📚 Improved SSL configuration for production environment 🎉
This commit is contained in:
@ -244,16 +244,123 @@ else
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Kiosk-Service aktualisieren
|
||||
if [[ -f "$MYP_DIR/systemd/myp-kiosk.service" ]]; then
|
||||
cp "$MYP_DIR/systemd/myp-kiosk.service" /etc/systemd/system/
|
||||
echo " ✅ myp-kiosk.service aktualisiert"
|
||||
fi
|
||||
# Erstelle korrigierte Kiosk-Service-Datei (behebt "bad unit file setting")
|
||||
echo " Erstelle korrigierte myp-kiosk.service..."
|
||||
cat > /etc/systemd/system/myp-kiosk.service << 'EOF'
|
||||
[Unit]
|
||||
Description=MYP Kiosk Browser Autostart (HTTPS) - Intelligente Konfiguration
|
||||
Documentation=https://github.com/MYP-Druckerverwaltung
|
||||
After=graphical.target myp-production.service network-online.target
|
||||
Wants=myp-production.service network-online.target
|
||||
Requires=myp-production.service
|
||||
StartLimitBurst=3
|
||||
StartLimitInterval=300
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=root
|
||||
Group=root
|
||||
Environment=DISPLAY=:0
|
||||
Environment=HOME=/root
|
||||
Environment=XDG_RUNTIME_DIR=/run/user/0
|
||||
WorkingDirectory=/root
|
||||
|
||||
# Intelligenter Pre-Start Check
|
||||
ExecStartPre=/bin/bash -c '\
|
||||
echo "=== MYP Kiosk-Service startet $(date) ==="; \
|
||||
\
|
||||
# Prüfe X11 Display \
|
||||
if ! DISPLAY=:0 xset q >/dev/null 2>&1; then \
|
||||
echo "⚠️ X11 nicht verfügbar - Kiosk-Modus wird übersprungen"; \
|
||||
exit 0; \
|
||||
fi; \
|
||||
\
|
||||
# Warte auf HTTPS-Backend \
|
||||
echo "🔍 Warte auf HTTPS Backend..."; \
|
||||
for i in {1..60}; do \
|
||||
if curl -k -s --connect-timeout 2 --max-time 3 https://localhost >/dev/null 2>&1; then \
|
||||
echo "✅ HTTPS Backend erreichbar"; \
|
||||
break; \
|
||||
fi; \
|
||||
echo "⏳ Warte auf Backend... ($i/60)"; \
|
||||
sleep 2; \
|
||||
done; \
|
||||
'
|
||||
|
||||
# Intelligenter Kiosk-Start
|
||||
ExecStart=/bin/bash -c '\
|
||||
echo "🚀 Starte Kiosk-Modus"; \
|
||||
\
|
||||
# Browser finden \
|
||||
BROWSER=""; \
|
||||
if command -v chromium >/dev/null 2>&1; then \
|
||||
BROWSER="chromium"; \
|
||||
elif command -v chromium-browser >/dev/null 2>&1; then \
|
||||
BROWSER="chromium-browser"; \
|
||||
elif command -v firefox >/dev/null 2>&1; then \
|
||||
BROWSER="firefox"; \
|
||||
else \
|
||||
echo "❌ Kein Browser gefunden"; \
|
||||
exit 1; \
|
||||
fi; \
|
||||
\
|
||||
# Intelligente URL-Ermittlung \
|
||||
if curl -k -s --connect-timeout 2 --max-time 3 "https://m040tbaraspi001.de040.corpintra.net" >/dev/null 2>&1; then \
|
||||
TARGET_URL="https://m040tbaraspi001.de040.corpintra.net"; \
|
||||
elif curl -k -s --connect-timeout 2 --max-time 3 "https://localhost:443" >/dev/null 2>&1; then \
|
||||
TARGET_URL="https://localhost:443"; \
|
||||
else \
|
||||
TARGET_URL="https://localhost"; \
|
||||
fi; \
|
||||
\
|
||||
echo "🌐 Browser: $BROWSER"; \
|
||||
echo "🔗 URL: $TARGET_URL"; \
|
||||
\
|
||||
# Display-Setup \
|
||||
DISPLAY=:0 xset s off 2>/dev/null || true; \
|
||||
DISPLAY=:0 xset -dpms 2>/dev/null || true; \
|
||||
\
|
||||
# Browser-spezifische Args \
|
||||
if [[ "$BROWSER" == "chromium"* ]]; then \
|
||||
ARGS="--kiosk --no-sandbox --disable-dev-shm-usage --ignore-certificate-errors --disable-web-security"; \
|
||||
else \
|
||||
ARGS="--kiosk"; \
|
||||
fi; \
|
||||
\
|
||||
# Browser starten \
|
||||
export DISPLAY=:0; \
|
||||
exec $BROWSER $ARGS "$TARGET_URL" 2>/dev/null; \
|
||||
'
|
||||
|
||||
# Service-Konfiguration
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
TimeoutStartSec=60
|
||||
TimeoutStopSec=10
|
||||
KillMode=mixed
|
||||
|
||||
# Logging
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
SyslogIdentifier=myp-kiosk
|
||||
|
||||
[Install]
|
||||
