new envs added, static path added into to vpn scripts, new question on installation stage about path to scripts, tunes for more flexibility of scripts

.env.example

@@ -1,5 +1,6 @@
 # Web-application parameters
 APP_PATH=/var/www/html
+SCRIPTS_PATH=/var/www/html/scripts/auth-bash
 
 # Database parameters
 DB_HOST=172.17.0.1

configs/server.conf

@@ -48,8 +48,8 @@ reneg-sec 18000
 ## SECURITY ##
 
 # Downgrade privileges of the daemon
-user nobody
-group nogroup
+user VPN_USER
+group VPN_GROUP
 
 # Persist keys (because we are nobody, so we couldn't read them again)
 persist-key

scripts/auth-bash/config.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-
-# MySQL credentials
-HOST='localhost'
-PORT='3306'
-USER=''
-PASS=''
-DB='openvpn-admin'

scripts/auth-bash/connect.sh

@@ -1,6 +1,10 @@
 #!/bin/bash
-. /etc/openvpn/scripts/config.sh
-. /etc/openvpn/scripts/functions.sh
+
+my_path="$(dirname $0)"
+cd "$my_path"
+
+source ./../../.env
+source ./functions.sh
 
 common_name=$(echap "$common_name")
 trusted_ip=$(echap "$trusted_ip")
@@ -11,7 +15,7 @@ bytes_received=$(echap "$bytes_received")
 bytes_sent=$(echap "$bytes_sent")
 
 # We insert data in the log table
-mysql -h$HOST -P$PORT -u$USER -p$PASS $DB -e "INSERT INTO log (log_id, user_id, log_trusted_ip, log_trusted_port, log_remote_ip, log_remote_port, log_start_time, log_end_time, log_received, log_send) VALUES(NULL, '$common_name','$trusted_ip', '$trusted_port','$ifconfig_pool_remote_ip', '$remote_port_1', now(),NULL, '$bytes_received', '$bytes_sent')"
+mysql -h$DB_HOST -P$DB_PORT -u$DBUSER -p$DB_PASS $DB_NAME -e "INSERT INTO log (log_id, user_id, log_trusted_ip, log_trusted_port, log_remote_ip, log_remote_port, log_start_time, log_end_time, log_received, log_send) VALUES(NULL, '$common_name','$trusted_ip', '$trusted_port','$ifconfig_pool_remote_ip', '$remote_port_1', now(),NULL, '$bytes_received', '$bytes_sent')"
 
 # We specify that the user is online
-mysql -h$HOST -P$PORT -u$USER -p$PASS $DB -e "UPDATE user SET user_online=1 WHERE user_id='$common_name'"
+mysql -h$DB_HOST -P$DB_PORT -u$DBUSER -p$DB_PASS $DB_NAME -e "UPDATE user SET user_online=1 WHERE user_id='$common_name'"

scripts/auth-bash/disconnect.sh

@@ -1,6 +1,10 @@
 #!/bin/bash
-. /etc/openvpn/scripts/config.sh
-. /etc/openvpn/scripts/functions.sh
+
+my_path="$(dirname $0)"
+cd "$my_path"
+
+source ./../../.env
+source ./functions.sh
 
 common_name=$(echap "$common_name")
 bytes_received=$(echap "$bytes_received")
@@ -9,7 +13,7 @@ trusted_ip=$(echap "$trusted_ip")
 trusted_port=$(echap "$trusted_port")
 
 # We specify the user is offline
-mysql -h$HOST -P$PORT -u$USER -p$PASS $DB -e "UPDATE user SET user_online=0 WHERE user_id='$common_name'"
+mysql -h$DB_HOST -P$DB_PORT -u$DBUSER -p$DB_PASS $DB_NAME -e "UPDATE user SET user_online=0 WHERE user_id='$common_name'"
 
 # We insert the deconnection datetime
-mysql -h$HOST -P$PORT -u$USER -p$PASS $DB -e "UPDATE log SET log_end_time=now(), log_received='$bytes_received', log_send='$bytes_sent' WHERE log_trusted_ip='$trusted_ip' AND log_trusted_port='$trusted_port' AND user_id='$common_name' AND log_end_time IS NULL"
+mysql -h$DB_HOST -P$DB_PORT -u$DBUSER -p$DB_PASS $DB_NAME -e "UPDATE log SET log_end_time=now(), log_received='$bytes_received', log_send='$bytes_sent' WHERE log_trusted_ip='$trusted_ip' AND log_trusted_port='$trusted_port' AND user_id='$common_name' AND log_end_time IS NULL"

scripts/auth-bash/login.sh

@@ -1,12 +1,16 @@
 #!/bin/bash
-. /etc/openvpn/scripts/config.sh
-. /etc/openvpn/scripts/functions.sh
+
+my_path="$(dirname $0)"
+cd "$my_path"
+
+source ./../../.env
+source ./functions.sh
 
 username=$(echap "$username")
 password=$(echap "$password")
 
 # Authentication
-user_pass=$(mysql -h$HOST -P$PORT -u$USER -p$PASS $DB -sN -e "SELECT user_pass FROM user WHERE user_id = '$username' AND user_enable=1 AND (TO_DAYS(now()) >= TO_DAYS(user_start_date) OR user_start_date IS NULL) AND (TO_DAYS(now()) <= TO_DAYS(user_end_date) OR user_end_date IS NULL)")
+user_pass=$(mysql -h$DB_HOST -P$DB_PORT -u$DBUSER -p$DB_PASS $DB_NAME -sN -e "SELECT user_pass FROM user WHERE user_id = '$username' AND user_enable=1 AND (TO_DAYS(now()) >= TO_DAYS(user_start_date) OR user_start_date IS NULL) AND (TO_DAYS(now()) <= TO_DAYS(user_end_date) OR user_end_date IS NULL)")
 
 # Check the user
 if [ "$user_pass" == '' ]; then

scripts/install.sh

@@ -1,10 +1,11 @@
 #!/bin/bash
 
 print_help () {
-  echo -e "./install.sh www_basedir user group"
+    echo -e "./install.sh www_basedir user group (eg /var/www/openvpn-admin)"
     echo -e "\tbase_dir: The place where the web application will be put in"
     echo -e "\tuser:     User of the web application"
     echo -e "\tgroup:    Group of the web application"
+    exit
 }
 
 print_error() {
@@ -20,7 +21,6 @@ fi
 # Ensure there are enought arguments
 if [ "$#" -ne 3 ]; then
   print_help
-  exit
 fi
 
 # Ensure there are the prerequisites
@@ -35,7 +35,7 @@ www=$1
 user=$2
 group=$3
 
-openvpn_admin="$www/openvpn-admin"
+openvpn_admin="$www"
 
 # Check the validity of the arguments
 if [ ! -d "$www" ] ||  ! grep -q "$user" "/etc/passwd" || ! grep -q "$group" "/etc/group" ; then

scripts/install/00_env.sh

@@ -38,6 +38,24 @@ printf "\n################## Server informations ##################\n"
 [ -z "$VPN_NET" ]   && read -p "OpenVPN clients subnet [10.8.0.0/24]: " VPN_NET
 [ -z "$VPN_NET" ]   && VPN_NET="10.8.0.0/24"
 
+printf "\n################## Application informations ##################\n"
+
+[ ! -z "$APP_PATH" ] && echo "APP_PATH=$APP_PATH"
+[ -z "$APP_PATH" ]   && read -p "Web application root folder [/var/www/html]: " APP_PATH
+[ -z "$APP_PATH" ]   && APP_PATH="/var/www/html"
+
+[ ! -z "$SCRIPTS_PATH" ] && echo "SCRIPTS_PATH=$SCRIPTS_PATH"
+[ -z "$SCRIPTS_PATH" ]   && read -p "Folder with scripts for OpenVPN [$APP_PATH/scripts/auth-bash]: " SCRIPTS_PATH
+[ -z "$SCRIPTS_PATH" ]   && SCRIPTS_PATH="$APP_PATH/scripts/auth-bash"
+
+SCRIPTS_LOGIN="$SCRIPTS_PATH/login.sh"
+[ ! -z "$SCRIPTS_LOGIN" ] && echo "SCRIPTS_LOGIN=$SCRIPTS_LOGIN"
+
+SCRIPTS_CONNECT="$SCRIPTS_PATH/connect.sh"
+[ ! -z "$SCRIPTS_CONNECT" ] && echo "SCRIPTS_CONNECT=$SCRIPTS_CONNECT"
+
+SCRIPTS_DISCONNECT="$SCRIPTS_PATH/disconnect.sh"
+[ ! -z "$SCRIPTS_DISCONNECT" ] && echo "SCRIPTS_DISCONNECT=$SCRIPTS_DISCONNECT"
 
 printf "\n################## Certificates informations ##################\n"
 

scripts/install/02_app.sh

@@ -3,10 +3,11 @@
 printf "\n################## Setup web application ##################\n"
 
 # Install third parties
+composer install
 npm install
 
 # Create the directory of the web application
 mkdir -p "$openvpn_admin"
-cp -r "$base_path/"{app/,public/,vendor/,.env} "$openvpn_admin"
+cp -r "$base_path/"{scripts/,app/,public/,vendor/,.env} "$openvpn_admin"
 
 chown -R "$user:$group" "$openvpn_admin"

scripts/install/04_openvpn.sh

@@ -3,13 +3,19 @@
 printf "\n################## Setup OpenVPN ##################\n"
 
 # Copy certificates and the server configuration in the openvpn directory
-cp /etc/openvpn/easy-rsa/pki/{ca.crt,ta.key,issued/server.crt,private/server.key,dh.pem} "/etc/openvpn/"
-chmod +r /etc/openvpn/{ca.crt,ta.key}
-cp "$base_path/../configs/server.conf" "/etc/openvpn/"
-mkdir -p "/etc/openvpn/ccd"
-sed -i "
+cp "$VPN_CONF/easy-rsa/pki/"{ca.crt,ta.key,issued/server.crt,private/server.key,dh.pem} "$VPN_CONF/"
+chmod +r $VPN_CONF/{ca.crt,ta.key}
+cp "$base_path/../configs/server.conf" "$VPN_CONF/"
+mkdir -p "$VPN_CONF/ccd"
+
+sed "
 s/VPN_SERVER/$VPN_SERVER/;
-s/VPN_PORT/$VPN_PORT/;
-s/VPN_INIF/$VPN_INIF/;
-s/VPN_PROTO/$VPN_PROTO/;
-s/VPN_GROUP/$VPN_GROUP/" "/etc/openvpn/server.conf"
+s/VPN_PORT/$VPN_PORT/
+s/VPN_INIF/$VPN_INIF/
+s/VPN_PROTO/$VPN_PROTO/
+s/VPN_GROUP/$VPN_GROUP/
+s/VPN_USER/$VPN_USER/
+s|SCRIPTS_LOGIN|$SCRIPTS_LOGIN|
+s|SCRIPTS_CONNECT|$SCRIPTS_CONNECT|
+s|SCRIPTS_DISCONNECT|$SCRIPTS_DISCONNECT|
+" -i "$VPN_CONF/server.conf"