fix(bentopdf): enforce https for SharedArrayBuffer on LAN

LibreOffice WASM requires crossOriginIsolated + secure context. LAN HTTP origins (http://192.168.x.x) are not trustworthy, so Office conversion fails with DataCloneError on SharedArrayBuffer transfer. - generate self-signed TLS cert (idempotent) - add HTTPS server on :8443 - redirect HTTP :8080 to HTTPS :8443 - keep WASM gzip/mime handling - update post-install URL hint to https://IP:8443
2026-04-17 07:52:16 +00:00 · 2026-04-10 08:22:31 +02:00
parent c0d12a797a
commit fbf73b6e23
2 changed files with 34 additions and 5 deletions
--- a/ct/bentopdf.sh
+++ b/ct/bentopdf.sh
@@ -54,11 +54,26 @@ function update_script() {
    msg_ok "Updated BentoPDF"

    msg_info "Starting Service"
-    ensure_dependencies nginx
+    ensure_dependencies nginx openssl
+    if [[ ! -f /etc/ssl/private/bentopdf-selfsigned.key || ! -f /etc/ssl/certs/bentopdf-selfsigned.crt ]]; then
+      CERT_CN="$(hostname -I | awk '{print $1}')"
+      $STD openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \
+      -keyout /etc/ssl/private/bentopdf-selfsigned.key \
+      -out /etc/ssl/certs/bentopdf-selfsigned.crt \
+      -subj "/CN=${CERT_CN}"
+    fi
    cat <<'EOF' >/etc/nginx/sites-available/bentopdf
 server {
    listen 8080;
    server_name _;
+    return 301 https://$host:8443$request_uri;
+  }
+
+  server {
+    listen 8443 ssl;
+    server_name _;
+    ssl_certificate /etc/ssl/certs/bentopdf-selfsigned.crt;
+    ssl_certificate_key /etc/ssl/private/bentopdf-selfsigned.key;
    root /opt/bentopdf/dist;
    index index.html;

@@ -136,4 +151,4 @@ description
 msg_ok "Completed successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}https://${IP}:8443${CL}"
--- a/install/bentopdf-install.sh
+++ b/install/bentopdf-install.sh
@@ -13,9 +13,7 @@ setting_up_container
 network_check
 update_os

-msg_info "Installing Dependencies"
-$STD apt install nginx -y
-msg_ok "Installed Dependencies"
+ensure_dependencies nginx openssl

 NODE_VERSION="24" setup_nodejs
 fetch_and_deploy_gh_release "bentopdf" "alam00000/bentopdf" "tarball" "latest" "/opt/bentopdf"
@@ -31,10 +29,26 @@ $STD npm run build:all
 msg_ok "Setup BentoPDF"

 msg_info "Creating Service"
+if [[ ! -f /etc/ssl/private/bentopdf-selfsigned.key || ! -f /etc/ssl/certs/bentopdf-selfsigned.crt ]]; then
+  CERT_CN="$(hostname -I | awk '{print $1}')"
+  $STD openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \
+    -keyout /etc/ssl/private/bentopdf-selfsigned.key \
+    -out /etc/ssl/certs/bentopdf-selfsigned.crt \
+    -subj "/CN=${CERT_CN}"
+fi
+
 cat <<'EOF' >/etc/nginx/sites-available/bentopdf
 server {
    listen 8080;
    server_name _;
+    return 301 https://$host:8443$request_uri;
+}
+
+server {
+    listen 8443 ssl;
+    server_name _;
+    ssl_certificate /etc/ssl/certs/bentopdf-selfsigned.crt;
+    ssl_certificate_key /etc/ssl/private/bentopdf-selfsigned.key;
    root /opt/bentopdf/dist;
    index index.html;