With letsencrypt there's no longer any trade-off needed

This commit is contained in:
Bob Mottram 2016-10-28 10:12:27 +01:00
parent 0ca7b90b92
commit 1d9fc63a4a
1 changed files with 0 additions and 29 deletions

View File

@ -419,35 +419,6 @@ function install_gogs {
exit 72528 exit 72528
fi fi
if ! grep -q $"Gogs admin user password" /home/${MY_USERNAME}/README; then
echo '' >> /home/${MY_USERNAME}/README
echo '' >> /home/${MY_USERNAME}/README
echo 'Gogs' >> /home/${MY_USERNAME}/README
echo '====' >> /home/${MY_USERNAME}/README
echo $'Install Steps For First-time Run:' >> /home/${MY_USERNAME}/README
echo $'Leave email service settings empty' >> /home/${MY_USERNAME}/README
echo $'Check "Enable Register Confirmation"' >> /home/${MY_USERNAME}/README
echo $'Check "Enable Mail Notification"' >> /home/${MY_USERNAME}/README
echo '' >> /home/${MY_USERNAME}/README
echo $'If you want to disable new account registrations then append the following:' >> /home/${MY_USERNAME}/README
echo ' [service]' >> /home/${MY_USERNAME}/README
echo ' DISABLE_REGISTRATION = true' >> /home/${MY_USERNAME}/README
echo $'Then restart with:' >> /home/${MY_USERNAME}/README
echo ' systemctl restart gogs' >> /home/${MY_USERNAME}/README
echo '' >> /home/${MY_USERNAME}/README
echo $"Note that there's a usability/security trade-off made here." >> /home/${MY_USERNAME}/README
echo $"In order to allow git clone via http we don't redirect everything" >> /home/${MY_USERNAME}/README
echo $'over https. Instead only critical things such as user login,' >> /home/${MY_USERNAME}/README
echo $'settings and admin are encrypted.' >> /home/${MY_USERNAME}/README
echo $'There are also potential security issues with cloning/pulling/pushing' >> /home/${MY_USERNAME}/README
echo $'code over http, since a determined adversary could inject malware' >> /home/${MY_USERNAME}/README
echo $'into the stream as it passes, so beware.' >> /home/${MY_USERNAME}/README
echo $'If you have a bought domain and a non-self signed cert then you' >> /home/${MY_USERNAME}/README
echo $"should change /etc/nginx/sites-available/${GIT_DOMAIN_NAME} to redirect everything over https." >> /home/${MY_USERNAME}/README
chown ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/README
chmod 600 /home/${MY_USERNAME}/README
fi
function_check initialise_database function_check initialise_database
initialise_database gogs /home/${GOGS_USERNAME}/scripts/mysql.sql initialise_database gogs /home/${GOGS_USERNAME}/scripts/mysql.sql