Retire support for keybase.io gpg version 2.x doesn't appear to work well with it, but beyond that there's the really concerning issue that the site asks users to upload their *private keys*. Even if the private keys are client side passphrase encrypted this gives that site a full time opportunity to crack private keys. Even if they don't so that, a leak happens and suddenly letter agencies have your private key. Not a good way to go.
This commit is contained in:
parent
2a7e6c323d
commit
f410d0a13f
|
@ -387,8 +387,6 @@ function install_dokuwiki {
|
|||
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
|
||||
nginx_keybase $DOKUWIKI_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
|
||||
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
|
||||
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
|
||||
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
|
||||
|
@ -467,7 +465,6 @@ function install_dokuwiki {
|
|||
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
|
||||
nginx_keybase $DOKUWIKI_DOMAIN_NAME
|
||||
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
|
||||
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
|
||||
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
|
||||
|
|
|
@ -573,8 +573,6 @@ function install_etherpad {
|
|||
echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site
|
||||
echo ' proxy_buffering off;' >> $etherpad_nginx_site
|
||||
echo ' }' >> $etherpad_nginx_site
|
||||
echo '' >> $etherpad_nginx_site
|
||||
nginx_keybase $ETHERPAD_DOMAIN_NAME
|
||||
echo '}' >> $etherpad_nginx_site
|
||||
else
|
||||
echo -n '' > $etherpad_nginx_site
|
||||
|
@ -600,8 +598,6 @@ function install_etherpad {
|
|||
echo ' proxy_set_header Host $host;' >> $etherpad_nginx_site
|
||||
echo ' proxy_buffering off;' >> $etherpad_nginx_site
|
||||
echo ' }' >> $etherpad_nginx_site
|
||||
echo '' >> $etherpad_nginx_site
|
||||
nginx_keybase $ETHERPAD_DOMAIN_NAME
|
||||
echo '}' >> $etherpad_nginx_site
|
||||
|
||||
function_check create_site_certificate
|
||||
|
|
|
@ -427,8 +427,6 @@ function install_friendica {
|
|||
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
|
||||
nginx_keybase ${FRIENDICA_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
|
||||
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
|
||||
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
|
||||
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
|
||||
|
@ -496,8 +494,6 @@ function install_friendica {
|
|||
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
|
||||
nginx_keybase ${FRIENDICA_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
|
||||
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
|
||||
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
|
||||
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
|
||||
|
|
|
@ -471,8 +471,6 @@ function install_ghost {
|
|||
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
|
||||
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
|
||||
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
|
||||
nginx_keybase $GHOST_DOMAIN_NAME
|
||||
echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
|
||||
else
|
||||
|
@ -505,8 +503,6 @@ function install_ghost {
|
|||
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
|
||||
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
|
||||
echo ' }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
|
||||
nginx_keybase ${GHOST_DOMAIN_NAME}
|
||||
echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
|
||||
|
||||
function_check create_site_certificate
|
||||
|
|
|
@ -738,8 +738,6 @@ function install_gnusocial_main {
|
|||
echo ' location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
|
||||
echo ' deny all;' >> $gnusocial_nginx_site
|
||||
echo ' }' >> $gnusocial_nginx_site
|
||||
echo '' >> $gnusocial_nginx_site
|
||||
# DO NOT ENABLE KEYBASE. gnusocial really doesn't like having a .well-known directory
|
||||
echo '}' >> $gnusocial_nginx_site
|
||||
else
|
||||
echo -n '' > $gnusocial_nginx_site
|
||||
|
@ -787,8 +785,6 @@ function install_gnusocial_main {
|
|||
echo ' location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
|
||||
echo ' deny all;' >> $gnusocial_nginx_site
|
||||
echo ' }' >> $gnusocial_nginx_site
|
||||
echo '' >> $gnusocial_nginx_site
|
||||
# DO NOT ENABLE KEYBASE. gnusocial really doesn't like having a .well-known directory
|
||||
echo '}' >> $gnusocial_nginx_site
|
||||
|
||||
function_check configure_php
|
||||
|
|
|
@ -601,8 +601,6 @@ function install_gogs {
|
|||
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
|
||||
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
|
||||
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
|
||||
nginx_keybase ${GIT_DOMAIN_NAME}
|
||||
echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
|
||||
else
|
||||
|
@ -635,8 +633,6 @@ function install_gogs {
|
|||
