With letsencrypt there's no longer any trade-off needed
This commit is contained in:
parent
0ca7b90b92
commit
1d9fc63a4a
|
@ -419,35 +419,6 @@ function install_gogs {
|
||||||
exit 72528
|
exit 72528
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! grep -q $"Gogs admin user password" /home/${MY_USERNAME}/README; then
|
|
||||||
echo '' >> /home/${MY_USERNAME}/README
|
|
||||||
echo '' >> /home/${MY_USERNAME}/README
|
|
||||||
echo 'Gogs' >> /home/${MY_USERNAME}/README
|
|
||||||
echo '====' >> /home/${MY_USERNAME}/README
|
|
||||||
echo $'Install Steps For First-time Run:' >> /home/${MY_USERNAME}/README
|
|
||||||
echo $'Leave email service settings empty' >> /home/${MY_USERNAME}/README
|
|
||||||
echo $'Check "Enable Register Confirmation"' >> /home/${MY_USERNAME}/README
|
|
||||||
echo $'Check "Enable Mail Notification"' >> /home/${MY_USERNAME}/README
|
|
||||||
echo '' >> /home/${MY_USERNAME}/README
|
|
||||||
echo $'If you want to disable new account registrations then append the following:' >> /home/${MY_USERNAME}/README
|
|
||||||
echo ' [service]' >> /home/${MY_USERNAME}/README
|
|
||||||
echo ' DISABLE_REGISTRATION = true' >> /home/${MY_USERNAME}/README
|
|
||||||
echo $'Then restart with:' >> /home/${MY_USERNAME}/README
|
|
||||||
echo ' systemctl restart gogs' >> /home/${MY_USERNAME}/README
|
|
||||||
echo '' >> /home/${MY_USERNAME}/README
|
|
||||||
echo $"Note that there's a usability/security trade-off made here." >> /home/${MY_USERNAME}/README
|
|
||||||
echo $"In order to allow git clone via http we don't redirect everything" >> /home/${MY_USERNAME}/README
|
|
||||||
echo $'over https. Instead only critical things such as user login,' >> /home/${MY_USERNAME}/README
|
|
||||||
echo $'settings and admin are encrypted.' >> /home/${MY_USERNAME}/README
|
|
||||||
echo $'There are also potential security issues with cloning/pulling/pushing' >> /home/${MY_USERNAME}/README
|
|
||||||
echo $'code over http, since a determined adversary could inject malware' >> /home/${MY_USERNAME}/README
|
|
||||||
echo $'into the stream as it passes, so beware.' >> /home/${MY_USERNAME}/README
|
|
||||||
echo $'If you have a bought domain and a non-self signed cert then you' >> /home/${MY_USERNAME}/README
|
|
||||||
echo $"should change /etc/nginx/sites-available/${GIT_DOMAIN_NAME} to redirect everything over https." >> /home/${MY_USERNAME}/README
|
|
||||||
chown ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/README
|
|
||||||
chmod 600 /home/${MY_USERNAME}/README
|
|
||||||
fi
|
|
||||||
|
|
||||||
function_check initialise_database
|
function_check initialise_database
|
||||||
initialise_database gogs /home/${GOGS_USERNAME}/scripts/mysql.sql
|
initialise_database gogs /home/${GOGS_USERNAME}/scripts/mysql.sql
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue