| 91,10 → 91,10 |
|---|
| [ -e /etc/pki/tls/private/alcasar.pem ] && cp -f /etc/pki/tls/private/alcasar.pem $DIR_UPDATE # since V3.3 |
| cp -f /etc/pki/CA/alcasar-ca.crt $DIR_UPDATE |
| cp -f /etc/pki/CA/private/alcasar-ca.key $DIR_UPDATE |
| if [ -e /etc/pki/tls/certs/server-chain.crt ]; then |
| cp -f /etc/pki/tls/certs/server-chain.crt* $DIR_UPDATE # autosigned and official if exist |
| if [ -e /etc/pki/tls/certs/server-chain.pem ]; then |
| cp -f /etc/pki/tls/certs/server-chain.pem $DIR_UPDATE # autosigned and official if exist |
| else |
| cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.crt |
| cp -f /etc/pki/tls/certs/alcasar.crt $DIR_UPDATE/server-chain.pem |
| fi |
| # pureip & safesearch status |
| [ -d /etc/dansguardian ] && dg_path=/etc/dansguardian || dg_path=/etc/e2guardian |
| 194,7 → 194,7 |
|---|
| cp -f $DIR_UPDATE/alcasar.crt /etc/pki/tls/certs/ |
| cp -f $DIR_UPDATE/alcasar.key /etc/pki/tls/private/ |
| cp -f $DIR_UPDATE/alcasar.pem /etc/pki/tls/private/ |
| [ -e $DIR_UPDATE/server-chain.crt ] && cp -f $DIR_UPDATE/server-chain.crt* /etc/pki/tls/certs/ # autosigned and official if exist |
| [ -e $DIR_UPDATE/server-chain.pem ] && cp -f $DIR_UPDATE/server-chain.pem /etc/pki/tls/certs/ # autosigned and official if exist |
| chown root:apache /etc/pki/CA; chmod 750 /etc/pki/CA |
| chmod 640 /etc/pki/CA/* |
| chown root:root /etc/pki/CA/private; chmod 700 /etc/pki/CA/private |
| 439,7 → 439,14 |
|---|
| local-zone: "$HOSTNAME" static |
| local-data: "$HOSTNAME A $PRIVATE_IP" |
| EOF |
| # Configuration file for lo of forward unbound |
| if [ "$HOSTNAME" != 'alcasar' ] |
| then |
| echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf |
| echo -e "\tlocal-zone: \"alcasar A $PRIVATE_IP\"" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf |
| echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf |
| echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf |
| fi |
| # Configuration file for lo of forward |
| cat << EOF > /etc/unbound/conf.d/forward/iface.lo.conf |
| server: |
| interface: 127.0.0.1@53 |
| 454,14 → 461,7 |
|---|
| local-zone: "$DOMAIN." static |
| local-data: "$DOMAIN. A" |
| EOF |
| if [ "$HOSTNAME" != 'alcasar' ] |
| then |
| echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf |
| echo -e "\tlocal-zone: \"alcasar A $PRIVATE_IP\"" >> /etc/unbound/conf.d/common/local-dns/${INTIF}.conf |
| echo -e "\tlocal-zone: \"alcasar\" static" >> /etc/unbound/conf.d/forward/iface.lo.conf |
| echo -e "\tlocal-zone: \"alcasar A 127.0.0.1\"" >> /etc/unbound/conf.d/forward/iface.lo.conf |
| fi |
| # Configuration file for $INTIF of forward unbound |
| # Configuration file for $INTIF of forward |
| cat << EOF > /etc/unbound/conf.d/forward/iface.${INTIF}.conf |
| server: |
| interface: ${PRIVATE_IP}@53 |
| 471,7 → 471,7 |
|---|
| name: "$INTIF" |
| view-first: yes |
| EOF |
| # Configuration file for $INTIF of blacklist unbound |
| # Configuration file for $INTIF of blacklist |
| cat << EOF > /etc/unbound/conf.d/blacklist/iface.${INTIF}.conf |
| server: |
| interface: ${PRIVATE_IP}@54 |
| 480,7 → 480,7 |
|---|
| access-control-tag-action: $PRIVATE_IP_MASK "blacklist" redirect |
| access-control-tag-data: $PRIVATE_IP_MASK "blacklist" "A $PRIVATE_IP" |
| EOF |
| # Configuration file for $INTIF of whitelist unbound |
| # Configuration file for $INTIF of whitelist |
| cat << EOF > /etc/unbound/conf.d/whitelist/iface.${INTIF}.conf |
| server: |
| interface: ${PRIVATE_IP}@55 |
| 489,7 → 489,7 |
|---|
| access-control-tag-action: $PRIVATE_IP_MASK "whitelist" redirect |
| access-control-tag-data: $PRIVATE_IP_MASK "whitelist" "A $PRIVATE_IP" |
| EOF |
| # Configuration file for $INTIF of blackhole unbound |
| # Configuration file for $INTIF of blackhole |
| cat << EOF > /etc/unbound/conf.d/blackhole/iface.${INTIF}.conf |
| server: |
| interface: ${PRIVATE_IP}@56 |