Index: platform/tools/install_nginx.sh =================================================================== --- platform/tools/install_nginx.sh (revision 2676) +++ platform/tools/install_nginx.sh (working copy) @@ -13,6 +13,9 @@ NGINX_CONF_D_DIR="/etc/nginx/conf.d" NGINX_DEFAULT_CONF="${NGINX_CONF_D_DIR}/default.conf" NGINX_APP_CONF="${NGINX_CONF_D_DIR}/app.conf" +NGINX_TEMPLATE_CONF="/ca/webui/conf/nginx_template.conf" +DEFAULT_SSL_KEY="/ca/webui/conf/server.key" +DEFAULT_SSL_CRT="/ca/webui/conf/server.crt" SSL_DIR="/etc/nginx/ssl" SSL_KEY="${SSL_DIR}/server.key" SSL_CRT="${SSL_DIR}/server.crt" @@ -124,6 +127,9 @@ fi sudo chmod 600 "${SSL_KEY}" log_info "Self-signed certificate generated: ${SSL_CRT} and ${SSL_KEY}" + sudo cp "${SSL_KEY}" "${DEFAULT_SSL_KEY}" + sudo cp "${SSL_CRT}" "${DEFAULT_SSL_CRT}" + log_info "Copied the generated certificates to default cert path: ${DEFAULT_SSL_CRT}" else log_info "Using existing SSL certificate: ${SSL_CRT} and ${SSL_KEY}" fi @@ -319,6 +325,102 @@ fi log_info "Nginx configuration created: ${NGINX_APP_CONF}" +cat <> "${INSTALL_LOG_FILE}" +# /etc/nginx/conf.d/app.conf + +# --- HTTP Server Block (Redirects to HTTPS) --- +server { + listen 80; + listen [::]:80; + server_name ${SSL_COMMON_NAME}; + + return 301 https://\$\$host\$\$request_uri; +} + +# --- HTTPS Server Block --- +server { + listen \$webui_listen ssl; + listen [::]:\$webui_listen ssl; + server_name ${SSL_COMMON_NAME}; + + ssl_certificate \$webui_ssl_cert; + ssl_certificate_key \$webui_ssl_key; + + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305'; + + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; + + # Enable access logging for debugging + access_log /var/log/nginx/access.log; + + # Kibana at /visualization/ + location /visualization/ { + proxy_pass http://127.0.0.1:5601; # No trailing slash! + proxy_http_version 1.1; + proxy_set_header Host \$\$host; + proxy_set_header X-Real-IP \$\$remote_addr; + proxy_set_header X-Forwarded-For \$\$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$\$scheme; + proxy_set_header Upgrade \$\$http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_cache_bypass \$\$http_upgrade; + } + + # Grafana at /monitoring/ + location /monitoring/ { + proxy_pass http://127.0.0.1:3000; # No trailing slash! + proxy_http_version 1.1; + proxy_set_header Host \$\$host; + proxy_set_header X-Real-IP \$\$remote_addr; + proxy_set_header X-Forwarded-For \$\$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$\$scheme; + proxy_set_header Upgrade \$\$http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_cache_bypass \$\$http_upgrade; + } + + # Main application + $(if [ "$USE_STATIC_PAGE" = true ]; then + echo "location / { + root /usr/share/nginx/html; + index index.html; + }" + else + echo "location / { + proxy_pass ${BACKEND_URL}; + proxy_set_header Host \$\$host; + proxy_set_header X-Real-IP \$\$remote_addr; + proxy_set_header X-Forwarded-For \$\$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$\$scheme; + proxy_set_header X-Forwarded-Port \$\$server_port; + proxy_connect_timeout 75s; + proxy_send_timeout 75s; + proxy_read_timeout 75s; + proxy_buffering off; + }" + fi) + + location ~ /\. { + deny all; + } + + error_page 404 /404.html; + location = /404.html { + root /usr/share/nginx/html; + internal; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + internal; + } +} +EOF # --- Test Nginx configuration --- log_info "Testing Nginx configuration syntax..." sudo nginx -t &>> "${INSTALL_LOG_FILE}" Index: src/webui/webui.h =================================================================== --- src/webui/webui.h (revision 2676) +++ src/webui/webui.h (working copy) @@ -28,12 +28,11 @@ #define WEBUI_SSL_CHECK_ON_EXE_C "/usr/sbin/lighttpd -f " WEBUI_SSL_CHECK_CONF_FILE_C #define WEBUI_SSL_CHECK_ON_EXE_I "/usr/sbin/lighttpd -f " WEBUI_SSL_CHECK_CONF_FILE_I - #define WEBUI_HTTPD_CONF_FILE "/var/run/webui.conf" #define WEBUI_NEW_HTTPD_CONF_FILE "/var/run/new_webui.conf" #define WEBUI_ON_EXE "/usr/local/sbin/httpd -f " WEBUI_HTTPD_CONF_FILE -//#define WEBUI_NEW_ON_EXE "/ca/bin/new_webui_httpd -f " WEBUI_NEW_HTTPD_CONF_FILE -#define WEBUI_NEW_ON_EXE "/usr/sbin/lighttpd -f " WEBUI_NEW_HTTPD_CONF_FILE +#define WEBUI_NEW_ON_EXE "systemctl start nginx" +#define WEBUI_NEW_OFF_EXE "systemctl stop nginx" #define WEBUI_ON_STR "on" #define WEBUI_OFF_STR "off" @@ -59,6 +58,23 @@ #define REST_REMOVE_PID_FILE "rm -f " REST_PID_FILE " > /dev/null 2>&1" #define REST_CONF_REC_FILE "/var/run/restfulapi_conf" +#define BUILD_CONFIG_SCRIPT "/ca/bin/build_config.py" +#define NGINX_TEMPLATE_CONF "/ca/webui/conf/nginx_template.conf" +#define NGINX_APP_CONF "/etc/nginx/conf.d/app.conf" +#define NGINX_APP_CONF_BK "/etc/nginx/conf.d/app.conf.bk" +#define DEFAULT_CERT_PATH "/ca/webui/conf/server.crt" +#define DEFAULT_KEY_PATH "/ca/webui/conf/server.key" +#define CERT_PATH "/etc/nginx/ssl/server.crt" +#define KEY_PATH "/etc/nginx/ssl/server.key" +#define SEMANAGE_ADD_PORT "semanage port -a -t http_port_t -p tcp" +#define SEMANAGE_MODIFY_PORT "semanage port -m -t http_port_t -p tcp" +#define FIREWALLD_ADD_PORT "firewall-cmd --permanent --add-port" +#define FIREWALLD_RELOAD "firewall-cmd --reload" +#define TEMP_CERT_PATH "/var/tmp/server.crt" +#define TEMP_KEY_PATH "/var/tmp/server.key" +#define NGINX_TEST_CMD "nginx -t" +#define NGINX_SSL_DIR "/etc/nginx/ssl/" +#define RESTORECON_NGINX_SSL_DIR "restorecon -Rv "NGINX_SSL_DIR #include char * write_webui(void); /* return commands for current config */ Index: src/webui/webui.c =================================================================== --- src/webui/webui.c (revision 2676) +++ src/webui/webui.c (working copy) @@ -39,6 +39,7 @@ #include #include #include +#include #include #include #include @@ -57,8 +58,10 @@ #define MAX_LINE_LEN 4096 #define MAX_LINE_SIZE 4096 -#define WEBUI_DEFAULT_PORT 8888 +#define WEBUI_DEFAULT_PORT 443 + #define WEBUI_CONFIG_FILE "/var/run/webuiconf.config" + ca_errcode_t new_webui_onoff(char *onoff); static int new_webui_is_on(); @@ -111,7 +114,7 @@ static int get_webui_port() { FILE *file=NULL; - int port = 8888; + int port = WEBUI_DEFAULT_PORT; file = fopen(WEBUI_CONFIG_FILE, "r"); if (file) { if (fscanf(file, "%d", &port) != 1) { @@ -271,13 +274,22 @@ int idx = 0; int port = get_webui_port(); - idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx, - "/ca/bin/build_config.py /ca/webui/conf/httpd_new.conf /var/run/new_webui.conf"); + idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx, + "%s %s %s", BUILD_CONFIG_SCRIPT, NGINX_TEMPLATE_CONF, NGINX_APP_CONF); idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx, " webui_listen=%d", port); - idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx, " webui_host=_default_:%d", port); + idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx, " webui_ssl_cert=%s", CERT_PATH); + idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx, " webui_ssl_key=%s", KEY_PATH); system(cmd_str); + memset(cmd_str, '\0', sizeof(cmd_str)); + idx = 0; + idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx,"%s %d || %s %d", SEMANAGE_ADD_PORT, port, SEMANAGE_MODIFY_PORT, port); + system(cmd_str); + memset(cmd_str, '\0', sizeof(cmd_str)); + idx=0; + idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx,"%s=%d/tcp; %s",FIREWALLD_ADD_PORT, port, FIREWALLD_RELOAD); + system(cmd_str); //new_webui_config_update_for_ssl(); if (new_webui_is_on() == 1) { webui_off(); @@ -319,7 +331,7 @@ } if (errcode == ERR_WEBUI_OK) { errcode = webui_ssl_clear_cert(); - errcode = webui_ssl_clear_interca(); + //errcode = webui_ssl_clear_interca(); } return errcode; @@ -348,30 +360,12 @@ static int new_webui_is_on() { - FILE *pidp; - pid_t pid=0; - - pidp = fopen(WEBUI_NEW_PID_FILE, "r"); - if (pidp == NULL) { - if (errno != ENOENT) { - printf("internal error, errno:%d\n", errno); - return -1; - } + char *check_status = "systemctl is-active --quiet nginx"; + if (system(check_status) == 0) { + return 1; + } else { return 0; } - if (fscanf(pidp, "%d", &pid) != 1) { - fclose(pidp); - return 0; - } - fclose(pidp); - - /* PID file exists, but no process, remove it! */ - if (kill(pid, 0) != 0) { - system("rm -f "WEBUI_NEW_PID_FILE); - return 0; - } - - return 1; } static int @@ -412,6 +406,7 @@ /*printf("New WebUI is already on\n");*/ return ERR_WEBUI_OK; } + /* if (new_ha_is_backup()){ printf("Error: HA is backup node.\n"); return ERR_WEBUI_OK; @@ -421,15 +416,9 @@ } else { send_fastcgi_resuest(http_fastcgi_req_msg[0]); } - /* cp webui ssl files */ - { - if (access("/var/run/webui_server.pem", F_OK) != 0) { - char * cmd = "cp /ca/webui/conf/server.pem /var/run/webui_server.pem"; - system(cmd); - } - } + */ /* start apache process */ - if (start_in_sysmon(WEBUI_NEW_ON_EXE, WEBUI_NEW_PID_FILE) != 0) { + if (system(WEBUI_NEW_ON_EXE) != 0) { printf("Error: Failed to turn on webui.\n"); return ERR_WEBUI_COULD_NOT_ON; } @@ -442,18 +431,23 @@ } else if (strncasecmp(onoff, WEBUI_OFF_STR, strlen(WEBUI_OFF_STR)) == 0) { /*printf("Turning off new WebUI...\n");*/ - stop_in_sysmon(WEBUI_NEW_ON_EXE, WEBUI_NEW_PID_FILE); + if (system(WEBUI_NEW_OFF_EXE)!=0) + { + printf("Error: Failed to turn off webui.\n"); + return ERR_WEBUI_COULD_NOT_OFF; + } sleep(3); if (new_webui_is_on() == 1) { printf("Error: Failed to turn off webui.\n"); + return ERR_WEBUI_COULD_NOT_OFF; } + /* if (rest_is_on() == 0) { system("/bin/sh /ca/webui/htdocs/new/stop.sh > /dev/null 2>&1"); } else { send_fastcgi_resuest(http_fastcgi_req_msg[1]); } - - + */ } else { return ERR_WEBUI_INVALID_ARG; } @@ -478,8 +472,8 @@ ca_errcode_t webui_port(int portnum) { - if ( portnum < 1025 || portnum > 65000 ) { - printf("Please enter a vaild port number, 1025 ~ 65000.\n"); + if ((portnum < 1025 || portnum > 65000) && (portnum != 443)) { + printf("Please enter a vaild port number,443 or 1025 ~ 65000.\n"); return ERR_WEBUI_PORT_INVALID_RANGE; } @@ -493,8 +487,8 @@ int testsock; int oldportnum = get_webui_port(); - if ( portnum !=-1 && (portnum < 1025 || portnum > 65000)) { - printf("Please enter a vaild port number, 1025 ~ 65000.\n"); + if ( portnum !=-1 && (portnum < 1025 || portnum > 65000) && portnum != 443) { + printf("Please enter a vaild port number, 443 or 1025 ~ 65000.\n"); return ERR_WEBUI_PORT_INVALID_RANGE; } @@ -890,10 +884,10 @@ webui_reload(void) { //new_webui_config_update_for_ssl(); - /* restart the webui if it's on, otherwise do nothing */ + // restart the webui if it's on, otherwise do nothing if (new_webui_is_on()) { - stop_in_sysmon(WEBUI_NEW_ON_EXE, WEBUI_NEW_PID_FILE); - start_in_sysmon(WEBUI_NEW_ON_EXE, WEBUI_NEW_PID_FILE); + webui_off(); + webui_on(); } return ERR_WEBUI_OK; } @@ -906,32 +900,60 @@ #define PEM_KEY_END "-----END " #define isspacessl(c) ((c) == ' ' || ((c) >= '\t' && (c) <= '\r')) -static int -ssl_check_web_server_is_on() -{ - FILE *pidp; - pid_t pid=0; +int split_ssl_bundle(char *input_crt) { + char *name = NULL; + unsigned char *header = NULL; + unsigned char *data = NULL; + long len; + BIO *bio = BIO_new_file(input_crt, "r"); + if (!bio) { + printf("Failed to open input certificate"); + return -1; + } + BIO *bio_key_out = BIO_new_file(TEMP_KEY_PATH, "w"); + BIO *bio_certs_out = BIO_new_file(TEMP_CERT_PATH, "w"); + if (!bio_key_out || !bio_certs_out) { + printf("failed to open out files"); + unlink(TEMP_KEY_PATH); + unlink(TEMP_CERT_PATH); + BIO_free_all(bio); + return -1; + } - pidp = fopen(WEBUI_SSL_CHECK_PID_FILE, "r"); - if (pidp == NULL) { - if (errno != ENOENT) { - return -1; - } - return 0; - } - if (fscanf(pidp, "%d", &pid) != 1) { - fclose(pidp); - return 0; - } - fclose(pidp); - - /* PID file exists, but no process, remove it! */ - if (kill(pid, 0) != 0) { - system("rm -f "WEBUI_SSL_CHECK_PID_FILE); - return 0; - } - - return 1; + EVP_PKEY *pkey = NULL; + X509 *cert = NULL; + int key_written = 0, cert_written = 0; + while (PEM_read_bio(bio, &name, &header, &data, &len)) { + if (strstr(name, "PRIVATE KEY") && !key_written) { + const unsigned char *p = data; + EVP_PKEY *pkey = d2i_AutoPrivateKey(NULL, &p, len); + if (pkey) { + PEM_write_bio_PrivateKey(bio_key_out, pkey, NULL, NULL, 0, NULL, NULL); + EVP_PKEY_free(pkey); + key_written = 1; + } + } else if (strcmp(name, "CERTIFICATE") == 0) { + const unsigned char *p = data; + X509 *cert = d2i_X509(NULL, &p, len); + if (cert) { + PEM_write_bio_X509(bio_certs_out, cert); + X509_free(cert); + cert_written = 1; + } + } + OPENSSL_free(name); + OPENSSL_free(header); + OPENSSL_free(data); + } + BIO_free_all(bio); + BIO_free_all(bio_key_out); + BIO_free_all(bio_certs_out); + if(key_written && cert_written) { + return 1; + } + unlink(TEMP_CERT_PATH); + unlink(TEMP_KEY_PATH); + return -1; } @@ -938,35 +960,33 @@ static int check_format(const char *file, int type) { - int fd, rst; - fd = open(file, 0); - if(fd <= 0) - return -1; - close(fd); - if (type == 0) { - /* check cert */ - char * cert_crtfile = "/var/tmp/check_cert.pem"; - char cmd[1024]; - sprintf(cmd, "cp %s %s", file, cert_crtfile); - unlink(cert_crtfile); - system(cmd); - start_in_sysmon(WEBUI_SSL_CHECK_ON_EXE_C, ""); - } else { - /* check interca */ - char * cert_crtfile = "/var/tmp/check_interca.pem"; - char cmd[1024]; - sprintf(cmd, "cp %s %s", file, cert_crtfile); - unlink(cert_crtfile); - system(cmd); - start_in_sysmon(WEBUI_SSL_CHECK_ON_EXE_I, ""); + if (split_ssl_bundle(file) != 1){ + return 0; } - sleep(3); - rst=ssl_check_web_server_is_on(); - if (rst == 1) { - stop_in_sysmon("", WEBUI_SSL_CHECK_PID_FILE); + int port = get_webui_port(); + int idx = 0; + char cmd_str[BUFSIZE_4K]; + rename(NGINX_APP_CONF, NGINX_APP_CONF_BK); + idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx, + "%s %s %s",BUILD_CONFIG_SCRIPT, NGINX_TEMPLATE_CONF, NGINX_APP_CONF); + idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx, " webui_listen=%d", port); + idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx, " webui_ssl_cert=%s", TEMP_CERT_PATH); + idx += snprintf(cmd_str+idx, BUFSIZE_4K-idx, " webui_ssl_key=%s", TEMP_KEY_PATH); + + system(cmd_str); + if(system(NGINX_TEST_CMD)==0) + { + unlink(NGINX_APP_CONF); + rename(NGINX_APP_CONF_BK, NGINX_APP_CONF); return 1; } - return 0; + else { + unlink(NGINX_APP_CONF); + unlink(TEMP_CERT_PATH); + unlink(TEMP_KEY_PATH); + rename(NGINX_APP_CONF_BK, NGINX_APP_CONF); + return 0; + } } static int @@ -1239,13 +1259,11 @@ { FILE *default_file, *new_file; char line_default[1024], line_new[1024]; - char * new_crtfile = "/var/run/webui_server.pem"; - char * def_crtfile = "/ca/webui/conf/server.pem"; - default_file = fopen(def_crtfile, "r"); + default_file = fopen(DEFAULT_CERT_PATH, "r"); if (default_file == NULL) { return 0; } - new_file = fopen(new_crtfile, "r"); + new_file = fopen(CERT_PATH, "r"); if (new_file == NULL) { fclose(default_file); return 0; @@ -1266,6 +1284,7 @@ fclose(new_file); return 1; } + ca_errcode_t webui_ssl_import_certificate(char *url) { @@ -1272,51 +1291,52 @@ ca_errcode_t errcode = ERR_WEBUI_OK; int certfd; int format = 0; - char * tmp_crtfile = "/var/run/webui_server.pem.bc"; - char * cert_crtfile = "/var/run/webui_server.pem"; - + char *input_crtfile = "/var/tmp/input_crt.crt"; if (check_webui_ssl_pem() == 0) { printf("The WebUI SSL certificate already exists. Please remove it first before updating."); return ERR_WEBUI_OK; } - - if (url == NULL || strlen(url) < 6) { - certfd = open(tmp_crtfile, O_WRONLY|O_CREAT|O_TRUNC, - S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); - if ( certfd < 0 ){ - printf ("Error saving certificate file\n"); + if (url == NULL || strlen(url) < 6) { + certfd = open(input_crtfile, O_WRONLY|O_CREAT|O_TRUNC, + S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); + if ( certfd < 0 ){ + printf ("Error saving certificate file\n"); + return ERR_WEBUI_INVALID_ARG; + } + /* imput from console */ + printf("Please enter the WebUI SSL certificat in PEM format. \nUse ellipsis (...) in the final line to finish the input.