Backup and restore for keyserver
This commit is contained in:
parent
5122bdbc48
commit
fe024046ec
|
@ -12,12 +12,18 @@
|
||||||
|
|
||||||
#+BEGIN_EXPORT html
|
#+BEGIN_EXPORT html
|
||||||
<center>
|
<center>
|
||||||
<h1>Key Server</h1>
|
<h1>OpenPGP Key Server</h1>
|
||||||
</center>
|
</center>
|
||||||
#+END_EXPORT
|
#+END_EXPORT
|
||||||
|
|
||||||
|
#+BEGIN_CENTER
|
||||||
|
[[file:images/keyserver.jpg]]
|
||||||
|
#+END_CENTER
|
||||||
|
|
||||||
The usual way in which you obtain GPG public keys for email encryption or other purposes is via a key server. There are a few common ones out there, but it's also possible to run your own key server.
|
The usual way in which you obtain GPG public keys for email encryption or other purposes is via a key server. There are a few common ones out there, but it's also possible to run your own key server.
|
||||||
|
|
||||||
|
* Installation
|
||||||
|
|
||||||
ssh into the system with:
|
ssh into the system with:
|
||||||
|
|
||||||
#+BEGIN_SRC bash
|
#+BEGIN_SRC bash
|
||||||
|
@ -27,3 +33,10 @@ ssh myusername@mydomain.com -p 2222
|
||||||
Select *Add/Remove Apps* then *keyserver*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /keys.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.
|
Select *Add/Remove Apps* then *keyserver*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /keys.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.
|
||||||
|
|
||||||
After the install has completed go to *Security settings* and select *Create a new Let's Encrypt certificate* and enter the domain name that you are using for the Key server. If the certificate is obtained successfully then you will see a congratulations message.
|
After the install has completed go to *Security settings* and select *Create a new Let's Encrypt certificate* and enter the domain name that you are using for the Key server. If the certificate is obtained successfully then you will see a congratulations message.
|
||||||
|
|
||||||
|
* How to use it
|
||||||
|
Interaction with the web user interface is pretty minimal and obvious, but most likely you will also want to be able to use your keyserver from the commandline. To do that use the *--keyserver* option:
|
||||||
|
|
||||||
|
#+begin_src bash
|
||||||
|
gpg --keyserver [your keyserver domain] --search-keys [email address]
|
||||||
|
#+end_src
|
||||||
|
|
Binary file not shown.
After Width: | Height: | Size: 11 KiB |
|
@ -115,19 +115,87 @@ function upgrade_keyserver {
|
||||||
}
|
}
|
||||||
|
|
||||||
function backup_local_keyserver {
|
function backup_local_keyserver {
|
||||||
echo -n ''
|
source_directory=/var/lib/sks/DB
|
||||||
|
if [ -d $source_directory ]; then
|
||||||
|
systemctl stop sks
|
||||||
|
dest_directory=keyserver
|
||||||
|
function_check backup_directory_to_usb
|
||||||
|
backup_directory_to_usb $source_directory $dest_directory
|
||||||
|
systemctl start sks
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function restore_local_keyserver {
|
function restore_local_keyserver {
|
||||||
echo -n ''
|
if [ ! -d /var/lib/sks/DB ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
echo $"Restoring SKS Keyserver"
|
||||||
|
systemctl stop sks
|
||||||
|
temp_restore_dir=/root/tempkeyserver
|
||||||
|
function_check restore_directory_from_usb
|
||||||
|
restore_directory_from_usb $temp_restore_dir keyserver
|
||||||
|
mv /var/lib/sks/DB /var/lib/sks/DB_prev
|
||||||
|
cp -r $temp_restore_dir/var/lib/sks/DB /var/lib/sks/DB
|
||||||
|
if [ ! "$?" = "0" ]; then
|
||||||
|
# restore the old database
|
||||||
|
rm -rf /var/lib/sks/DB
|
||||||
|
mv /var/lib/sks/DB_prev /var/lib/sks/DB
|
||||||
|
|
||||||
|
rm -rf $temp_restore_dir
|
||||||
|
function_check set_user_permissions
|
||||||
|
set_user_permissions
|
||||||
|
function_check backup_unmount_drive
|
||||||
|
backup_unmount_drive
|
||||||
|
exit 5627294
|
||||||
|
fi
|
||||||
|
rm -rf $temp_restore_dir
|
||||||
|
chown -Rc debian-sks: /var/lib/sks
|
||||||
|
|
||||||
|
# remove the old database
|
||||||
|
rm -rf /var/lib/sks/DB_prev
|
||||||
|
|
||||||
|
systemctl start sks
|
||||||
}
|
}
|
||||||
|
|
||||||
function backup_remote_keyserver {
|
function backup_remote_keyserver {
|
||||||
echo -n ''
|
source_directory=/var/lib/sks/DB
|
||||||
|
if [ -d $source_directory ]; then
|
||||||
|
systemctl stop sks
|
||||||
|
dest_directory=keyserver
|
||||||
|
function_check backup_directory_to_friend
|
||||||
|
backup_directory_to_friend $source_directory $dest_directory
|
||||||
|
systemctl start sks
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function restore_remote_keyserver {
|
function restore_remote_keyserver {
|
||||||
echo -n ''
|
if [ ! -d /var/lib/sks/DB ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
echo $"Restoring SKS Keyserver"
|
||||||
|
systemctl stop sks
|
||||||
|
temp_restore_dir=/root/tempkeyserver
|
||||||
|
function_check restore_directory_from_friend
|
||||||
|
restore_directory_from_friend $temp_restore_dir keyserver
|
||||||
|
mv /var/lib/sks/DB /var/lib/sks/DB_prev
|
||||||
|
cp -r $temp_restore_dir/var/lib/sks/DB /var/lib/sks/DB
|
||||||
|
if [ ! "$?" = "0" ]; then
|
||||||
|
# restore the old database
|
||||||
|
rm -rf /var/lib/sks/DB
|
||||||
|
mv /var/lib/sks/DB_prev /var/lib/sks/DB
|
||||||
|
|
||||||
|
rm -rf $temp_restore_dir
|
||||||
|
function_check set_user_permissions
|
||||||
|
set_user_permissions
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
rm -rf $temp_restore_dir
|
||||||
|
chown -Rc debian-sks: /var/lib/sks
|
||||||
|
|
||||||
|
# remove the old database
|
||||||
|
rm -rf /var/lib/sks/DB_prev
|
||||||
|
|
||||||
|
systemctl start sks
|
||||||
}
|
}
|
||||||
|
|
||||||
function remove_keyserver {
|
function remove_keyserver {
|
||||||
|
|
Loading…
Reference in New Issue