echo ' log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
|
||||
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
|
||||
echo ' }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
|
||||
nginx_keybase ${GIT_DOMAIN_NAME}
|
||||
echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
|
||||
|
||||
function_check configure_php
|
||||
|
|
|
@ -463,8 +463,6 @@ function install_htmly_website {
|
|||
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
|
||||
nginx_keybase ${HTMLY_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
|
||||
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
|
||||
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
|
||||
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
|
||||
|
@ -541,8 +539,6 @@ function install_htmly_website_onion {
|
|||
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
|
||||
nginx_keybase ${HTMLY_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
|
||||
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
|
||||
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
|
||||
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
|
||||
|
|
|
@ -431,8 +431,6 @@ function install_hubzilla {
|
|||
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
nginx_keybase ${HUBZILLA_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
|
@ -500,8 +498,6 @@ function install_hubzilla {
|
|||
echo ' rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
nginx_keybase ${HUBZILLA_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo ' # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo ' # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
echo ' # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
|
||||
|
|
|
@ -504,8 +504,6 @@ function install_kanboard {
|
|||
echo ' location ~ /\.(ht|git) {' >> $kanboard_nginx_site
|
||||
echo ' deny all;' >> $kanboard_nginx_site
|
||||
echo ' }' >> $kanboard_nginx_site
|
||||
echo '' >> $kanboard_nginx_site
|
||||
# DO NOT ENABLE KEYBASE. kanboard really doesn't like having a .well-known directory
|
||||
echo '}' >> $kanboard_nginx_site
|
||||
else
|
||||
echo -n '' > $kanboard_nginx_site
|
||||
|
@ -553,8 +551,6 @@ function install_kanboard {
|
|||
echo ' location ~ /\.(ht|git) {' >> $kanboard_nginx_site
|
||||
echo ' deny all;' >> $kanboard_nginx_site
|
||||
echo ' }' >> $kanboard_nginx_site
|
||||
echo '' >> $kanboard_nginx_site
|
||||
# DO NOT ENABLE KEYBASE. kanboard really doesn't like having a .well-known directory
|
||||
echo '}' >> $kanboard_nginx_site
|
||||
|
||||
function_check configure_php
|
||||
|
|
|
@ -260,8 +260,6 @@ function install_lychee_website {
|
|||
nginx_limits $LYCHEE_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
|
||||
nginx_keybase ${LYCHEE_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
|
||||
echo ' # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
|
||||
echo ' # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
|
||||
echo ' location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
|
||||
|
@ -323,8 +321,6 @@ function install_lychee_website_onion {
|
|||
nginx_limits $LYCHEE_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
|
||||
nginx_keybase ${LYCHEE_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
|
||||
echo ' # block these file types' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
|
||||
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
|
||||
echo ' deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
|
||||
|
|
|
@ -271,8 +271,6 @@ function install_mailpile {
|
|||
echo " proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
|
||||
echo ' proxy_redirect off;' >> $mailpile_nginx_site
|
||||
echo ' }' >> $mailpile_nginx_site
|
||||
echo '' >> $mailpile_nginx_site
|
||||
nginx_keybase ${MAILPILE_DOMAIN_NAME}
|
||||
echo '}' >> $mailpile_nginx_site
|
||||
echo '' >> $mailpile_nginx_site
|
||||
else
|
||||
|
@ -303,8 +301,6 @@ function install_mailpile {
|
|||
echo " proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
|
||||
echo ' proxy_redirect off;' >> $mailpile_nginx_site
|
||||
echo ' }' >> $mailpile_nginx_site
|
||||
echo '' >> $mailpile_nginx_site
|
||||
nginx_keybase ${MAILPILE_DOMAIN_NAME}
|
||||
echo '}' >> $mailpile_nginx_site
|
||||
|
||||
function_check create_site_certificate
|
||||
|
|
|
@ -381,7 +381,6 @@ function install_mediagoblin {
|
|||
nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
|
||||
function_check nginx_limits
|
||||
nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m
|
||||
nginx_keybase $MEDIAGOBLIN_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||
echo ' client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||
echo ' client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
|
||||
|
|
|
@ -545,9 +545,6 @@ function install_nextcloud_main {
|
|||
echo ' }' >> $nextcloud_nginx_site
|
||||
echo '' >> $nextcloud_nginx_site
|
||||
echo ' location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site
|
||||
echo '' >> $nextcloud_nginx_site
|
||||
|
||||
# DO NOT ENABLE KEYBASE. nextcloud really doesn't like having a .well-known directory
|
||||
echo '}' >> $nextcloud_nginx_site
|
||||
else
|
||||
echo -n '' > $nextcloud_nginx_site
|
||||
|
|
|
@ -93,8 +93,6 @@ function install_pelican_website {
|
|||
nginx_limits $PELICAN_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
|
||||
nginx_keybase ${PELICAN_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
|
||||
echo ' # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
|
||||
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
|
||||
echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
|
||||
|
@ -136,8 +134,6 @@ function install_pelican_website_onion {
|
|||
nginx_limits $PELICAN_DOMAIN_NAME
|
||||
echo ' }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
|
||||
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
|
||||
nginx_keybase ${PELICAN_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
|
||||
echo ' # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
|
||||
echo ' location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
|
||||
echo ' deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
|
||||
|
|
|
@ -753,8 +753,6 @@ function install_postactiv_main {
|
|||
echo ' location ~ /\.(ht|git) {' >> $postactiv_nginx_site
|
||||
echo ' deny all;' >> $postactiv_nginx_site
|
||||
echo ' }' >> $postactiv_nginx_site
|
||||
echo '' >> $postactiv_nginx_site
|
||||
# DO NOT ENABLE KEYBASE. postactiv really doesn't like having a .well-known directory
|
||||
echo '}' >> $postactiv_nginx_site
|
||||
else
|
||||
echo -n '' > $postactiv_nginx_site
|
||||
|
@ -802,8 +800,6 @@ function install_postactiv_main {
|
|||
echo ' location ~ /\.(ht|git) {' >> $postactiv_nginx_site
|
||||
echo ' deny all;' >> $postactiv_nginx_site
|
||||
echo ' }' >> $postactiv_nginx_site
|
||||
echo '' >> $postactiv_nginx_site
|
||||
# DO NOT ENABLE KEYBASE. postactiv really doesn't like having a .well-known directory
|
||||
echo '}' >> $postactiv_nginx_site
|
||||
|
||||
function_check configure_php
|
||||
|
|
|
@ -297,8 +297,6 @@ function install_riot {
|
|||
function_check nginx_limits
|
||||
nginx_limits $RIOT_DOMAIN_NAME '15m'
|
||||
echo ' }' >> $riot_nginx_site
|
||||
echo '' >> $riot_nginx_site
|
||||
nginx_keybase ${RIOT_DOMAIN_NAME}
|
||||
echo '}' >> $riot_nginx_site
|
||||
echo '' >> $riot_nginx_site
|
||||
else
|
||||
|
@ -324,8 +322,6 @@ function install_riot {
|
|||
function_check nginx_limits
|
||||
nginx_limits $RIOT_DOMAIN_NAME '15m'
|
||||
echo ' }' >> $riot_nginx_site
|
||||
echo '' >> $riot_nginx_site
|
||||
nginx_keybase ${RIOT_DOMAIN_NAME}
|
||||
echo '}' >> $riot_nginx_site
|
||||
|
||||
sed '/Content-Security-Policy/d' $riot_nginx_site
|
||||
|
|
|
@ -313,8 +313,6 @@ function install_wekan_main {
|
|||
echo ' log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
|
||||
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
|
||||
echo ' }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
|
||||
nginx_keybase ${WEKAN_DOMAIN_NAME}
|
||||
echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
|
||||
else
|
||||
|
@ -347,8 +345,6 @@ function install_wekan_main {
|
|||
echo ' log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
|
||||
echo ' access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
|
||||
echo ' }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
|
||||
echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
|
||||
nginx_keybase ${WEKAN_DOMAIN_NAME}
|
||||
echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
|
||||
|
||||
function_check nginx_ensite
|
||||
|
|
|
@ -166,29 +166,6 @@ function nginx_ssl {
|
|||
#nginx_stapling $1
|
||||
}
|
||||
|
||||
function nginx_keybase {
|
||||
# creates files suitable for keybase.io verification
|
||||
domain_name=$1
|
||||
filename=/etc/nginx/sites-available/$domain_name
|
||||
|
||||
echo '' >> $filename
|
||||
echo " # make sure webfinger and other well known services aren't blocked" >> $filename
|
||||
echo ' # by denying dot files and rewrite request to the front controller' >> $filename
|
||||
echo ' location ^~ /.well-known/ {' >> $filename
|
||||
echo ' allow all;' >> $filename
|
||||
echo ' }' >> $filename
|
||||
|
||||
if [ ! -d /var/www/${domain_name}/htdocs/.well-known ]; then
|
||||
mkdir -p /var/www/${domain_name}/htdocs/.well-known
|
||||
fi
|
||||
if [ ! -f /var/www/${domain_name}/htdocs/keybase.txt ]; then
|
||||
touch /var/www/${domain_name}/htdocs/keybase.txt
|
||||
fi
|
||||
if [ ! -f /var/www/${domain_name}/htdocs/.well-known/keybase.txt ]; then
|
||||
touch /var/www/${domain_name}/htdocs/.well-known/keybase.txt
|
||||
fi
|
||||
}
|
||||
|
||||
# check an individual domain name
|
||||
function test_domain_name {
|
||||
if [ $1 ]; then
|
||||
|
|
Loading…
Reference in New Issue