\n"); + fflush(stdout); + + ssl_import_via_stdin(certfd); + close(certfd); + } else { + if (import_file(url, input_crtfile) != SUCCESS) { + unlink(input_crtfile); return ERR_WEBUI_INVALID_ARG; } - /* imput from console */ - printf("Please enter the WebUI SSL certificat in PEM format. \nUse ellipsis (...) in the final line to finish the input.\n"); - fflush(stdout); - - ssl_import_via_stdin(certfd); - close(certfd); - } else { - if (import_file(url, tmp_crtfile) != SUCCESS) { - unlink(tmp_crtfile); - return ERR_WEBUI_INVALID_ARG; - } - } - format = check_format(tmp_crtfile, 0); + } + format = check_format(input_crtfile, 0); if (format != 1) { printf("WebUI SSL certificate import failed. Please try again!\n"); printf("Invalid certificate format!\n"); - unlink(tmp_crtfile); + unlink(input_crtfile); return ERR_WEBUI_INVALID_ARG; } - unlink(cert_crtfile); - rename(tmp_crtfile, cert_crtfile); - unlink(tmp_crtfile); + unlink(CERT_PATH); + rename(TEMP_CERT_PATH, CERT_PATH); + unlink(TEMP_CERT_PATH); + unlink(KEY_PATH); + rename(TEMP_KEY_PATH, KEY_PATH); + unlink(TEMP_KEY_PATH); + system(RESTORECON_NGINX_SSL_DIR); if (new_webui_is_on()) { - stop_in_sysmon(WEBUI_NEW_ON_EXE, WEBUI_NEW_PID_FILE); - start_in_sysmon(WEBUI_NEW_ON_EXE, WEBUI_NEW_PID_FILE); + webui_off(); + webui_on(); } printf("WebUI SSL certificate import successful!\n"); return errcode; } - +/* ca_errcode_t webui_ssl_import_interca(char *url) { @@ -1338,7 +1358,7 @@ printf ("Error saving certificate file\n"); return ERR_WEBUI_INVALID_ARG; } - /* imput from console */ + // imput from console printf("Please enter the WebUI SSL intermediate certificate in PEM format. \nUse ellipsis (...) in the final line to finish the input.\n"); fflush(stdout); @@ -1364,20 +1384,26 @@ printf("WebUI SSL intermediate certificate import successful!\n"); return errcode; } +*/ ca_errcode_t webui_ssl_clear_cert() { - char * cmd = "cp /ca/webui/conf/server.pem /var/run/webui_server.pem"; - unlink("/var/run/webui_server.pem"); - system(cmd); + char cmd_str[BUFSIZE_4K]; + snprintf(cmd_str, BUFSIZE_4K, "cp %s %s", DEFAULT_CERT_PATH, CERT_PATH); + unlink(CERT_PATH); + system(cmd_str); + memset(cmd_str, '\0', sizeof(cmd_str)); + snprintf(cmd_str, BUFSIZE_4K, "cp %s %s", DEFAULT_KEY_PATH, KEY_PATH); + unlink(KEY_PATH); + system(cmd_str); if (new_webui_is_on()) { - stop_in_sysmon(WEBUI_NEW_ON_EXE, WEBUI_NEW_PID_FILE); - start_in_sysmon(WEBUI_NEW_ON_EXE, WEBUI_NEW_PID_FILE); + webui_off(); + webui_on(); } return ERR_WEBUI_OK; } - +/* ca_errcode_t webui_ssl_clear_interca() { @@ -1386,7 +1412,7 @@ webui_reload(); return ERR_WEBUI_OK; } - +*/ static int write_cert_details(FILE *file, X509 *x) { @@ -1529,13 +1555,11 @@ ca_errcode_t webui_ssl_show_certificate() { - if (check_webui_ssl_pem() == 1) { - return ERR_WEBUI_OK; - } - show_ssl_cert("/var/run/webui_server.pem"); + show_ssl_cert(CERT_PATH); return ERR_WEBUI_OK; } +/* ca_errcode_t webui_ssl_show_interca() { @@ -1548,3 +1572,4 @@ return ERR_WEBUI_OK; } +*/