -61,132 +55,230 @@ function config_installation() {
fi fi
} }
# Determines host Linux distrubtion details
function _get_linux_distro() {
if type lsb_release >/dev/null 2>&1; then # linuxbase.org
OS=$(lsb_release -si)
RELEASE=$(lsb_release -sr)
CODENAME=$(lsb_release -sc)
DESC=$(lsb_release -sd)
elif [ -f /etc/os-release ]; then # freedesktop.org
. /etc/os-release
OS=$ID
RELEASE=$VERSION_ID
CODENAME=$VERSION_CODENAME
DESC=$PRETTY_NAME
else
_install_error "Unsupported Linux distribution"
fi
}
# Sets php package option based on Linux version, abort if unsupported distro
function _set_php_package() {
case $RELEASE in
"18.04"|"19.10") # Ubuntu Server
php_package="php7.4-cgi"
phpcgiconf="/etc/php/7.4/cgi/php.ini" ;;
"10")
php_package="php7.3-cgi"
phpcgiconf="/etc/php/7.3/cgi/php.ini" ;;
"9")
php_package="php7.0-cgi"
phpcgiconf="/etc/php/7.0/cgi/php.ini" ;;
"8")
_install_error "${DESC} and php5 are not supported. Please upgrade." ;;
*)
_install_error "${DESC} is unsupported. Please install on a supported distro." ;;
esac
}
# Runs a system software update to make sure we're using all fresh packages # Runs a system software update to make sure we're using all fresh packages
function install_dependencies() { function _install_dependencies() {
install_log "Installing required packages" _install_log "Installing required packages"
sudo apt-get install $apt_option lighttpd $php_package git hostapd dnsmasq vnstat qrencode || install_error "Unable to install dependencies" _set_php_package
if [ "$php_package" = "php7.4-cgi" ]; then
echo "Adding apt-repository ppa:ondrej/php"
sudo apt-get install software-properties-common || _install_error "Unable to install dependency"
sudo add-apt-repository ppa:ondrej/php || _install_error "Unable to add-apt-repository ppa:ondrej/php"
fi
if [ ${OS,,} = "debian" ] || [ ${OS,,} = "ubuntu" ]; then
dhcpcd_package="dhcpcd5"
fi
# Set dconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections
sudo apt-get install $apt_option lighttpd git hostapd dnsmasq iptables-persistent $php_package $dhcpcd_package vnstat qrencode || _install_error "Unable to install dependencies"
} }
# Enables PHP for lighttpd and restarts service for settings to take effect # Enables PHP for lighttpd and restarts service for settings to take effect
function enable_php_lighttpd() { function _enable_php_lighttpd() {
install_log "Enabling PHP for lighttpd" _install_log "Enabling PHP for lighttpd"
sudo lighttpd-enable-mod fastcgi-php sudo lighttpd-enable-mod fastcgi-php
sudo service lighttpd force-reload sudo service lighttpd force-reload
sudo systemctl restart lighttpd.service || install_error "Unable to restart lighttpd" sudo systemctl restart lighttpd.service || _install_error "Unable to restart lighttpd"
} }
# Verifies existence and permissions of RaspAP directory # Verifies existence and permissions of RaspAP directory
function create_raspap_directories() { function _create_raspap_directories() {
install_log "Creating RaspAP directories" _install_log "Creating RaspAP directories"
if [ -d "$raspap_dir" ]; then if [ -d "$raspap_dir" ]; then
sudo mv $raspap_dir "$raspap_dir.`date +%F-%R`" || install_error "Unable to move old '$raspap_dir' out of the way" sudo mv $raspap_dir "$raspap_dir.`date +%F-%R`" || _install_error "Unable to move old '$raspap_dir' out of the way"
fi fi
sudo mkdir -p "$raspap_dir" || install_error "Unable to create directory '$raspap_dir'" sudo mkdir -p "$raspap_dir" || _install_error "Unable to create directory '$raspap_dir'"
# Create a directory for existing file backups. # Create a directory for existing file backups.
sudo mkdir -p "$raspap_dir/backups" sudo mkdir -p "$raspap_dir/backups"
# Create a directory to store networking configs # Create a directory to store networking configs
echo "Creating $raspap_dir/networking"
sudo mkdir -p "$raspap_dir/networking" sudo mkdir -p "$raspap_dir/networking"
# Copy existing dhcpcd.conf to use as base config # Copy existing dhcpcd.conf to use as base config
cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults echo "Adding /etc/dhcpcd.conf as base configuration"
cat /etc/dhcpcd.conf | sudo tee -a /etc/raspap/networking/defaults > /dev/null
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'" echo "Changing file ownership of $raspap_dir"
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_error "Unable to change file ownership for '$raspap_dir'"
} }
# Generate hostapd logging and service control scripts # Generate hostapd logging and service control scripts
function create_hostapd_scripts() { function _create_hostapd_scripts() {
install_log "Creating hostapd logging & control scripts" _install_log "Creating hostapd logging & control scripts"
sudo mkdir $raspap_dir/hostapd || install_error "Unable to create directory '$raspap_dir/hostapd'" sudo mkdir $raspap_dir/hostapd || _install_error "Unable to create directory '$raspap_dir/hostapd'"
# Move logging shell scripts # Move logging shell scripts
sudo cp "$webroot_dir/installers/"*log.sh "$raspap_dir/hostapd" || install_error "Unable to move logging scripts" sudo cp "$webroot_dir/installers/"*log.sh "$raspap_dir/hostapd" || _install_error "Unable to move logging scripts"
# Move service control shell scripts # Move service control shell scripts
sudo cp "$webroot_dir/installers/"service*.sh "$raspap_dir/hostapd" || install_error "Unable to move service control scripts" sudo cp "$webroot_dir/installers/"service*.sh "$raspap_dir/hostapd" || _install_error "Unable to move service control scripts"
# Make enablelog.sh and disablelog.sh not writable by www-data group. # Make enablelog.sh and disablelog.sh not writable by www-data group.
