Ferenc-/openwrt_lighttpd.sh

## openwrt_lighttpd.sh
opkg install lighttpd-mod-proxy
#See the http://192.168.1.1/myadmin/ for main "myadmin" page
mkdir -p /www3/myadmin/transmission-web
mkdir -p /www3/myadmin/luci

cp /etc/foris/foris-lighttpd-inc.conf /etc/foris/foris-lighttpd-inc.conf.orig
cp /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig

#Let foris "listen" only on 192.168.1.1
#sed -i "s@\$HTTP\[\"url\"\] !~ \"\^/static\" {.*@\$HTTP\[\"host\"\] == \"192\\.168\\.1\\.1\" {@" /etc/foris/foris-lighttpd-inc.conf
sed -i "/\$HTTP\[\"url\"\] !~ .*/i \$HTTP\[\"host\"\] == \"192\\.168\\.1\\.1\" {" /etc/lighttpd/conf.d/foris.conf
echo "}" >> /etc/lighttpd/conf.d/foris.conf
#Change httpd root to my own
sed -i 's/www2/www3/' /etc/lighttpd/lighttpd.conf

wget --no-check-certificate https://raw.github.com/ruzickap/medlanky.xvx.cz/gh-pages/index.html -O - | sed 's@facebook.com/medlanky@xvx.cz@g;s/UA-6594742-7/UA-6594742-8/' > /www3/index.html

uci add firewall rule
uci set firewall.@rule[-1].name=https
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=tcp
uci set firewall.@rule[-1].dest_port=443

uci add firewall rule
uci set firewall.@rule[-1].name=http
uci set firewall.@rule[-1].src=wan
uci set firewall.@rule[-1].target=ACCEPT
uci set firewall.@rule[-1].proto=tcp
uci set firewall.@rule[-1].dest_port=80

#Enable SSL (https)
mkdir -p /etc/lighttpd/ssl/xvx.cz
chmod 0600 /etc/lighttpd/ssl/xvx.cz

SUBJ="
C=CZ
ST=Czech Republic
O=XvX, Inc.
localityName=Brno
commonName=gate.xvx.cz
"

openssl req -new -x509 -subj "$(echo -n "$SUBJ" | tr "\n" "/")" -keyout /etc/lighttpd/ssl/xvx.cz/server.pem -out /etc/lighttpd/ssl/xvx.cz/server.pem -days 3650 -nodes -newkey rsa:2048 -sha256

cat >> /etc/lighttpd/lighttpd.conf << \EOF

$SERVER["socket"] == ":443" {
  ssl.engine                  = "enable"
  ssl.pemfile                 = "/etc/lighttpd/ssl/xvx.cz/server.pem"
}

server.modules += (
 "mod_proxy",
)

#Access the transmission torrent client using: https://192.168.1.1/myadmin/transmission-web
$HTTP["url"] =~ "^/myadmin/transmission*" {
  # Use proxy for redirection to Transmission's own web interface
  proxy.server = ( "" =>
    ( (
      "host" => "127.0.0.1",
      "port" => 9091
    ) )
  )
}

$HTTP["url"] =~ "^/myadmin/*" {
  server.dir-listing = "enable"
}

alias.url += (
        "/myadmin/luci" => "/www/cgi-bin/luci",
)
EOF
	opkg install lighttpd-mod-proxy
	#See the http://192.168.1.1/myadmin/ for main "myadmin" page
	mkdir -p /www3/myadmin/transmission-web
	mkdir -p /www3/myadmin/luci

	cp /etc/foris/foris-lighttpd-inc.conf /etc/foris/foris-lighttpd-inc.conf.orig
	cp /etc/lighttpd/lighttpd.conf /etc/lighttpd/lighttpd.conf.orig

	#Let foris "listen" only on 192.168.1.1
	#sed -i "s@\$HTTP\[\"url\"\] !~ \"\^/static\" {.*@\$HTTP\[\"host\"\] == \"192\\.168\\.1\\.1\" {@" /etc/foris/foris-lighttpd-inc.conf
	sed -i "/\$HTTP\[\"url\"\] !~ .*/i \$HTTP\[\"host\"\] == \"192\\.168\\.1\\.1\" {" /etc/lighttpd/conf.d/foris.conf
	echo "}" >> /etc/lighttpd/conf.d/foris.conf
	#Change httpd root to my own
	sed -i 's/www2/www3/' /etc/lighttpd/lighttpd.conf

	wget --no-check-certificate https://raw.github.com/ruzickap/medlanky.xvx.cz/gh-pages/index.html -O - \| sed 's@facebook.com/medlanky@xvx.cz@g;s/UA-6594742-7/UA-6594742-8/' > /www3/index.html

	uci add firewall rule
	uci set firewall.@rule[-1].name=https
	uci set firewall.@rule[-1].src=wan
	uci set firewall.@rule[-1].target=ACCEPT
	uci set firewall.@rule[-1].proto=tcp
	uci set firewall.@rule[-1].dest_port=443

	uci add firewall rule
	uci set firewall.@rule[-1].name=http
	uci set firewall.@rule[-1].src=wan
	uci set firewall.@rule[-1].target=ACCEPT
	uci set firewall.@rule[-1].proto=tcp
	uci set firewall.@rule[-1].dest_port=80

	#Enable SSL (https)
	mkdir -p /etc/lighttpd/ssl/xvx.cz
	chmod 0600 /etc/lighttpd/ssl/xvx.cz

	SUBJ="
	C=CZ
	ST=Czech Republic
	O=XvX, Inc.
	localityName=Brno
	commonName=gate.xvx.cz
	"

	openssl req -new -x509 -subj "$(echo -n "$SUBJ" \| tr "\n" "/")" -keyout /etc/lighttpd/ssl/xvx.cz/server.pem -out /etc/lighttpd/ssl/xvx.cz/server.pem -days 3650 -nodes -newkey rsa:2048 -sha256

	cat >> /etc/lighttpd/lighttpd.conf << \EOF

	$SERVER["socket"] == ":443" {
	ssl.engine = "enable"
	ssl.pemfile = "/etc/lighttpd/ssl/xvx.cz/server.pem"
	}

	server.modules += (
	"mod_proxy",
	)

	#Access the transmission torrent client using: https://192.168.1.1/myadmin/transmission-web
	$HTTP["url"] =~ "^/myadmin/transmission*" {
	# Use proxy for redirection to Transmission's own web interface
	proxy.server = ( "" =>
	( (
	"host" => "127.0.0.1",
	"port" => 9091
	) )
	)
	}

	$HTTP["url"] =~ "^/myadmin/*" {
	server.dir-listing = "enable"
	}

	alias.url += (
	"/myadmin/luci" => "/www/cgi-bin/luci",
	)
	EOF