diff --git a/INSTALL.txt b/INSTALL.txt index 1f5418e..7e2c6fb 100644 --- a/INSTALL.txt +++ b/INSTALL.txt @@ -62,10 +62,12 @@ cmd: cd ../.. As Root: cmd: certbot --nginx -d +Edit misc/reverse-proxy.conf and change "" to the correct value. + From your working directory, do the following As Root: cmd: cd oidc-registration-php cmd: cp -r * /var/www/html - cmd: cp ssl-certs/* /usr/local/share/ca-certficates + cmd: cp ssl-certs/* /usr/local/share/ca-certificates cmd: update-ca-certificates -f cmd: cp misc/reverse-proxy.conf /etc/nginx/conf.d cmd: ( cd /var/www/html ; mv -i index.html index.html-orig ) diff --git a/README.md b/README.md index b1d8361..25a6703 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,11 @@ Most of the instructions are in INSTALL.txt, but this will give you a few instru To install this project, you should start with a machine, whether physical or virtual, based on Debian 12. -You also need to have Git installed in this machine. +You will need three DNS entries pointing at this machine. + +They are the normal one, one that is "authserver.[Your Domain Name]" and "idp.[Your Domain Name]". + +Before continuing, you will need to have Git installed in this machine. You will probably want to do: diff --git a/misc/reverse-proxy.conf b/misc/reverse-proxy.conf index e01f1de..c98584e 100644 --- a/misc/reverse-proxy.conf +++ b/misc/reverse-proxy.conf @@ -1,69 +1,41 @@ -#stream { -#map $ssl_preread_server_name $targetBackend { -#authserver.cacert-phoenix.org 127.0.0.4444; -#} -#} - -#server { - # if ($host = authserver.cacert-phoenix.org) { - #return 301 https://$host$request_uri; - #} # managed by Certbot - - # inet 141.98.154.48/23 brd 141.98.155.255 scope global eth0 - # valid_lft forever preferred_lft forever - # inet6 2a02:c202:3014:5331::1/64 scope global - - # listen 141.98.154.48:4444; - # # ssl on; - # server_name authserver.cacert-phoenix.org; - # return 404; # managed by Certbot - - # location / { - #proxy_pass https://127.0.0.1:4444; - #proxy_set_header Host $host; - #p#roxy_set_header X-Real-IP $remote_addr; - #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - #} - - #} server { - if ($host = authserver.cacert-phoenix.org) { + if ($host = authserver.) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; - server_name authserver.cacert-phoenix.org; + server_name authserver.; return 404; # managed by Certbot } server { - if ($host = idp.cacert-phoenix.org) { + if ($host = idp.) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; - server_name idp.cacert-phoenix.org; + server_name idp.; return 404; # managed by Certbot } server { - if ($host = registration.cacert-phoenix.org) { + if ($host = ) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; - server_name registration.cacert-phoenix.org; + server_name ; return 404; # managed by Certbot } server { - server_name authserver.cacert-phoenix.org; + server_name authserver.; location / { proxy_pass https://127.0.0.1:4444; @@ -75,14 +47,14 @@ server { listen 443 ssl; # managed by Certbot listen 141.98.154.48:4444 ssl; - ssl_certificate /etc/letsencrypt/live/registration.cacert-phoenix.org/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/registration.cacert-phoenix.org/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { - server_name idp.cacert-phoenix.org; + server_name idp.; location / { proxy_pass https://127.0.0.1:3000; @@ -93,15 +65,15 @@ server { listen 443 ssl; # managed by Certbot listen 141.98.154.48:3000 ssl; - ssl_certificate /etc/letsencrypt/live/registration.cacert-phoenix.org/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/registration.cacert-phoenix.org/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { - server_name registration.cacert-phoenix.org; + server_name ; root /var/www/html; @@ -148,8 +120,8 @@ server { } listen 443 ssl http2; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/registration.cacert-phoenix.org/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/registration.cacert-phoenix.org/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live//fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live//privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot