libre-service.eu/documentation
libre-service.eu/documentation
1
0
Fork 0
Code Issues Pull requests Projects Releases Activity

Mise à jour de 'infra/letsencrypt.md'

Browse source
This commit is contained in:
Christian P. MOMON 2022-01-27 04:37:34 +01:00
parent ce87bc3ee2
commit b05451d4b7
1 changed files with 81 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

81
infra/letsencrypt.md
View file

@ -11,12 +11,54 @@ Recharger Apache :
systemctl reload apache2.service systemctl reload apache2.service
``` ```
S'enregistrer :
``` ```
/usr/bin/dehydrated --register --accept-terms /usr/bin/dehydrated --register --accept-terms
``` ```
# Générer un certificat # Générer un certificat
Ouvrir les ports http (80) et https (443) :
```
ufw allow '80'
ufw allow '443'
```
Configurer a minima le site web dans `/etc/apache2/sites-available/foo.libre-service.org.conf` :
```
<VirtualHost *:80>
ServerName foo.libre-service.eu
ServerAdmin admin@libre-service.eu
CustomLog ${APACHE_LOG_DIR}/foo.libre-service.eu/infos.libre-service.eu-access.log combined
ErrorLog ${APACHE_LOG_DIR}/foo.libre-service.eu/infos.libre-service.eu-error.log
LogLevel warn
Redirect 302 / https://foo.libre-service.eu/
</VirtualHost>
```
Activer la configuration :
```
a2ensite foo.libre-service.eu.conf
```
Vérifier que c'est bon et recharger :
```
apachectl configtest && systemctl reload apache2
```
Vérifier le logrotate des logs :
```
/var/log/apache2/*.log
/var/log/apache2/*/*log
{
monthly
missingok
rotate 6
```
Ajouter foo.libre-service.eu dans `/etc/dehydrated/domains.txt`. Ajouter foo.libre-service.eu dans `/etc/dehydrated/domains.txt`.
Lancer la génération : Lancer la génération :
@ -26,6 +68,45 @@ Lancer la génération :
Le certificat est généré dans `/var/lib/dehydrated/certs/foo.libre-service.eu/`. Le certificat est généré dans `/var/lib/dehydrated/certs/foo.libre-service.eu/`.
Compléter la partie SSL `/etc/apache2/sites-enabled/foo.libre-service.org.conf` :
```
<VirtualHost *:443>
ServerName pad.libre-service.eu
ServerAdmin admin@libre-service.eu
CustomLog ${APACHE_LOG_DIR}/pad.libre-service.eu/pad.libre-service.eu-access.log combined
ErrorLog ${APACHE_LOG_DIR}/pad.libre-service.eu/pad.libre-service.eu-error.log
LogLevel warn
SSLEngine On
SSLCertificateFile /var/lib/dehydrated/certs/pad.libre-service.eu/fullchain.pem
SSLCertificateKeyFile /var/lib/dehydrated/certs/pad.libre-service.eu/privkey.pem
#Include hsts.conf
#Include statoolinfos.conf
DocumentRoot /var/www/pad.libre-service.eu
#php_admin_value open_basedir "/var/www/pad.libre-service.eu/"
<Directory "/var/www//pad.libre-service.eu/">
Options FollowSymLinks
AllowOverride None
Require all granted
DirectoryIndex index.xhtml
</Directory>
</VirtualHost>
```
Activer le module SSL :
```
apachectl configtest && systemctl reload apache2
```
Vérifier que c'est bon et recharger :
```
apachectl configtest && systemctl reload apache2
```
# Renouvellement automatique # Renouvellement automatique
Ajouter un script cron dans `/etc/cron.weekly/dehydrated` : Ajouter un script cron dans `/etc/cron.weekly/dehydrated` :