Use cert bits from home directory

to allow for safer+easier remote updates
main
Dan Buch 4 years ago
parent 1e89d80882
commit 22760e622b
Signed by: meatballhat
GPG Key ID: 9685130D8B763EA7

@ -5,8 +5,8 @@ server {
listen 443 ssl;
listen [::]:443 ssl;
server_name ${server_name};
ssl_certificate spoke.crt;
ssl_certificate_key spoke.key;
ssl_certificate /home/spoke/spoke.crt;
ssl_certificate_key /home/spoke/spoke.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/spoke.access.log combined;

@ -59,14 +59,6 @@ _run_system0() {
psql -c "ALTER USER spoke WITH PASSWORD '\${DB_PASSWORD}';"
PGSETUP
mv -v /tmp/spoke.crt /etc/nginx/spoke.crt
mv -v /tmp/spoke.key /etc/nginx/spoke.key
chmod 0600 /etc/nginx/spoke.crt /etc/nginx/spoke.key
cp -v /tmp/nginx-sites-default.conf /etc/nginx/sites-available/default
ln -svf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
sha1sum /etc/nginx/sites-available/default
systemctl restart nginx
if ! command -v yarn; then
curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" |
@ -81,6 +73,14 @@ PGSETUP
sudo chsh -s /bin/bash spoke
sudo chown -R spoke:spoke /home/spoke
mv -v /tmp/spoke.crt /home/spoke/spoke.crt
mv -v /tmp/spoke.key /home/spoke/spoke.key
chmod 0600 /home/spoke/spoke.crt /home/spoke/spoke.key
cp -v /tmp/nginx-sites-default.conf /etc/nginx/sites-available/default
ln -svf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
sha1sum /etc/nginx/sites-available/default
systemctl restart nginx
}
_run_system1() {

Loading…
Cancel
Save