Skip to content
This repository has been archived by the owner on Mar 25, 2022. It is now read-only.

Commit

Permalink
ssl: add and update saft project certs
Browse files Browse the repository at this point in the history 
License: MIT
Signed-off-by: Lars Gierth <larsg@systemli.org>
  • Loading branch information
Lars Gierth committed Jan 2, 2018
1 parent a65da50 commit 306295c
Show file tree
Hide file tree
Showing 4 changed files with 96 additions and 2 deletions.
10 changes: 10 additions & 0 deletions ipfs/pages/build.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,16 @@ printf %s\\n "$(lookup pages_wwwsaftprojectcom_ssl_key)" > out/www.saftproject.c
printf %s\\n "$(lookup pages_wwwsaftprojectcom_ssl_trustchain)" > out/www.saftproject.com.trustchain.crt
printf %s\\n "$(lookup pages_wwwsaftprojectcom_ssl_dhparam)" > out/www.saftproject.com.dhparam.pem

printf %s\\n "$(lookup pages_saft_projectcom_ssl_cert)" > out/saft-project.com.crt
printf %s\\n "$(lookup pages_saft_projectcom_ssl_key)" > out/saft-project.com.key
printf %s\\n "$(lookup pages_saft_projectcom_ssl_trustchain)" > out/saft-project.com.trustchain.crt
printf %s\\n "$(lookup pages_saft_projectcom_ssl_dhparam)" > out/saft-project.com.dhparam.pem

printf %s\\n "$(lookup pages_wwwsaft_projectcom_ssl_cert)" > out/www.saft-project.com.crt
printf %s\\n "$(lookup pages_wwwsaft_projectcom_ssl_key)" > out/www.saft-project.com.key
printf %s\\n "$(lookup pages_wwwsaft_projectcom_ssl_trustchain)" > out/www.saft-project.com.trustchain.crt
printf %s\\n "$(lookup pages_wwwsaft_projectcom_ssl_dhparam)" > out/www.saft-project.com.dhparam.pem

printf %s\\n "$(lookup pages_saft_projectorg_ssl_cert)" > out/saft-project.org.crt
printf %s\\n "$(lookup pages_saft_projectorg_ssl_key)" > out/saft-project.org.key
printf %s\\n "$(lookup pages_saft_projectorg_ssl_trustchain)" > out/saft-project.org.trustchain.crt
Expand Down
48 changes: 48 additions & 0 deletions ipfs/pages/install.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -392,6 +392,46 @@ if [ ! -z "$(diff -Naur "$cert_dest/www.saftproject.com.dhparam.pem" "out/www.sa
reload=1
fi

if [ ! -z "$(diff -Naur "$cert_dest/saft-project.com.crt" "out/saft-project.com.crt")" ]; then
echo "ipfs/pages saft-project.com ssl cert changed"
reload=1
fi

if [ ! -z "$(diff -Naur "$cert_dest/saft-project.com.key" "out/saft-project.com.key")" ]; then
echo "ipfs/pages saft-project.com ssl key changed"
reload=1
fi

if [ ! -z "$(diff -Naur "$cert_dest/saft-project.com.trustchain.crt" "out/saft-project.com.trustchain.crt")" ]; then
echo "ipfs/pages saft-project.com ssl trustchain changed"
reload=1
fi

if [ ! -z "$(diff -Naur "$cert_dest/saft-project.com.dhparam.pem" "out/saft-project.com.dhparam.pem")" ]; then
echo "ipfs/pages saft-project.com ssl dhparam changed"
reload=1
fi

if [ ! -z "$(diff -Naur "$cert_dest/www.saft-project.com.crt" "out/www.saft-project.com.crt")" ]; then
echo "ipfs/pages www.saft-project.com ssl cert changed"
reload=1
fi

if [ ! -z "$(diff -Naur "$cert_dest/www.saft-project.com.key" "out/www.saft-project.com.key")" ]; then
echo "ipfs/pages www.saft-project.com ssl key changed"
reload=1
fi

if [ ! -z "$(diff -Naur "$cert_dest/www.saft-project.com.trustchain.crt" "out/www.saft-project.com.trustchain.crt")" ]; then
echo "ipfs/pages www.saft-project.com ssl trustchain changed"
reload=1
fi

if [ ! -z "$(diff -Naur "$cert_dest/www.saft-project.com.dhparam.pem" "out/www.saft-project.com.dhparam.pem")" ]; then
echo "ipfs/pages www.saft-project.com ssl dhparam changed"
reload=1
fi

if [ ! -z "$(diff -Naur "$cert_dest/saft-project.org.crt" "out/saft-project.org.crt")" ]; then
echo "ipfs/pages saft-project.org ssl cert changed"
reload=1
Expand Down Expand Up @@ -548,6 +588,14 @@ if [ "reload$reload" == "reload1" ]; then
cp "out/www.saftproject.com.key" "$cert_dest/www.saftproject.com.key"
cp "out/www.saftproject.com.trustchain.crt" "$cert_dest/www.saftproject.com.trustchain.crt"
cp "out/www.saftproject.com.dhparam.pem" "$cert_dest/www.saftproject.com.dhparam.pem"
cp "out/saft-project.com.crt" "$cert_dest/saft-project.com.crt"
cp "out/saft-project.com.key" "$cert_dest/saft-project.com.key"
cp "out/saft-project.com.trustchain.crt" "$cert_dest/saft-project.com.trustchain.crt"
cp "out/saft-project.com.dhparam.pem" "$cert_dest/saft-project.com.dhparam.pem"
cp "out/www.saft-project.com.crt" "$cert_dest/www.saft-project.com.crt"
cp "out/www.saft-project.com.key" "$cert_dest/www.saft-project.com.key"
cp "out/www.saft-project.com.trustchain.crt" "$cert_dest/www.saft-project.com.trustchain.crt"
cp "out/www.saft-project.com.dhparam.pem" "$cert_dest/www.saft-project.com.dhparam.pem"
cp "out/saft-project.org.crt" "$cert_dest/saft-project.org.crt"
cp "out/saft-project.org.key" "$cert_dest/saft-project.org.key"
cp "out/saft-project.org.trustchain.crt" "$cert_dest/saft-project.org.trustchain.crt"
Expand Down
38 changes: 37 additions & 1 deletion ipfs/pages/nginx.conf.tpl
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
server {
server_name *.i.ipfs.io filecoin.io orbit.chat ipld.io libp2p.io multiformats.io zcash.dag.ipfs.io wikipedia-on-ipfs.org en.wikipedia-on-ipfs.org tr.wikipedia-on-ipfs.org simple.wikipedia-on-ipfs.org ar.wikipedia-on-ipfs.org ku.wikipedia-on-ipfs.org datatogether.org saftproject.com www.saftproject.com saft-project.org www.saft-project.org peerpad.net flipchart.peerpad.net;
server_name *.i.ipfs.io filecoin.io orbit.chat ipld.io libp2p.io multiformats.io zcash.dag.ipfs.io wikipedia-on-ipfs.org en.wikipedia-on-ipfs.org tr.wikipedia-on-ipfs.org simple.wikipedia-on-ipfs.org ar.wikipedia-on-ipfs.org ku.wikipedia-on-ipfs.org datatogether.org saftproject.com www.saftproject.com saft-project.com www.saft-project.com saft-project.org www.saft-project.org peerpad.net flipchart.peerpad.net;
access_log /var/log/nginx/access.log mtail;
listen 80;
Expand Down Expand Up @@ -445,6 +445,42 @@ server {
return 301 https://saftproject.com\$request_uri;
}

server {
server_name saft-project.com;
access_log /var/log/nginx/access.log mtail;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/certs/saft-project.com.crt;
ssl_certificate_key /etc/nginx/certs/saft-project.com.key;
ssl_dhparam /etc/nginx/certs/saft-project.com.dhparam.pem;
ssl_trusted_certificate /etc/nginx/certs/saft-project.com.trustchain.crt;
# HSTS (ngx_http_headers_module is required)
# 31536000 seconds = 12 months, as advised by hstspreload.org
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
return 301 https://saftproject.com\$request_uri;
}

server {
server_name www.saft-project.com;
access_log /var/log/nginx/access.log mtail;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/nginx/certs/www.saft-project.com.crt;
ssl_certificate_key /etc/nginx/certs/www.saft-project.com.key;
ssl_dhparam /etc/nginx/certs/www.saft-project.com.dhparam.pem;
ssl_trusted_certificate /etc/nginx/certs/www.saft-project.com.trustchain.crt;
# HSTS (ngx_http_headers_module is required)
# 31536000 seconds = 12 months, as advised by hstspreload.org
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
return 301 https://saftproject.com\$request_uri;
}

server {
server_name saft-project.org;
access_log /var/log/nginx/access.log mtail;
Expand Down
2 changes: 1 addition & 1 deletion secrets_secure
Submodule secrets_secure updated from 397c93 to d1f704

0 comments on commit 306295c

Please sign in to comment.