sudo chown -c root:"$raspap_user" "$raspap_dir/hostapd/"*.sh || install_error "Unable change owner and/or group" sudo chown -c root:"$raspap_user" "$raspap_dir/hostapd/"*.sh || _install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/hostapd/"*.sh || install_error "Unable to change file permissions" sudo chmod 750 "$raspap_dir/hostapd/"*.sh || _install_error "Unable to change file permissions"
} }
# Generate lighttpd service control scripts # Generate lighttpd service control scripts
function create_lighttpd_scripts() { function _create_lighttpd_scripts() {
install_log "Creating lighttpd control scripts" _install_log "Creating lighttpd control scripts"
sudo mkdir $raspap_dir/lighttpd || install_error "Unable to create directory '$raspap_dir/lighttpd" sudo mkdir $raspap_dir/lighttpd || _install_error "Unable to create directory '$raspap_dir/lighttpd"
# Move service control shell scripts # Move service control shell scripts
sudo cp "$webroot_dir/installers/"configport.sh "$raspap_dir/lighttpd" || install_error "Unable to move service control scripts" sudo cp "$webroot_dir/installers/"configport.sh "$raspap_dir/lighttpd" || _install_error "Unable to move service control scripts"
# Make configport.sh writable by www-data group # Make configport.sh writable by www-data group
sudo chown -c root:"$raspap_user" "$raspap_dir/lighttpd/"*.sh || install_error "Unable change owner and/or group" sudo chown -c root:"$raspap_user" "$raspap_dir/lighttpd/"*.sh || _install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/lighttpd/"*.sh || install_error "Unable to change file permissions" sudo chmod 750 "$raspap_dir/lighttpd/"*.sh || _install_error "Unable to change file permissions"
}
# Prompt to install adblock
function _prompt_install_adblock() {
if [ "$install_adblock" == 1 ]; then
_install_log "Configure ad blocking (Beta)"
echo -n "Download blocklists and enable ad blocking? [Y/n]: "
if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e
else
_install_adblock
fi
fi
fi
}
# Download notracking adblock lists and enable option
function _install_adblock() {
_install_log "Creating ad block base configuration (Beta)"
notracking_url="https://raw.githubusercontent.com/notracking/hosts-blocklists/master/"
if [ ! -d "$raspap_dir/adblock" ]; then
echo "Creating $raspap_dir/adblock"
sudo mkdir -p "$raspap_dir/adblock"
fi
if [ ! -f /tmp/hostnames.txt ]; then
echo "Fetching latest hostnames list"
wget ${notracking_url}hostnames.txt -O /tmp/hostnames.txt || _install_error "Unable to download notracking hostnames"
fi
if [ ! -f /tmp/domains.txt ]; then
echo "Fetching latest domains list"
wget ${notracking_url}domains.txt -O /tmp/domains.txt || _install_error "Unable to download notracking domains"
fi
echo "Adding blocklists to $raspap_dir/adblock"
sudo cp /tmp/hostnames.txt $raspap_dir/adblock || _install_error "Unable to move notracking hostnames"
sudo cp /tmp/domains.txt $raspap_dir/adblock || _install_error "Unable to move notracking domains"
echo "Moving and setting permissions for blocklist update script"
sudo cp "$webroot_dir/installers/"update_blocklist.sh "$raspap_dir/adblock" || _install_error "Unable to move blocklist update script"
# Make blocklists and update script writable by www-data group
sudo chown -c root:"$raspap_user" "$raspap_dir/adblock/"*.* || _install_error "Unable to change owner/group"
sudo chmod 750 "$raspap_dir/adblock/"*.sh || install_error "Unable to change file permissions"
echo "Enabling ad blocking management option"
sudo sed -i "s/\('RASPI_ADBLOCK_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_error "Unable to modify config.php"
echo "Done."
} }
# Prompt to install openvpn # Prompt to install openvpn
function prompt_install_openvpn() { function _prompt_install_openvpn() {
install_log "Setting up OpenVPN support (beta)" _install_log "Setting up OpenVPN support"
echo -n "Install OpenVPN and enable client configuration? [Y/n]: " echo -n "Install OpenVPN and enable client configuration? [Y/n]: "
if [ "$assume_yes" == 0 ]; then if [ "$assume_yes" == 0 ]; then
read answer < /dev/tty read answer < /dev/tty
if [ "$answer" != "${answer#[Nn]}" ]; then if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e echo -e
else else
install_openvpn _install_openvpn
fi fi
elif [ "$ovpn_option" == 1 ]; then elif [ "$ovpn_option" == 1 ]; then
install_openvpn _install_openvpn
fi fi
} }
# Install openvpn and enable client configuration option # Install openvpn and enable client configuration option
function install_openvpn() { function _install_openvpn() {
install_log "Installing OpenVPN and enabling client configuration" _install_log "Installing OpenVPN and enabling client configuration"
sudo apt-get install -y openvpn || install_error "Unable to install openvpn" sudo apt-get install -y openvpn || _install_error "Unable to install openvpn"
sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || install_error "Unable to modify config.php" sudo sed -i "s/\('RASPI_OPENVPN_ENABLED', \)false/\1true/g" "$webroot_dir/includes/config.php" || _install_error "Unable to modify config.php"
echo "Enabling openvpn-client service on boot" echo "Enabling openvpn-client service on boot"
sudo systemctl enable openvpn-client@client || install_error "Unable to enable openvpn-client daemon" sudo systemctl enable openvpn-client@client || _install_error "Unable to enable openvpn-client daemon"
create_openvpn_scripts || install_error "Unable to create openvpn control scripts" _create_openvpn_scripts || _install_error "Unable to create openvpn control scripts"
} }
# Generate openvpn logging and auth control scripts # Generate openvpn logging and auth control scripts
function create_openvpn_scripts() { function _create_openvpn_scripts() {
install_log "Creating OpenVPN control scripts" _install_log "Creating OpenVPN control scripts"
sudo mkdir $raspap_dir/openvpn || install_error "Unable to create directory '$raspap_dir/openvpn'" sudo mkdir $raspap_dir/openvpn || _install_error "Unable to create directory '$raspap_dir/openvpn'"
# Move service auth control shell scripts # Move service auth control shell scripts
sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || install_error "Unable to move auth control script" sudo cp "$webroot_dir/installers/"configauth.sh "$raspap_dir/openvpn" || _install_error "Unable to move auth control script"
# Make configauth.sh writable by www-data group # Make configauth.sh writable by www-data group
sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || install_error "Unable change owner and/or group" sudo chown -c root:"$raspap_user" "$raspap_dir/openvpn/"*.sh || _install_error "Unable change owner and/or group"
sudo chmod 750 "$raspap_dir/openvpn/"*.sh || install_error "Unable to change file permissions" sudo chmod 750 "$raspap_dir/openvpn/"*.sh || _install_error "Unable to change file permissions"
} }
# Fetches latest files from github to webroot # Fetches latest files from github to webroot
function download_latest_files() { function _download_latest_files() {
if [ ! -d "$webroot_dir" ]; then if [ ! -d "$webroot_dir" ]; then
sudo mkdir -p $webroot_dir || install_error "Unable to create new webroot directory" sudo mkdir -p $webroot_dir || _install_error "Unable to create new webroot directory"
fi fi
if [ -d "$webroot_dir" ]; then if [ -d "$webroot_dir" ]; then
sudo mv $webroot_dir "$webroot_dir.`date +%F-%R`" || install_error "Unable to remove old webroot directory" sudo mv $webroot_dir "$webroot_dir.`date +%F-%R`" || _install_error "Unable to remove old webroot directory"
fi fi
install_log "Cloning latest files from github" _install_log "Cloning latest files from github"
git clone --branch $branch --depth 1 $git_source_url /tmp/raspap-webgui || install_error "Unable to download files from github" git clone --branch $branch --depth 1 $git_source_url /tmp/raspap-webgui || _install_error "Unable to download files from github"
sudo mv /tmp/raspap-webgui $webroot_dir || install_error "Unable to move raspap-webgui to web root" sudo mv /tmp/raspap-webgui $webroot_dir || _install_error "Unable to move raspap-webgui to web root"
} }
# Sets files ownership in web root directory # Sets files ownership in web root directory
function change_file_ownership() { function _change_file_ownership() {
if [ ! -d "$webroot_dir" ]; then if [ ! -d "$webroot_dir" ]; then
install_error "Web root directory doesn't exist" _install_error "Web root directory doesn't exist"
fi fi
install_log "Changing file ownership in web root directory" _install_log "Changing file ownership in web root directory"
sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || install_error "Unable to change file ownership for '$webroot_dir'" sudo chown -R $raspap_user:$raspap_user "$webroot_dir" || _install_error "Unable to change file ownership for '$webroot_dir'"
} }
# Check for existing /etc/network/interfaces and /etc/hostapd/hostapd.conf files # Check for existing configuration files
function check_for_old_configs() { function _check_for_old_configs() {
if [ -f /etc/network/interfaces ]; then if [ -f /etc/network/interfaces ]; then
sudo cp /etc/network/interfaces "$raspap_dir/backups/interfaces.`date +%F-%R`" sudo cp /etc/network/interfaces "$raspap_dir/backups/interfaces.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/interfaces.`date +%F-%R`" "$raspap_dir/backups/interfaces" sudo ln -sf "$raspap_dir/backups/interfaces.`date +%F-%R`" "$raspap_dir/backups/interfaces"
@ -197,8 +289,8 @@ function check_for_old_configs() {
sudo ln -sf "$raspap_dir/backups/hostapd.conf.`date +%F-%R`" "$raspap_dir/backups/hostapd.conf" sudo ln -sf "$raspap_dir/backups/hostapd.conf.`date +%F-%R`" "$raspap_dir/backups/hostapd.conf"
fi fi
if [ -f /etc/dnsmasq.conf ]; then if [ -f $raspap_dnsmasq ]; then
sudo cp /etc/dnsmasq.conf "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`" sudo cp $raspap_dnsmasq "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`" "$raspap_dir/backups/dnsmasq.conf" sudo ln -sf "$raspap_dir/backups/dnsmasq.conf.`date +%F-%R`" "$raspap_dir/backups/dnsmasq.conf"
fi fi
@ -207,11 +299,6 @@ function check_for_old_configs() {
sudo ln -sf "$raspap_dir/backups/dhcpcd.conf.`date +%F-%R`" "$raspap_dir/backups/dhcpcd.conf" sudo ln -sf "$raspap_dir/backups/dhcpcd.conf.`date +%F-%R`" "$raspap_dir/backups/dhcpcd.conf"
fi fi
if [ -f /etc/rc.local ]; then
sudo cp /etc/rc.local "$raspap_dir/backups/rc.local.`date +%F-%R`"
sudo ln -sf "$raspap_dir/backups/rc.local.`date +%F-%R`" "$raspap_dir/backups/rc.local"
fi
for file in /etc/systemd/network/raspap-*.net*; do for file in /etc/systemd/network/raspap-*.net*; do
if [ -f "${file}" ]; then if [ -f "${file}" ]; then
filename=$(basename $file) filename=$(basename $file)
@ -222,58 +309,76 @@ function check_for_old_configs() {
} }
# Move configuration file to the correct location # Move configuration file to the correct location
function move_config_file() { function _move_config_file() {
if [ ! -d "$raspap_dir" ]; then if [ ! -d "$raspap_dir" ]; then
install_error "'$raspap_dir' directory doesn't exist" _install_error "'$raspap_dir' directory doesn't exist"
fi fi
install_log "Moving configuration file to '$raspap_dir'" _install_log "Moving configuration file to '$raspap_dir'"
sudo cp "$webroot_dir"/raspap.php "$raspap_dir" || install_error "Unable to move files to '$raspap_dir'" sudo cp "$webroot_dir"/raspap.php "$raspap_dir" || _install_error "Unable to move files to '$raspap_dir'"
sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || install_error "Unable to change file ownership for '$raspap_dir'" sudo chown -R $raspap_user:$raspap_user "$raspap_dir" || _install_error "Unable to change file ownership for '$raspap_dir'"
} }
# Set up default configuration # Set up default configuration
function default_configuration() { function _default_configuration() {
install_log "Setting up hostapd" _install_log "Applying default configuration to installed services"
if [ -f /etc/default/hostapd ]; then if [ -f /etc/default/hostapd ]; then
sudo mv /etc/default/hostapd /tmp/default_hostapd.old || install_error "Unable to remove old /etc/default/hostapd file" sudo mv /etc/default/hostapd /tmp/default_hostapd.old || _install_error "Unable to remove old /etc/default/hostapd file"
fi fi
sudo cp $webroot_dir/config/default_hostapd /etc/default/hostapd || install_error "Unable to move hostapd defaults file" sudo cp $webroot_dir/config/default_hostapd /etc/default/hostapd || _install_error "Unable to move hostapd defaults file"
sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || install_error "Unable to move hostapd configuration file" sudo cp $webroot_dir/config/hostapd.conf /etc/hostapd/hostapd.conf || _install_error "Unable to move hostapd configuration file"
sudo cp $webroot_dir/config/dnsmasq.conf /etc/dnsmasq.conf || install_error "Unable to move dnsmasq configuration file" sudo cp $webroot_dir/config/dnsmasq.conf $raspap_dnsmasq || _install_error "Unable to move dnsmasq configuration file"
sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || install_error "Unable to move dhcpcd configuration file" sudo cp $webroot_dir/config/dhcpcd.conf /etc/dhcpcd.conf || _install_error "Unable to move dhcpcd configuration file"
[ -d /etc/dnsmasq.d ] || sudo mkdir /etc/dnsmasq.d [ -d /etc/dnsmasq.d ] || sudo mkdir /etc/dnsmasq.d
sudo systemctl stop systemd-networkd sudo systemctl stop systemd-networkd
sudo systemctl disable systemd-networkd sudo systemctl disable systemd-networkd
sudo cp $webroot_dir/config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev || install_error "Unable to move br0 netdev file" sudo cp $webroot_dir/config/raspap-bridge-br0.netdev /etc/systemd/network/raspap-bridge-br0.netdev || _install_error "Unable to move br0 netdev file"
sudo cp $webroot_dir/config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network || install_error "Unable to move br0 member file" sudo cp $webroot_dir/config/raspap-br0-member-eth0.network /etc/systemd/network/raspap-br0-member-eth0.network || _install_error "Unable to move br0 member file"
if [ ! -f "$webroot_dir/includes/config.php" ]; then if [ ! -f "$webroot_dir/includes/config.php" ]; then
sudo cp "$webroot_dir/config/config.php" "$webroot_dir/includes/config.php" sudo cp "$webroot_dir/config/config.php" "$webroot_dir/includes/config.php"
fi fi
}
# Generate required lines for Rasp AP to place into rc.local file. # Install and enable RaspAP daemon
# #RASPAP is for removal script function _enable_raspap_daemon() {
lines=( _install_log "Enabling RaspAP daemon"
'echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward #RASPAP' echo "Disable with: sudo systemctl disable raspapd.service"
'iptables -t nat -A POSTROUTING -j MASQUERADE #RASPAP' sudo cp $webroot_dir/installers/raspapd.service /lib/systemd/system/ || _install_error "Unable to move raspap.service file"
'iptables -t nat -A POSTROUTING -s 192.168.50.0\/24 ! -d 192.168.50.0\/24 -j MASQUERADE #RASPAP' sudo systemctl daemon-reload
sudo systemctl enable raspapd.service || _install_error "Failed to enable raspap.service"
}
# Configure IP forwarding, set IP tables rules, prompt to install RaspAP daemon
function _configure_networking() {
_install_log "Configuring networking"
echo "Enabling IP forwarding"
echo "net.ipv4.ip_forward=1" | sudo tee $raspap_sysctl > /dev/null || _install_error "Unable to set IP forwarding"
sudo sysctl -p $raspap_sysctl || _install_error "Unable to execute sysctl"
sudo /etc/init.d/procps restart || _install_error "Unable to execute procps"
echo "Checking iptables rules"
rules=(
"-A POSTROUTING -j MASQUERADE"
"-A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE"
) )
for rule in "${rules[@]}"; do
for line in "${lines[@]}"; do if grep -- "$rule" $rulesv4 > /dev/null; then
if grep "$line" /etc/rc.local > /dev/null; then echo "Rule already exits: ${rule}"
echo "$line: Line already added"
else else
sudo sed -i "s/^exit 0$/$line\nexit 0/" /etc/rc.local rule=$(sed -e 's/^\(-A POSTROUTING\)/-t nat \1/' <<< $rule)
echo "Adding line $line" echo "Adding rule: ${rule}"
sudo iptables $rule || _install_error "Unable to execute iptables"
added=true
fi fi
done done
# Persist rules if added
# Force a reload of new settings in /etc/rc.local if [ "$added" = true ]; then
sudo systemctl restart rc-local.service echo "Persisting IP tables rules"
sudo systemctl daemon-reload sudo iptables-save | sudo tee $rulesv4 > /dev/null || _install_error "Unable to execute iptables-save"
fi
# Prompt to install RaspAP daemon # Prompt to install RaspAP daemon
echo -n "Enable RaspAP control service (Recommended)? [Y/n]: " echo -n "Enable RaspAP control service (Recommended)? [Y/n]: "
@ -282,106 +387,42 @@ function default_configuration() {
if [ "$answer" != "${answer#[Nn]}" ]; then if [ "$answer" != "${answer#[Nn]}" ]; then
echo -e echo -e
else else
enable_raspap_daemon _enable_raspap_daemon
fi fi
else else
echo -e echo -e
enable_raspap_daemon _enable_raspap_daemon
fi fi
} }
# Install and enable RaspAP daemon # Add sudoers file to /etc/sudoers.d/ and set file permissions
function enable_raspap_daemon() { function _patch_system_files() {
install_log "Enabling RaspAP daemon"
echo "Disable with: sudo systemctl disable raspap.service"
sudo cp $webroot_dir/installers/raspap.service /lib/systemd/system/ || install_error "Unable to move raspap.service file"
sudo systemctl enable raspap.service || install_error "Failed to enable raspap.service"
}
# Add a single entry to the sudoers file # Create sudoers if not present
function sudo_add() { if [ ! -f $raspap_sudoers ]; then
sudo bash -c "echo \"$raspap_user ALL=(ALL) NOPASSWD:$1\" | (EDITOR=\"tee -a\" visudo)" \ _install_log "Adding raspap.sudoers to ${raspap_sudoers}"
|| install_error "Unable to patch /etc/sudoers" sudo cp "$webroot_dir/installers/raspap.sudoers" $raspap_sudoers || _install_error "Unable to apply raspap.sudoers to $raspap_sudoers"
} sudo chmod 0440 $raspap_sudoers || _install_error "Unable to change file permissions for $raspap_sudoers"
# Adds www-data user to the sudoers file with restrictions on what the user can execute
function patch_system_files() {
# Set commands array
cmds=(
"/sbin/ifdown"
"/sbin/ifup"
"/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf"
"/bin/cat /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf"
"/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf"
"/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf"
"/sbin/wpa_cli -i wlan[0-9] scan_results"
"/sbin/wpa_cli -i wlan[0-9] scan"
"/sbin/wpa_cli -i wlan[0-9] reconfigure"
"/sbin/wpa_cli -i wlan[0-9] select_network"
"/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf"
"/bin/systemctl start hostapd.service"
"/bin/systemctl stop hostapd.service"
"/bin/systemctl start dnsmasq.service"
"/bin/systemctl stop dnsmasq.service"
"/bin/systemctl start openvpn-client@client"
"/bin/systemctl enable openvpn-client@client"
"/bin/systemctl stop openvpn-client@client"
"/bin/systemctl disable openvpn-client@client"
"/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf"
"/bin/cp /tmp/authdata /etc/openvpn/client/login.conf"
"/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.conf"
"/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf"
"/sbin/shutdown -h now"
"/sbin/reboot"
"/sbin/ip link set wlan[0-9] down"
"/sbin/ip link set wlan[0-9] up"
"/sbin/ip -s a f label wlan[0-9]"
"/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf"
"/etc/raspap/hostapd/enablelog.sh"
"/etc/raspap/hostapd/disablelog.sh"
"/etc/raspap/hostapd/servicestart.sh"
"/etc/raspap/lighttpd/configport.sh"
"/etc/raspap/openvpn/configauth.sh"
"/bin/chmod o+r /tmp/hostapd.log"
"/bin/chmod o+r /tmp/dnsmasq.log"
)
# Check if sudoers needs patching
if [ $(sudo grep -c $raspap_user /etc/sudoers) -ne ${#cmds[@]} ]
then
# Sudoers file has incorrect number of commands. Wiping them out.
install_log "Cleaning system sudoers file"
sudo sed -i "/$raspap_user/d" /etc/sudoers
install_log "Patching system sudoers file"
# patch /etc/sudoers file
for cmd in "${cmds[@]}"
do
sudo_add $cmd
IFS=$'\n'
done
else
install_log "Sudoers file already patched"
fi fi
# Add symlink to prevent wpa_cli cmds from breaking with multiple wlan interfaces # Add symlink to prevent wpa_cli cmds from breaking with multiple wlan interfaces
install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces" _install_log "Symlinked wpa_supplicant hooks for multiple wlan interfaces"
if [ ! -f /usr/share/dhcpcd/hooks/10-wpa_supplicant ]; then if [ ! -f /usr/share/dhcpcd/hooks/10-wpa_supplicant ]; then
sudo ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /etc/dhcp/dhclient-enter-hooks.d/ sudo ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /etc/dhcp/dhclient-enter-hooks.d/
fi fi
# Unmask and enable hostapd.service # Unmask and enable hostapd.service
install_log "Unmasking and enabling hostapd service" _install_log "Unmasking and enabling hostapd service"
sudo systemctl unmask hostapd.service sudo systemctl unmask hostapd.service
sudo systemctl enable hostapd.service sudo systemctl enable hostapd.service
} }
# Optimize configuration of php-cgi. # Optimize configuration of php-cgi.
function optimize_php() { function _optimize_php() {
install_log "Optimize PHP configuration" _install_log "Optimize PHP configuration"
if [ ! -f "$phpcgiconf" ]; then if [ ! -f "$phpcgiconf" ]; then
install_warning "PHP configuration could not be found." _install_warning "PHP configuration could not be found."
return return
fi fi
@ -423,15 +464,14 @@ function optimize_php() {
if [ -f "/usr/sbin/phpenmod" ]; then if [ -f "/usr/sbin/phpenmod" ]; then
sudo phpenmod opcache sudo phpenmod opcache
else else
install_warning "phpenmod not found." _install_warning "phpenmod not found."
fi fi
fi fi
fi fi
} }
function install_complete() { function _install_complete() {
install_log "Installation completed!" _install_log "Installation completed!"
if [ "$assume_yes" == 0 ]; then if [ "$assume_yes" == 0 ]; then
# Prompt to reboot if wired ethernet (eth0) is connected. # Prompt to reboot if wired ethernet (eth0) is connected.
# With default_configuration this will create an active AP on restart. # With default_configuration this will create an active AP on restart.
@ -442,27 +482,29 @@ function install_complete() {
echo "Installation reboot aborted." echo "Installation reboot aborted."
exit 0 exit 0
fi fi
sudo shutdown -r now || install_error "Unable to execute shutdown" sudo shutdown -r now || _install_error "Unable to execute shutdown"
fi fi
fi fi
} }
function install_raspap() { function _install_raspap() {
display_welcome _display_welcome
config_installation _config_installation
update_system_packages _update_system_packages
install_dependencies _install_dependencies
enable_php_lighttpd _enable_php_lighttpd
create_raspap_directories _create_raspap_directories
optimize_php _optimize_php
check_for_old_configs _check_for_old_configs
download_latest_files _download_latest_files
change_file_ownership _change_file_ownership
create_hostapd_scripts _create_hostapd_scripts
create_lighttpd_scripts _create_lighttpd_scripts
move_config_file _move_config_file
default_configuration _default_configuration
prompt_install_openvpn _configure_networking
patch_system_files _prompt_install_openvpn
install_complete _prompt_install_adblock
_patch_system_files
_install_complete
} }

View file

@ -6,9 +6,17 @@
# @author billz # @author billz
# license: GNU General Public License v3.0 # license: GNU General Public License v3.0
# Exit on error
set -o errexit
# Exit on error inside functions
set -o errtrace
# Turn on traces, disabled by default
#set -o xtrace
file=$1 file=$1
auth=$2 auth=$2
interface=$3 interface=$3
readonly rulesv4="/etc/iptables/rules.v4"
if [ "$auth" = 1 ]; then if [ "$auth" = 1 ]; then
echo "Enabling auth-user-pass in OpenVPN client.conf" echo "Enabling auth-user-pass in OpenVPN client.conf"
@ -22,26 +30,27 @@ if [ "$auth" = 1 ]; then
fi fi
fi fi
# Generate iptables entries to place into rc.local file. # Configure NAT and forwarding with iptables
# #RASPAP is for uninstall script echo "Checking iptables rules"
echo "Checking iptables rules for $interface" rules=(
"-A POSTROUTING -o tun0 -j MASQUERADE"
lines=( "-A FORWARD -i tun0 -o ${interface} -m state --state RELATED,ESTABLISHED -j ACCEPT"
"iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE #RASPAP" "-A FORWARD -i wlan0 -o tun0 -j ACCEPT"
"iptables -A FORWARD -i tun0 -o $interface -m state --state RELATED,ESTABLISHED -j ACCEPT #RASPAP"
"iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT #RASPAP"
) )
for line in "${lines[@]}"; do for rule in "${rules[@]}"; do
if grep "$line" /etc/rc.local > /dev/null; then if grep -- "$rule" $rulesv4 > /dev/null; then
echo "$line: Line already added" echo "Rule already exits: ${rule}"
else else
sudo sed -i "s/^exit 0$/$line\nexit 0/" /etc/rc.local rule=$(sed -e 's/^\(-A POSTROUTING\)/-t nat \1/' <<< $rule)
echo "Adding rule: $line" echo "Adding rule: ${rule}"
sudo iptables $rule
added=true
fi fi
done done
# Force a reload of new settings in /etc/rc.local if [ "$added" = true ]; then
sudo systemctl restart rc-local.service echo "Persisting IP tables rules"
sudo systemctl daemon-reload sudo iptables-save | sudo tee $rulesv4 > /dev/null
fi

View file

