Fixes ACCOUNTS-5J2. Ensure, that JWT certs has correct owners.

This commit is contained in:
ErickSkrauch 2019-08-03 02:26:46 +03:00
parent 6cfefcebc8
commit c90331c372

View File

@ -15,11 +15,23 @@ else
mv ${PHP_PROD_INI}{.disabled,} 2> /dev/null || true mv ${PHP_PROD_INI}{.disabled,} 2> /dev/null || true
fi fi
cd /var/www/html
# Create all necessary folders # Create all necessary folders
mkdir -p api/runtime console/runtime APP_DIRS=(
chown -R www-data:www-data api/runtime console/runtime "api/runtime"
"console/runtime"
"data/certs"
)
for path in ${APP_DIRS[*]}; do
if [ ! -d "$path" ]; then
echo "[bootstrap] Creating $path folder"
mkdir -p "$path"
fi
if [ $(ls -ld $path | awk '{print $3}' | tail -1) != "www-data" ]; then
echo "[bootstrap] Changing $path folder owner"
chown -R www-data:www-data "$path"
fi
done
if [ "$YII_ENV" = "test" ] if [ "$YII_ENV" = "test" ]
then then
@ -34,9 +46,10 @@ chmod 644 /etc/cron.d/*
JWT_PRIVATE_PEM_LOCATION="/var/www/html/data/certs/private.pem" JWT_PRIVATE_PEM_LOCATION="/var/www/html/data/certs/private.pem"
JWT_PUBLIC_PEM_LOCATION="/var/www/html/data/certs/public.pem" JWT_PUBLIC_PEM_LOCATION="/var/www/html/data/certs/public.pem"
if [ ! -f "$JWT_PRIVATE_PEM_LOCATION" ] ; then if [ ! -f "$JWT_PRIVATE_PEM_LOCATION" ] ; then
echo "There is no private key. Generating the new one." echo "There is no private key. Generating the new one."
openssl ecparam -name prime256v1 -genkey -noout -out "$JWT_PRIVATE_PEM_LOCATION" openssl ecparam -name prime256v1 -genkey -noout -out "$JWT_PRIVATE_PEM_LOCATION"
openssl ec -in "$JWT_PRIVATE_PEM_LOCATION" -pubout -out "$JWT_PUBLIC_PEM_LOCATION" openssl ec -in "$JWT_PRIVATE_PEM_LOCATION" -pubout -out "$JWT_PUBLIC_PEM_LOCATION"
chown www-data:www-data "$JWT_PRIVATE_PEM_LOCATION" "$JWT_PUBLIC_PEM_LOCATION"
fi fi
if [ "$1" = "crond" ] ; then if [ "$1" = "crond" ] ; then