changeset 76:c99fac2b0dc7

Add files related to SSL support.
author John "Elwin" Edwards
date Fri, 30 Dec 2016 12:48:58 -0500
parents d8720dbc16bb
children 6830c5dba61d
files README.txt lighttpd/certbot-cli.ini lighttpd/rlgallery-ssl.conf scripts/create-combined-pemfile
diffstat 4 files changed, 50 insertions(+), 3 deletions(-) [+]
line wrap: on
line diff
--- a/README.txt	Wed Dec 28 16:53:08 2016 -0500
+++ b/README.txt	Fri Dec 30 12:48:58 2016 -0500
@@ -4,8 +4,9 @@
 a patch to the Git version of dgamelaunch.  The patch makes it compatible with 
 the RLGWebD player and adds properly salted passwords.
 
-lighttpd/ contains a configuration file for lighttpd which should be included
-from the main lighttpd.conf.
+lighttpd/ contains configuration files for lighttpd which should be included
+from the main lighttpd.conf.  It also includes a configuration file for 
+certbot, for obtaining an SSL certificate.
 
 py/ contains various Python scripts.  Python 3 is required.  The dependencies
 needed are psycopg2 and pytz.
@@ -22,6 +23,8 @@
 py/rlgnotes is a basic blog creator.  It makes a blog (with RSS feed!) at
 the URL /notes using text files as the source.  Currently experimental.
 
+scripts/ contains shell scripts that are useful in the setup process.
+
 web/ contains the static parts of the rlgallery.org website.  Note that when 
-installed, scoring/ needs to be writable by whatever user is running the 
+installed, web/scoring/ needs to be writable by whatever user is running the 
 recorder.py script.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/lighttpd/certbot-cli.ini	Fri Dec 30 12:48:58 2016 -0500
@@ -0,0 +1,10 @@
+# rlgallery.org configuration file for certbot
+# Install at /etc/letsencrypt/cli.ini
+
+authenticator = webroot
+webroot-path = /var/www/lighttpd
+
+agree-tos = True
+non-interactive = True
+
+# email, domain, and post-hook need to be specified by options
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/lighttpd/rlgallery-ssl.conf	Fri Dec 30 12:48:58 2016 -0500
@@ -0,0 +1,8 @@
+# Lighttpd SSL configuration for rlgallery.org
+# Include in the main lighttpd configuration file
+
+$SERVER["socket"] == ":443" {
+  ssl.engine = "enable"
+  ssl.pemfile = "/etc/lighttpd/ssl/host.pem"
+  ssl.ca-file = "/etc/lighttpd/ssl/chain.pem"
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/scripts/create-combined-pemfile	Fri Dec 30 12:48:58 2016 -0500
@@ -0,0 +1,26 @@
+#!/bin/sh
+# Combines a private key and host cert into a single pemfile, for webservers
+# that require it.
+
+if [ $# -lt 1 ]
+then
+	echo "No domains given."
+	exit 1
+fi
+
+for DOMAIN in "$@"
+do
+	LINKDIR=/etc/letsencrypt/live/"$DOMAIN"
+	if [ ! -d "$LINKDIR" ]
+	then
+		echo "No certificates for $DOMAIN, skipping"
+		continue
+	fi
+	REALCERTFILE=`readlink -f "$LINKDIR"/cert.pem`
+	PEMFILE=`dirname "$REALCERTFILE"`/combined.pem
+	touch "$PEMFILE"
+	chown root:root "$PEMFILE"
+	chmod 400 "$PEMFILE"
+	cat "$LINKDIR"/privkey.pem "$LINKDIR"/cert.pem >"$PEMFILE"
+	ln -s -f -r "$PEMFILE" "$LINKDIR"/combined.pem
+done