Skip to content

Instantly share code, notes, and snippets.

@mikesouza

mikesouza/binds_on_mount.sh

Forked from alexandrusavin/binds_on_mount.sh
Created August 12, 2018 15:31
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mikesouza/d5b938bb503e0c3b3e30bcb01c10901d to your computer and use it in GitHub Desktop.
Save mikesouza/d5b938bb503e0c3b3e30bcb01c10901d to your computer and use it in GitHub Desktop.
Download ZIP
Add letsencrypt certificate to dd-wrt web interface
Raw
binds_on_mount.sh
#!/bin/sh
if [ `nvram get https_enable` -gt 0 ] ; then
# get the absolute directory of the executable
SELF_PATH=$(cd -P "$(dirname "$0")" && pwd -P)
echo SELF_PATH: ${SELF_PATH}
# extract the mount path
MOUNT_PATH=`echo ${SELF_PATH} | cut -d / -f1-2`
echo MOUNT_PATH: ${MOUNT_PATH}
# do binds
for BIND_PATH in '/jffs' ; do
echo Binding ${BIND_PATH}
if [ "${MOUNT_PATH}" != "${BIND_PATH}" ]; then
grep -q -e "${BIND_PATH}" /proc/mounts || mount -o bind ${MOUNT_PATH}${BIND_PATH} ${BIND_PATH}
fi
done
HTTPS_RESET=0
if [ `pidof httpd` -gt 0 ]; then
echo Stopping httpd
stopservice httpd
HTTPS_RESET=1
fi
echo Binding HTTPS certifcate
grep -q -e "/etc/cert.pem" /proc/mounts || mount -o bind ${MOUNT_PATH}/etc/cert.pem /etc/cert.pem
grep -q -e "/etc/key.pem" /proc/mounts || mount -o bind ${MOUNT_PATH}/etc/key.pem /etc/key.pem
grep -q -e "/etc/privkey.pem" /proc/mounts || mount -o bind ${MOUNT_PATH}/etc/privkey.pem /etc/privkey.pem
if [ "$HTTPS_RESET" = "1" ]; then
echo Starting httpd
startservice httpd
unset HTTPS_RESET
fi
fi
Raw
letsencrypt-ddwrt.md

Inspired from this blog post.

  1. Prepare the router

    1. Use portfw to forward port 80 and 445 to the ip of the computer where you have certbot installed

    2. Enable Secure Shell from Services tab

    3. Enable JFFS2 Support form Administration tab

  2. Create the certificate files

    1. Install certbot

      brew install certbot

    2. Go to a folder where you will configure certbot

    3. Execute certbot to create the certificate

      certbot certonly --config-dir . --logs-dir . --work-dir .

      When promted select Spin up a temporary webserver (standalone)

    4. Go to ./live/[your.domain]

    5. Create rsa key from private key

      openssl rsa -in privkey.pem -out key.pem

  3. Put the certificate files into the router

    1. cd to jffs

      cd /jffs

    2. create startup folder

      mkdir startup

    3. create the script (binds_on_mount.sh) that binds certificate files and make it executable

      chmod +x binds_on_mount.sh

    4. create etc folder in jffs and cd in it

      mkdir /jffs/etc && cd /jffs/etc

    5. create the certificate files from local certbot files

      1. paste contents of key.pem, cert.pem and privkey.pem into their respective file in /jffs/etc

  4. Remove portfw and enable Web GUI Management remote access from Administration tab

    1. Web Access

      1. Protocol: Check https and Uncheck http

    2. Remote Access

      1. Web GUI Management: Enable

      2. Web GUI Port: 443

  5. Test by executing the script and then try to access the web gui. If the browser has a green lock next to the address than everything is correct.

  6. Add command to execute the script on startup

    1. save this command as Startup in Administration > Commands

      cd /jffs/startup && ./binds_on_mount.sh > ./log

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment