mirror of
https://github.com/ancsemi/Haven
synced 2026-04-21 13:37:41 +00:00
0b2deb42fa
- Add FORCE_HTTP=true env option to skip built-in SSL (for Caddy/nginx/Traefik) - Update startup scripts (bash, bat, Docker) to respect FORCE_HTTP - Disable HSTS header when FORCE_HTTP is active - Add auto_assign column to roles table with DB migration - Default 'User' role is auto-assigned on registration - Admin UI: toggle auto-assign per role, visual indicator - join-channel auto-assigns flagged roles to new members - Fix window.app reference for desktop voice hook
32 lines
1.1 KiB
Bash
32 lines
1.1 KiB
Bash
#!/bin/sh
|
|
set -e
|
|
|
|
DATA="/data"
|
|
CERTS="$DATA/certs"
|
|
|
|
# Auto-generate self-signed SSL certs if none exist (skip if FORCE_HTTP=true)
|
|
# (HTTPS is needed for voice chat to work over the network)
|
|
if [ "${FORCE_HTTP:-false}" = "true" ]; then
|
|
echo "⚡ FORCE_HTTP=true — skipping SSL certificate generation"
|
|
elif [ ! -f "$CERTS/cert.pem" ] || [ ! -f "$CERTS/key.pem" ]; then
|
|
echo "🔐 Generating self-signed SSL certificate..."
|
|
mkdir -p "$CERTS"
|
|
openssl req -x509 -newkey rsa:2048 \
|
|
-keyout "$CERTS/key.pem" \
|
|
-out "$CERTS/cert.pem" \
|
|
-days 3650 -nodes \
|
|
-subj "/CN=Haven" \
|
|
-addext "subjectAltName=DNS:localhost,IP:127.0.0.1" \
|
|
2>/dev/null
|
|
chown node:node "$CERTS/cert.pem" "$CERTS/key.pem" 2>/dev/null || true
|
|
echo "✅ SSL certificate created"
|
|
fi
|
|
|
|
# Fix ownership on bind-mounted volumes (Synology / NAS friendly)
|
|
# Only recurse if the data dir isn't already owned by node (uid 1000)
|
|
OWNER=$(stat -c '%u' "$DATA" 2>/dev/null || echo "unknown")
|
|
if [ "$OWNER" != "1000" ]; then
|
|
chown -R node:node "$DATA" 2>/dev/null || true
|
|
fi
|
|
|
|
exec su-exec node "$@"
|