Simplify the creation of self-signed certificates
This commit is contained in:
Bob Mottram
parent
6a7d4b2568
commit
f2c41e77e9
|
|
@ -2629,22 +2629,24 @@ Create a self-signed certificate. The passphrase isn't important and will be rem
|
|||
editor /usr/bin/makecert
|
||||
#+END_SRC
|
||||
|
||||
Enter the following:
|
||||
Enter the following, changing the country code and location as needed:
|
||||
|
||||
#+BEGIN_SRC: bash
|
||||
#!/bin/bash
|
||||
|
||||
HOSTNAME=$1
|
||||
COUNTRY_CODE="GB"
|
||||
AREA="Greater Manchester"
|
||||
LOCATION="Manchester"
|
||||
ORGANISATION="Freedombone"
|
||||
|
||||
openssl genrsa -des3 -out $HOSTNAME.key 1024
|
||||
openssl req -new -x509 -nodes -days 3650 -key $HOSTNAME.key -out $HOSTNAME.crt
|
||||
openssl rsa -in $HOSTNAME.key -out $HOSTNAME.new.key
|
||||
cp $HOSTNAME.new.key $HOSTNAME.key
|
||||
rm $HOSTNAME.new.key
|
||||
cp $HOSTNAME.key /etc/ssl/private
|
||||
openssl req \
|
||||
-x509 -nodes -days 3650 \
|
||||
-subj "/O=$ORGANISATION/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
|
||||
-newkey rsa:1024 \
|
||||
-keyout /etc/ssl/private/$HOSTNAME.key \
|
||||
-out /etc/ssl/certs/$HOSTNAME.crt
|
||||
chmod 400 /etc/ssl/private/$HOSTNAME.key
|
||||
cp $HOSTNAME.crt /etc/ssl/certs
|
||||
shred -zu $HOSTNAME.key $HOSTNAME.crt
|
||||
/etc/init.d/nginx reload
|
||||
#+END_SRC
|
||||
|
||||
|
|
@ -2655,8 +2657,6 @@ chmod +x /usr/bin/makecert
|
|||
makecert $HOSTNAME
|
||||
#+END_SRC
|
||||
|
||||
Enter some trivial password for the key file, such as "password". The password will be removed as part of the /makecert/ script which you just created. Note that leaving a password on the key file would mean that after a power cycle the Apache server will not be able to boot properly (it would wait indefinitely for a password to be manually entered) and would look as if it had crashed.
|
||||
|
||||
If all has gone well then there should be no warnings or errors after you run the service restart command. After that you should enable ports 80 (HTTP) and 443 (HTTPS) on your internet router/firewall, such that they are redirected to the BBB.
|
||||
|
||||
Also limit the amount of memory which any php scripts can use.
|
||||
|
|
@ -7189,6 +7189,7 @@ map $http_upgrade $connection_upgrade {
|
|||
server {
|
||||
listen 443 ssl;
|
||||
server_name mysubsonicdomainname.com;
|
||||
index index.php;
|
||||
|
||||
error_log /var/www/mysubsonicdomainname.com/error.log debug;
|
||||
|
||||
|
|
@ -7225,11 +7226,11 @@ server {
|
|||
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name FQDN;
|
||||
listen 443 ssl;
|
||||
server_name mysubsonicdomainname.com;
|
||||
charset utf-8;
|
||||
|
||||
root PATH;
|
||||
root /var/www/mysubsonicdomainname.com/htdocs;
|
||||
index index.php;
|
||||
|
||||
if ( !-d $request_filename ) {
|
||||
|
|
@ -7284,7 +7285,7 @@ Save and exit.
|
|||
#+BEGIN_SRC: bash
|
||||
sed "s/mysubsonicdomainname.com/$HOSTNAME/g" /etc/nginx/sites-available/$HOSTNAME > /tmp/website
|
||||
cp -f /tmp/website /etc/nginx/sites-available/$HOSTNAME
|
||||
service nginx restart
|
||||
/etc/init.d/nginx reload
|
||||
#+END_SRC
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue