nvoverlay

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Contributions Upload
Author Message
xdgc
DD-WRT Novice


Joined: 12 Feb 2019
Posts: 1

PostPosted: Wed Feb 13, 2019 7:36    Post subject: nvoverlay Reply with quote
I wanted to use a custom TLS certificate for the web UI, but didn't want to use LetsEncrypt/ACME. I also didn't want to switch to a Kong build or use JFFS or lighttpd or alla that. Like some posters in this topic, I fell onto the bind mount option, but I didn't want a lot of clumsy crud in my startup. I wanted a cleaner and more generalizable solution.

So, I wrote a tool that lets me overlay any file that exists in the root filesystem with custom content. It uses nvram storage only, no JFFS or other persistent storage required. It should work out of the box on any recent dd-wrt build. See https://bitbucket.org/dgc/nvoverlay/.


Here's a complete guide to setting it up for the specific TLS certificate case.

First, copy your certificate and key to your router's home directory. For example, using SSH:

Code:
scp ddwrt.crt root@router:
scp ddwrt.key root@router:


You could create those files in other ways too.

Then install nvoverlay, initialize it, and store the key and certificate:

Code:
curl -kO https://bitbucket.org/dgc/nvoverlay/raw/tip/nvoverlay
chmod 755 nvoverlay
./nvoverlay init
./nvoverlay save /etc/cert.pem <ddwrt.crt
./nvoverlay save /etc/key.pem <ddwrt.key


That's it; on reboot you should have the new key and certificate running. You can restart just the web UI without a reboot if you want a preview:

Code:
./nvoverlay restore
stopservice httpd; startservice httpd


~~~~~~~~~~~~~~~~~~~~~~~~~

How it works:

When you run nvoverlay init, a couple of things happen:

    * The "restore" functionality of nvoverlay is extracted and stored into nvram, in the nvover_restore parameter.
    * The rc_startup parameter is modified to execute that code when the router reboots.


nvoverlay save saves files by encoding their final paths and saving them as nvram params. You can see them in nvram show. You can also list which files you've saved with ./nvoverlay list.

The nvover_restore code does the following:

    * Scans nvram for saves files
    * Copies each saved file to /tmp/nvram
    * Uses a "bind mount" to map the file in /tmp/nvram to the location on the root filesystem that you want replaced (e.g. /etc/cert.pem)


You can replace files at any time by running ./nvoverlay save again. (Reboot or run ./nvoverlay restore to activate the newly saved file.)

You can remove a file from nvoverlay with ./nvoverlay rm /path/to/filename.

You can even make nvoverlay preserve itself: ./nvoverlay selfhost (This is not done by default because nvoverlay is over 2K in size, and nvram bytes are precious.) Doing so stores nvoverlay using nvoverlay, and stores a modified /etc/profile to add nvoverlay to your $PATH.

nvoverlay is a pretty simple shell script and does not require any additional software: just busybox, openssl, and nvram. It is versioned and if you should download a version with a newer nvram storage format, it can detect that it needs to be updated in nvram.


Other tips:


    * In practice I find it easier to copy my cert.pem to my laptop's paste buffer, then run nvoverlay save /etc/cert.pem, paste, and press control-D (EOF).
    * Remember that saving a new file does not make it visible in the root filesystem! You must run nvoverlay restore or reboot to do that.
    * You can change your rc_startup and your /etc/profile (if using selfhost). nvoverlay will only modify them if it doesn't find the magic token "%nvoverlay%" in them.
Sponsor
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Contributions Upload All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum