# HG changeset patch # User John "Elwin" Edwards # Date 1483120138 18000 # Node ID c99fac2b0dc7e4640467a08574f641e09a78bbb2 # Parent d8720dbc16bb8f7d74f3b0538ec563718d4b2e93 Add files related to SSL support. diff -r d8720dbc16bb -r c99fac2b0dc7 README.txt --- a/README.txt Wed Dec 28 16:53:08 2016 -0500 +++ b/README.txt Fri Dec 30 12:48:58 2016 -0500 @@ -4,8 +4,9 @@ a patch to the Git version of dgamelaunch. The patch makes it compatible with the RLGWebD player and adds properly salted passwords. -lighttpd/ contains a configuration file for lighttpd which should be included -from the main lighttpd.conf. +lighttpd/ contains configuration files for lighttpd which should be included +from the main lighttpd.conf. It also includes a configuration file for +certbot, for obtaining an SSL certificate. py/ contains various Python scripts. Python 3 is required. The dependencies needed are psycopg2 and pytz. @@ -22,6 +23,8 @@ py/rlgnotes is a basic blog creator. It makes a blog (with RSS feed!) at the URL /notes using text files as the source. Currently experimental. +scripts/ contains shell scripts that are useful in the setup process. + web/ contains the static parts of the rlgallery.org website. Note that when -installed, scoring/ needs to be writable by whatever user is running the +installed, web/scoring/ needs to be writable by whatever user is running the recorder.py script. diff -r d8720dbc16bb -r c99fac2b0dc7 lighttpd/certbot-cli.ini --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/lighttpd/certbot-cli.ini Fri Dec 30 12:48:58 2016 -0500 @@ -0,0 +1,10 @@ +# rlgallery.org configuration file for certbot +# Install at /etc/letsencrypt/cli.ini + +authenticator = webroot +webroot-path = /var/www/lighttpd + +agree-tos = True +non-interactive = True + +# email, domain, and post-hook need to be specified by options diff -r d8720dbc16bb -r c99fac2b0dc7 lighttpd/rlgallery-ssl.conf --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/lighttpd/rlgallery-ssl.conf Fri Dec 30 12:48:58 2016 -0500 @@ -0,0 +1,8 @@ +# Lighttpd SSL configuration for rlgallery.org +# Include in the main lighttpd configuration file + +$SERVER["socket"] == ":443" { + ssl.engine = "enable" + ssl.pemfile = "/etc/lighttpd/ssl/host.pem" + ssl.ca-file = "/etc/lighttpd/ssl/chain.pem" +} diff -r d8720dbc16bb -r c99fac2b0dc7 scripts/create-combined-pemfile --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/scripts/create-combined-pemfile Fri Dec 30 12:48:58 2016 -0500 @@ -0,0 +1,26 @@ +#!/bin/sh +# Combines a private key and host cert into a single pemfile, for webservers +# that require it. + +if [ $# -lt 1 ] +then + echo "No domains given." + exit 1 +fi + +for DOMAIN in "$@" +do + LINKDIR=/etc/letsencrypt/live/"$DOMAIN" + if [ ! -d "$LINKDIR" ] + then + echo "No certificates for $DOMAIN, skipping" + continue + fi + REALCERTFILE=`readlink -f "$LINKDIR"/cert.pem` + PEMFILE=`dirname "$REALCERTFILE"`/combined.pem + touch "$PEMFILE" + chown root:root "$PEMFILE" + chmod 400 "$PEMFILE" + cat "$LINKDIR"/privkey.pem "$LINKDIR"/cert.pem >"$PEMFILE" + ln -s -f -r "$PEMFILE" "$LINKDIR"/combined.pem +done