bugfix certif nginx
This commit is contained in:
Francois Lesueur
@@ -55,14 +55,12 @@ echo "export SNSTERGUARD='true'" >> /root/.bashrc
|
|||||||
|
|
||||||
|
|
||||||
# On place les certifs
|
# On place les certifs
|
||||||
# On place les certifs
|
cp -ar tls/root_ca.crt /usr/local/share/ca-certificates/
|
||||||
if [ -f tls/root_ca.crt ]; then
|
/usr/sbin/update-ca-certificates --fresh
|
||||||
cp -ar tls/root_ca.crt /usr/local/share/ca-certificates/
|
|
||||||
/usr/sbin/update-ca-certificates --fresh
|
mkdir -p /etc/letsencrypt/live/kaz.sns
|
||||||
fi
|
cp tls/wildcard.crt /etc/letsencrypt/live/kaz.sns/fullchain.pem
|
||||||
if [ -d letsencrypt ]; then
|
cp tls/wildcard.key /etc/letsencrypt/live/kaz.sns/privkey.pem
|
||||||
cp -ar letsencrypt /etc/
|
|
||||||
fi
|
|
||||||
|
|
||||||
# On sauve le proxy APT
|
# On sauve le proxy APT
|
||||||
proxy=$(/sbin/ip route | awk '/default/ { print $3 }' | head -1)
|
proxy=$(/sbin/ip route | awk '/default/ { print $3 }' | head -1)
|
||||||
|
|||||||
@@ -159,10 +159,6 @@ EOF
|
|||||||
|
|
||||||
step certificate create "*.kaz.sns" /root/tls/wildcard.crt /root/tls/wildcard.key --profile leaf --ca /root/.step/certs/intermediate_ca.crt --ca-key /root/.step/secrets/intermediate_ca_key --ca-password-file /root/ca-passwordfile --bundle --force --no-password --insecure
|
step certificate create "*.kaz.sns" /root/tls/wildcard.crt /root/tls/wildcard.key --profile leaf --ca /root/.step/certs/intermediate_ca.crt --ca-key /root/.step/secrets/intermediate_ca_key --ca-password-file /root/ca-passwordfile --bundle --force --no-password --insecure
|
||||||
|
|
||||||
mkdir -p /etc/letsencrypt/live/kaz.sns/
|
|
||||||
ln -sf /root/tls/wildcard.crt /etc/letsencrypt/live/kaz.sns/fullchain.pem
|
|
||||||
ln -sf /root/tls/wildcard.key /etc/letsencrypt/live/kaz.sns/privkey.pem
|
|
||||||
|
|
||||||
# Cache docker registry
|
# Cache docker registry
|
||||||
echo "proxy:
|
echo "proxy:
|
||||||
remoteurl: https://registry-1.docker.io
|
remoteurl: https://registry-1.docker.io
|
||||||
@@ -196,8 +192,8 @@ auth:
|
|||||||
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
|
cp -ar ${VAGRANT_SRC_DIR}/snster-kaz /root
|
||||||
|
|
||||||
# crypto keys
|
# crypto keys
|
||||||
cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/
|
cp -ar /root/tls /root/snster-kaz/hoster-a/kaz1/
|
||||||
cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/
|
cp -ar /root/tls /root/snster-kaz/hoster-b/kaz2/
|
||||||
cp -ar /root/tls /root/snster-kaz/isp-a/home/
|
cp -ar /root/tls /root/snster-kaz/isp-a/home/
|
||||||
cp -ar /root/tls /root/snster-kaz/mica/infra/
|
cp -ar /root/tls /root/snster-kaz/mica/infra/
|
||||||
|
|
||||||
|
|||||||
@@ -26,8 +26,8 @@ git switch "${KAZBRANCH}"
|
|||||||
# On écrase les anciens fichiers
|
# On écrase les anciens fichiers
|
||||||
cp -ar /tmp/kaz-vagrant/files/snster-kaz /root/
|
cp -ar /tmp/kaz-vagrant/files/snster-kaz /root/
|
||||||
# crypto keys
|
# crypto keys
|
||||||
cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-a/kaz1/
|
cp -ar /root/tls /root/snster-kaz/hoster-a/kaz1/
|
||||||
cp -ar /root/tls /etc/letsencrypt /root/snster-kaz/hoster-b/kaz2/
|
cp -ar /root/tls /root/snster-kaz/hoster-b/kaz2/
|
||||||
cp -ar /root/tls /root/snster-kaz/isp-a/home/
|
cp -ar /root/tls /root/snster-kaz/isp-a/home/
|
||||||
cp -ar /root/tls /root/snster-kaz/mica/infra/
|
cp -ar /root/tls /root/snster-kaz/mica/infra/
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user