Add files related to SSL support.
This commit is contained in:
John "Elwin" Edwards
parent
0f5f0bb67f
commit
9ba9d5c90e
4 changed files with 50 additions and 3 deletions
|
|
@ -4,8 +4,9 @@ dgl/ contains the Gallery's dgamelaunch.conf file, the dgamelaunch menus, and
|
|||
a patch to the Git version of dgamelaunch. The patch makes it compatible with
|
||||
the RLGWebD player and adds properly salted passwords.
|
||||
|
||||
lighttpd/ contains a configuration file for lighttpd which should be included
|
||||
from the main lighttpd.conf.
|
||||
lighttpd/ contains configuration files for lighttpd which should be included
|
||||
from the main lighttpd.conf. It also includes a configuration file for
|
||||
certbot, for obtaining an SSL certificate.
|
||||
|
||||
py/ contains various Python scripts. Python 3 is required. The dependencies
|
||||
needed are psycopg2 and pytz.
|
||||
|
|
@ -22,6 +23,8 @@ in /lib/python<x.y>/site-packages or the equivalent location.
|
|||
py/rlgnotes is a basic blog creator. It makes a blog (with RSS feed!) at
|
||||
the URL /notes using text files as the source. Currently experimental.
|
||||
|
||||
scripts/ contains shell scripts that are useful in the setup process.
|
||||
|
||||
web/ contains the static parts of the rlgallery.org website. Note that when
|
||||
installed, scoring/ needs to be writable by whatever user is running the
|
||||
installed, web/scoring/ needs to be writable by whatever user is running the
|
||||
recorder.py script.
|
||||
|
|
|
|||
10
lighttpd/certbot-cli.ini
Normal file
10
lighttpd/certbot-cli.ini
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
# rlgallery.org configuration file for certbot
|
||||
# Install at /etc/letsencrypt/cli.ini
|
||||
|
||||
authenticator = webroot
|
||||
webroot-path = /var/www/lighttpd
|
||||
|
||||
agree-tos = True
|
||||
non-interactive = True
|
||||
|
||||
# email, domain, and post-hook need to be specified by options
|
||||
8
lighttpd/rlgallery-ssl.conf
Normal file
8
lighttpd/rlgallery-ssl.conf
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
# Lighttpd SSL configuration for rlgallery.org
|
||||
# Include in the main lighttpd configuration file
|
||||
|
||||
$SERVER["socket"] == ":443" {
|
||||
ssl.engine = "enable"
|
||||
ssl.pemfile = "/etc/lighttpd/ssl/host.pem"
|
||||
ssl.ca-file = "/etc/lighttpd/ssl/chain.pem"
|
||||
}
|
||||
26
scripts/create-combined-pemfile
Executable file
26
scripts/create-combined-pemfile
Executable file
|
|
@ -0,0 +1,26 @@
|
|||
#!/bin/sh
|
||||
# Combines a private key and host cert into a single pemfile, for webservers
|
||||
# that require it.
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "No domains given."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
for DOMAIN in "$@"
|
||||
do
|
||||
LINKDIR=/etc/letsencrypt/live/"$DOMAIN"
|
||||
if [ ! -d "$LINKDIR" ]
|
||||
then
|
||||
echo "No certificates for $DOMAIN, skipping"
|
||||
continue
|
||||
fi
|
||||
REALCERTFILE=`readlink -f "$LINKDIR"/cert.pem`
|
||||
PEMFILE=`dirname "$REALCERTFILE"`/combined.pem
|
||||
touch "$PEMFILE"
|
||||
chown root:root "$PEMFILE"
|
||||
chmod 400 "$PEMFILE"
|
||||
cat "$LINKDIR"/privkey.pem "$LINKDIR"/cert.pem >"$PEMFILE"
|
||||
ln -s -f -r "$PEMFILE" "$LINKDIR"/combined.pem
|
||||
done
|
||||
Loading…
Add table
Add a link
Reference in a new issue