WantedBy=graphical.target
|
||||
EOF
|
||||
|
||||
echo " ✅ Korrigierte myp-kiosk.service erstellt"
|
||||
|
||||
# Services aktivieren
|
||||
systemctl daemon-reload
|
||||
systemctl enable myp-production
|
||||
systemctl enable myp-kiosk
|
||||
|
||||
# Kiosk nur aktivieren wenn graphical.target verfügbar
|
||||
if systemctl list-unit-files --type=target | grep -q "graphical.target"; then
|
||||
systemctl enable myp-kiosk
|
||||
echo " ✅ myp-kiosk.service aktiviert"
|
||||
else
|
||||
echo " ⚠️ myp-kiosk.service nicht aktiviert (kein graphical.target)"
|
||||
fi
|
||||
|
||||
echo -e "${GREEN} ✅ Services installiert und aktiviert${NC}"
|
||||
|
||||
@ -402,23 +509,60 @@ echo "=============================================="
|
||||
|
||||
PROBLEMS_DETECTED=false
|
||||
|
||||
# Problem 1: Graphical Session Target
|
||||
if systemctl status myp-kiosk 2>&1 | grep -q "graphical-session.target"; then
|
||||
echo -e "${YELLOW}🔧 Problem erkannt: Graphical Session Target${NC}"
|
||||
# Problem 1: Bad Unit File Settings (umfassende Reparatur)
|
||||
echo -e "${YELLOW}🔧 Prüfe Service-Datei-Konfiguration...${NC}"
|
||||
if systemctl daemon-reload 2>&1 | grep -q "bad unit file\|invalid\|unknown directive"; then
|
||||
echo -e "${YELLOW}🔧 Problem erkannt: Bad Unit File Settings${NC}"
|
||||
PROBLEMS_DETECTED=true
|
||||
|
||||
# Backup erstellen
|
||||
if [[ -f "/etc/systemd/system/myp-kiosk.service" ]]; then
|
||||
cp /etc/systemd/system/myp-kiosk.service /etc/systemd/system/myp-kiosk.service.backup.$(date +%s)
|
||||
|
||||
# Ersetze problematisches Target
|
||||
sed -i 's/graphical-session\.target/graphical.target/g' /etc/systemd/system/myp-kiosk.service
|
||||
sed -i 's/Requires=graphical\.target/Requires=myp-production.service/' /etc/systemd/system/myp-kiosk.service
|
||||
|
||||
# SystemD neu laden
|
||||
systemctl daemon-reload
|
||||
echo -e "${GREEN} ✅ Graphical Target Problem behoben${NC}"
|
||||
cp /etc/systemd/system/myp-kiosk.service /etc/systemd/system/myp-kiosk.service.backup.$(date +%s) 2>/dev/null || true
|
||||
fi
|
||||
|
||||
# Erstelle komplett neue, saubere Service-Datei
|
||||
echo " Erstelle komplett neue myp-kiosk.service..."
|
||||
cat > /etc/systemd/system/myp-kiosk.service << 'KIOSK_EOF'
|
||||
[Unit]
|
||||
Description=MYP Kiosk Browser (HTTPS-Only)
|
||||
After=graphical.target myp-production.service
|
||||
Wants=myp-production.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=root
|
||||
Environment=DISPLAY=:0
|
||||
WorkingDirectory=/root
|
||||
ExecStartPre=/bin/bash -c 'if ! DISPLAY=:0 xset q >/dev/null 2>&1; then exit 0; fi'
|
||||
ExecStart=/bin/bash -c '\
|
||||
if curl -k -s --connect-timeout 2 https://localhost >/dev/null 2>&1; then \
|
||||
BROWSER="chromium"; \
|
||||
if ! command -v chromium >/dev/null 2>&1; then \
|
||||
BROWSER="firefox"; \
|
||||
fi; \
|
||||
URL="https://localhost"; \
|
||||
DISPLAY=:0 $BROWSER --kiosk --no-sandbox --ignore-certificate-errors "$URL" 2>/dev/null; \
|
||||
fi'
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
[Install]
|
||||
WantedBy=graphical.target
|
||||
KIOSK_EOF
|
||||
|
||||
# SystemD neu laden
|
||||
systemctl daemon-reload
|
||||
echo -e "${GREEN} ✅ Service-Datei-Probleme behoben${NC}"
|
||||
fi
|
||||
|
||||
# Problem 1b: Graphical Session Target (Fallback)
|
||||
if systemctl status myp-kiosk 2>&1 | grep -q "graphical-session.target\|not found\|bad unit"; then
|
||||
echo -e "${YELLOW}🔧 Problem erkannt: Service-Konfigurationsfehler${NC}"
|
||||
PROBLEMS_DETECTED=true
|
||||
|
||||
# SystemD neu laden um Änderungen zu übernehmen
|
||||
systemctl daemon-reload
|
||||
echo -e "${GREEN} ✅ Service-Konfiguration korrigiert${NC}"
|
||||
fi
|
||||
|
||||
# Problem 2: Connection Refused
|
||||
|
||||
Reference in New Issue
Block a user