@ -1,19 +1,31 @@
#!/bin/bash #!/bin/bash
# #
# RaspAP SSL certificate installation functions # RaspAP SSL certificate installation functions
# author: @billz # Author: @billz <billzimmerman@gmail.com>
# license: GNU General Public License v3.0 # License: GNU General Public License v3.0
#
# You are not obligated to bundle the LICENSE file with your RaspAP projects as long
# as you leave these references intact in the header comments of your source files.
# Exit on error
set -o errexit
# Exit on error inside functions
set -o errtrace
# Turn on traces, disabled by default
# set -o xtrace
# Set defaults
certname=$HOSTNAME."local" certname=$HOSTNAME."local"
lighttpd_ssl="/etc/lighttpd/ssl" lighttpd_ssl="/etc/lighttpd/ssl"
lighttpd_conf="/etc/lighttpd/lighttpd.conf" lighttpd_conf="/etc/lighttpd/lighttpd.conf"
webroot_dir="/var/www/html" webroot_dir="/var/www/html"
mkcert_version="1.4.1" readonly mkcert_version="1.4.1"
readonly git_source_url="https://github.com/FiloSottile/mkcert/releases/download/v${mkcert_version}"
### NOTE: all the below functions are overloadable for system-specific installs ### NOTE: all the below functions are overloadable for system-specific installs
function config_installation() { function _config_installation() {
install_log "Configure a new SSL certificate" _install_log "Configure a new SSL certificate"
echo "Current system hostname is $HOSTNAME" echo "Current system hostname is $HOSTNAME"
echo -n "Create an SSL certificate for ${certname}? (Recommended) [y/N]" echo -n "Create an SSL certificate for ${certname}? (Recommended) [y/N]"
if [ $assume_yes == 0 ]; then if [ $assume_yes == 0 ]; then
@ -35,10 +47,10 @@ function config_installation() {
echo -e echo -e
fi fi
install_divider _install_divider
echo "A new SSL certificate for: ${certname}" echo "A new SSL certificate for: ${certname}"
echo "will be installed to lighttpd SSL directory: ${lighttpd_ssl}" echo "will be installed to lighttpd SSL directory: ${lighttpd_ssl}"
install_divider _install_divider
echo -n "Complete installation with these values? [y/N]: " echo -n "Complete installation with these values? [y/N]: "
if [ $assume_yes == 0 ]; then if [ $assume_yes == 0 ]; then
read answer < /dev/tty read answer < /dev/tty
@ -52,43 +64,43 @@ function config_installation() {
} }
# Installs pre-built mkcert binary for Arch Linux ARM # Installs pre-built mkcert binary for Arch Linux ARM
function install_mkcert() { function _install_mkcert() {
install_log "Fetching mkcert binary" _install_log "Fetching mkcert binary"
sudo wget -q https://github.com/FiloSottile/mkcert/releases/download/v${mkcert_version}/mkcert-v${mkcert_version}-linux-arm -O /usr/local/bin/mkcert || install_error "Unable to download mkcert" sudo wget -q ${git_source_url}/mkcert-v${mkcert_version}-linux-arm -O /usr/local/bin/mkcert || _install_error "Unable to download mkcert"
sudo chmod +x /usr/local/bin/mkcert sudo chmod +x /usr/local/bin/mkcert
install_log "Installing mkcert" _install_log "Installing mkcert"
mkcert -install || install_error "Failed to install mkcert" mkcert -install || _install_error "Failed to install mkcert"
} }
# Generate a certificate for host # Generate a certificate for host
function generate_certificate() { function _generate_certificate() {
install_log "Generating a new certificate for $certname" _install_log "Generating a new certificate for $certname"
cd $HOME cd $HOME
mkcert $certname "*.${certname}.local" $certname || install_error "Failed to generate certificate for $certname" mkcert $certname "*.${certname}.local" $certname || _install_error "Failed to generate certificate for $certname"
install_log "Combining private key and certificate" _install_log "Combining private key and certificate"
cat $certname+2-key.pem $certname+2.pem > $certname.pem || install_error "Failed to combine key and certificate" cat $certname+2-key.pem $certname+2.pem > $certname.pem || _install_error "Failed to combine key and certificate"
echo "OK" echo "OK"
} }
# Create a directory for the combined .pem file in lighttpd # Create a directory for the combined .pem file in lighttpd
function create_lighttpd_dir() { function _create_lighttpd_dir() {
install_log "Creating SLL directory for lighttpd" _install_log "Creating SLL directory for lighttpd"
if [ ! -d "$lighttpd_ssl" ]; then if [ ! -d "$lighttpd_ssl" ]; then
sudo mkdir -p "$lighttpd_ssl" || install_error "Failed to create lighttpd directory" sudo mkdir -p "$lighttpd_ssl" || _install_error "Failed to create lighttpd directory"
fi fi
echo "OK" echo "OK"
install_log "Setting permissions and moving .pem file" _install_log "Setting permissions and moving .pem file"
chmod 400 "$HOME/$certname".pem || install_error "Unable to set permissions for .pem file" chmod 400 "$HOME/$certname".pem || _install_error "Unable to set permissions for .pem file"
sudo mv "$HOME/$certname".pem /etc/lighttpd/ssl || install_error "Unable to move .pem file" sudo mv "$HOME/$certname".pem /etc/lighttpd/ssl || _install_error "Unable to move .pem file"
echo "OK" echo "OK"
} }
# Generate config to enable SSL in lighttpd # Generate config to enable SSL in lighttpd
function configure_lighttpd() { function _configure_lighttpd() {
install_log "Configuring lighttpd for SSL" _install_log "Configuring lighttpd for SSL"
lines=( lines=(
'server.modules += ("mod_openssl")' 'server.modules += ("mod_openssl")'
'$SERVER["socket"] == ":443" {' '$SERVER["socket"] == ":443" {'
@ -110,22 +122,22 @@ function configure_lighttpd() {
} }
# Copy rootCA.pem to RaspAP web root # Copy rootCA.pem to RaspAP web root
function copy_rootca() { function _copy_rootca() {
install_log "Copying rootCA.pem to RaspAP web root" _install_log "Copying rootCA.pem to RaspAP web root"
sudo cp ${HOME}/.local/share/mkcert/rootCA.pem ${webroot_dir} || install_error "Unable to copy rootCA.pem to ${webroot_dir}" sudo cp ${HOME}/.local/share/mkcert/rootCA.pem ${webroot_dir} || _install_error "Unable to copy rootCA.pem to ${webroot_dir}"
echo "OK" echo "OK"
} }
# Restart lighttpd service # Restart lighttpd service
function restart_lighttpd() { function _restart_lighttpd() {
install_log "Restarting lighttpd service" _install_log "Restarting lighttpd service"
sudo systemctl restart lighttpd.service || install_error "Unable to restart lighttpd service" sudo systemctl restart lighttpd.service || _install_error "Unable to restart lighttpd service"
sudo systemctl status lighttpd.service sudo systemctl status lighttpd.service
} }
function install_complete() { function _install_complete() {
install_log "SSL certificate install completed!" _install_log "SSL certificate install completed!"
install_divider _install_divider
printf '%s\n' \ printf '%s\n' \
"Open a browser and enter the address: http://$certname/rootCA.pem" \ "Open a browser and enter the address: http://$certname/rootCA.pem" \
"Download the root certificate to your client and add it to your system keychain." \ "Download the root certificate to your client and add it to your system keychain." \
@ -133,18 +145,18 @@ function install_complete() {
"Finally, enter the address https://$certname in your browser." \ "Finally, enter the address https://$certname in your browser." \
"Enjoy an encrypted SSL connection to RaspAP 🔒" \ "Enjoy an encrypted SSL connection to RaspAP 🔒" \
"For advanced options, run mkcert -help" "For advanced options, run mkcert -help"
install_divider _install_divider
} }
function install_certificate() { function _install_certificate() {
display_welcome _display_welcome
config_installation _config_installation
install_mkcert _install_mkcert
generate_certificate _generate_certificate
create_lighttpd_dir _create_lighttpd_dir
configure_lighttpd _configure_lighttpd
copy_rootca _copy_rootca
restart_lighttpd _restart_lighttpd
install_complete _install_complete
} }

View file

@ -1,10 +0,0 @@
[Unit]
Description=RaspAP daemon
After=multi-user.target
[Service]
Type=idle
ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3
[Install]
WantedBy=multi-user.target

40
installers/raspap.sudoers Normal file
View file

@ -0,0 +1,40 @@
www-data ALL=(ALL) NOPASSWD:/sbin/ifdown
www-data ALL=(ALL) NOPASSWD:/sbin/ifup
www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant.conf
www-data ALL=(ALL) NOPASSWD:/bin/cat /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant.conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/wifidata /etc/wpa_supplicant/wpa_supplicant-wlan[0-9].conf
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan_results
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] scan
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] reconfigure
www-data ALL=(ALL) NOPASSWD:/sbin/wpa_cli -i wlan[0-9] select_network
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/hostapddata /etc/hostapd/hostapd.conf
www-data ALL=(ALL) NOPASSWD:/bin/systemctl start hostapd.service
www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop hostapd.service
www-data ALL=(ALL) NOPASSWD:/bin/systemctl start dnsmasq.service
www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop dnsmasq.service
www-data ALL=(ALL) NOPASSWD:/bin/systemctl restart dnsmasq.service
www-data ALL=(ALL) NOPASSWD:/bin/systemctl start openvpn-client@client
www-data ALL=(ALL) NOPASSWD:/bin/systemctl enable openvpn-client@client
www-data ALL=(ALL) NOPASSWD:/bin/systemctl stop openvpn-client@client
www-data ALL=(ALL) NOPASSWD:/bin/systemctl disable openvpn-client@client
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/ovpnclient.ovpn /etc/openvpn/client/client.conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/authdata /etc/openvpn/client/login.conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_raspap.conf
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dhcpddata /etc/dhcpcd.conf
www-data ALL=(ALL) NOPASSWD:/sbin/shutdown -h now
www-data ALL=(ALL) NOPASSWD:/sbin/reboot
www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] down
www-data ALL=(ALL) NOPASSWD:/sbin/ip link set wlan[0-9] up
www-data ALL=(ALL) NOPASSWD:/sbin/ip -s a f label wlan[0-9]
www-data ALL=(ALL) NOPASSWD:/bin/cp /etc/raspap/networking/dhcpcd.conf /etc/dhcpcd.conf
www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/enablelog.sh
www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/disablelog.sh
www-data ALL=(ALL) NOPASSWD:/etc/raspap/hostapd/servicestart.sh
www-data ALL=(ALL) NOPASSWD:/etc/raspap/lighttpd/configport.sh
www-data ALL=(ALL) NOPASSWD:/etc/raspap/openvpn/configauth.sh
www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/hostapd.log
www-data ALL=(ALL) NOPASSWD:/bin/chmod o+r /tmp/dnsmasq.log
www-data ALL=(ALL) NOPASSWD:/bin/cp /tmp/dnsmasqdata /etc/dnsmasq.d/090_adblock.conf
www-data ALL=(ALL) NOPASSWD:/etc/raspap/adblock/update_blocklist.sh

View file

@ -0,0 +1,24 @@
### BEGIN INIT INFO
# Provides: raspapd
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: S 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start RaspAP daemon at boot time
# Description: Enable service provided by daemon
### END INIT INFO
# Author: BillZ <billzimmerman@gmail.com>
[Unit]
Description=RaspAP Service Daemon
DefaultDependencies=no
After=multi-user.target
[Service]
Type=oneshot
ExecStart=/bin/bash /etc/raspap/hostapd/servicestart.sh --interface uap0 --seconds 3
RemainAfterExit=no
[Install]
WantedBy=multi-user.target

View file

@ -1,8 +1,8 @@
#!/bin/bash #!/bin/bash
# #
# RaspAP Quick Installer # RaspAP Quick Installer
# author: @billz # Author: @billz <billzimmerman@gmail.com>
# license: GNU General Public License v3.0 # License: GNU General Public License v3.0
# #
# Usage: # Usage:
# #
@ -27,13 +27,16 @@
# https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/common.sh # https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/common.sh
# - or - # - or -
# https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/mkcert.sh # https://raw.githubusercontent.com/billz/raspap-webgui/master/installers/mkcert.sh
#
# You are not obligated to bundle the LICENSE file with your RaspAP projects as long
# as you leave these references intact in the header comments of your source files.
# Set defaults # Set defaults
repo="billz/raspap-webgui" repo="billz/raspap-webgui"
branch="master" branch="master"
VERSION=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
assume_yes=0 assume_yes=0
ovpn_option=1 ovpn_option=1
readonly RASPAP_LATEST=$(curl -s "https://api.github.com/repos/$repo/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")' )
# Define usage notes # Define usage notes
usage=$(cat << EOF usage=$(cat << EOF
@ -59,6 +62,9 @@ while :; do
ovpn_option="$2" ovpn_option="$2"
shift shift
;; ;;
-a|--adblock)
install_adblock=1
;;
-c|--cert|--certificate) -c|--cert|--certificate)
install_cert=1 install_cert=1
;; ;;
@ -75,7 +81,7 @@ while :; do
exit 1 exit 1
;; ;;
-v|--version) -v|--version)
printf "RaspAP v${VERSION} - simple AP setup and wifi mangement for the RaspberryPi\n" printf "RaspAP v${RASPAP_LATEST} - simple AP setup and wifi mangement for the RaspberryPi\n"
exit 1 exit 1
;; ;;
-*|--*) -*|--*)
@ -93,7 +99,7 @@ done
UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/" UPDATE_URL="https://raw.githubusercontent.com/$repo/$branch/"
# Outputs a welcome message # Outputs a welcome message
function display_welcome() { function _display_welcome() {
raspberry='\033[0;35m' raspberry='\033[0;35m'
green='\033[1;32m' green='\033[1;32m'
@ -105,35 +111,35 @@ function display_welcome() {
echo -e " 88 88 88. .88 88 88. .88 88 88 88" echo -e " 88 88 88. .88 88 88. .88 88 88 88"
echo -e " dP dP 88888P8 88888P 88Y888P 88 88 dP" echo -e " dP dP 88888P8 88888P 88Y888P 88 88 dP"
echo -e " 88" echo -e " 88"
echo -e " dP version ${VERSION}" echo -e " dP version ${RASPAP_LATEST}"
echo -e "${green}" echo -e "${green}"
echo -e "The Quick Installer will guide you through a few easy steps\n\n" echo -e "The Quick Installer will guide you through a few easy steps\n\n"
} }
# Outputs a RaspAP Install log line # Outputs a RaspAP Install log line
function install_log() { function _install_log() {
echo -e "\033[1;32mRaspAP Install: $*\033[m" echo -e "\033[1;32mRaspAP Install: $*\033[m"
} }
# Outputs a RaspAP Install Error log line and exits with status code 1 # Outputs a RaspAP Install Error log line and exits with status code 1
function install_error() { function _install_error() {
echo -e "\033[1;37;41mRaspAP Install Error: $*\033[m" echo -e "\033[1;37;41mRaspAP Install Error: $*\033[m"
exit 1 exit 1
} }
# Outputs a RaspAP Warning line # Outputs a RaspAP Warning line
function install_warning() { function _install_warning() {
echo -e "\033[1;33mWarning: $*\033[m" echo -e "\033[1;33mWarning: $*\033[m"
} }
# Outputs a RaspAP divider # Outputs a RaspAP divider
function install_divider() { function _install_divider() {
echo -e "\033[1;32m***************************************************************$*\033[m" echo -e "\033[1;32m***************************************************************$*\033[m"
} }
function update_system_packages() { function _update_system_packages() {
install_log "Updating sources" _install_log "Updating sources"
sudo apt-get update || install_error "Unable to update package list" sudo apt-get update || _install_error "Unable to update package list"
} }
# Fetch required installer functions # Fetch required installer functions
@ -141,11 +147,11 @@ if [ "${install_cert:-}" = 1 ]; then
source="mkcert" source="mkcert"
wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
install_certificate || install_error "Unable to install certificate" _install_certificate || _install_error "Unable to install certificate"
else else
source="common" source="common"
wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh wget -q ${UPDATE_URL}installers/${source}.sh -O /tmp/raspap_${source}.sh
source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh source /tmp/raspap_${source}.sh && rm -f /tmp/raspap_${source}.sh
install_raspap || install_error "Unable to install RaspAP" _install_raspap || _install_error "Unable to install RaspAP"
fi fi

View file

@ -1,12 +1,12 @@
#!/bin/bash #!/bin/bash
# When wireless client AP mode is enabled, this script handles starting # When wireless client AP or Bridge mode is enabled, this script handles starting
# up network services in a specific order and timing to avoid race conditions. # up network services in a specific order and timing to avoid race conditions.
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=raspap NAME=raspapd
DESC="Service control for RaspAP" DESC="Service control for RaspAP"
CONFIGFILE="/etc/raspap/hostapd.ini" CONFIGFILE="/etc/raspap/hostapd.ini"
DAEMONPATH="/lib/systemd/system/raspap.service" DAEMONPATH="/lib/systemd/system/raspapd.service"
OPENVPNENABLED=$(pidof openvpn | wc -l) OPENVPNENABLED=$(pidof openvpn | wc -l)
positional=() positional=()
@ -22,21 +22,33 @@ case $key in
;; ;;
-s|--seconds) -s|--seconds)
seconds="$2" seconds="$2"
shift # past argument shift
shift # past value shift
;;
-a|--action)
action="$2"
shift
shift
;; ;;
esac esac
done done
set -- "${positional[@]}" set -- "${positional[@]}"
echo "Stopping network services..." echo "Stopping network services..."
systemctl stop openvpn-client@client if [ $OPENVPNENABLED -eq 1 ]; then
systemctl stop openvpn-client@client
fi
systemctl stop systemd-networkd systemctl stop systemd-networkd
systemctl stop hostapd.service systemctl stop hostapd.service
systemctl stop dnsmasq.service systemctl stop dnsmasq.service
systemctl stop dhcpcd.service systemctl stop dhcpcd.service
if [ -f "$DAEMONPATH" ]; then if [ "${action}" = "stop" ]; then
echo "Services stopped. Exiting."
exit 0
fi
if [ -f "$DAEMONPATH" ] && [ ! -z "$interface" ]; then
echo "Changing RaspAP Daemon --interface to $interface" echo "Changing RaspAP Daemon --interface to $interface"
sed -i "s/\(--interface \)[[:alnum:]]*/\1$interface/" "$DAEMONPATH" sed -i "s/\(--interface \)[[:alnum:]]*/\1$interface/" "$DAEMONPATH"
fi fi
@ -49,6 +61,9 @@ if [ -r "$CONFIGFILE" ]; then
if [ "${config[BridgedEnable]}" = 1 ]; then if [ "${config[BridgedEnable]}" = 1 ]; then
if [ "${interface}" = "br0" ]; then if [ "${interface}" = "br0" ]; then
echo "Stopping systemd-networkd"
systemctl stop systemd-networkd
echo "Restarting eth0 interface..." echo "Restarting eth0 interface..."
ip link set down eth0 ip link set down eth0
ip link set up eth0 ip link set up eth0
@ -64,14 +79,21 @@ if [ -r "$CONFIGFILE" ]; then
echo "Disabling systemd-networkd" echo "Disabling systemd-networkd"
systemctl disable systemd-networkd systemctl disable systemd-networkd
ip link ls up | grep -q 'br0' &> /dev/null
if [ $? == 0 ]; then
echo "Removing br0 interface..." echo "Removing br0 interface..."
ip link set down br0 ip link set down br0
ip link del dev br0 ip link del dev br0
fi
if [ "${config[WifiAPEnable]}" = 1 ]; then if [ "${config[WifiAPEnable]}" = 1 ]; then
if [ "${interface}" = "uap0" ]; then if [ "${interface}" = "uap0" ]; then
ip link ls up | grep -q 'uap0' &> /dev/null
if [ $? == 0 ]; then
echo "Removing uap0 interface..." echo "Removing uap0 interface..."
iw dev uap0 del iw dev uap0 del
fi
echo "Adding uap0 interface to ${config[WifiManaged]}" echo "Adding uap0 interface to ${config[WifiManaged]}"
iw dev ${config[WifiManaged]} interface add uap0 type __ap iw dev ${config[WifiManaged]} interface add uap0 type __ap