Added required DNS entries.
This commit is contained in:
parent
b62b39a186
commit
35c938e5d1
3 changed files with 23 additions and 45 deletions
|
@ -62,10 +62,12 @@ cmd: cd ../..
|
||||||
|
|
||||||
As Root: cmd: certbot --nginx -d <your domain name>
|
As Root: cmd: certbot --nginx -d <your domain name>
|
||||||
|
|
||||||
|
Edit misc/reverse-proxy.conf and change "<My Domain Name>" to the correct value.
|
||||||
|
|
||||||
From your working directory, do the following As Root:
|
From your working directory, do the following As Root:
|
||||||
cmd: cd oidc-registration-php
|
cmd: cd oidc-registration-php
|
||||||
cmd: cp -r * /var/www/html
|
cmd: cp -r * /var/www/html
|
||||||
cmd: cp ssl-certs/* /usr/local/share/ca-certficates
|
cmd: cp ssl-certs/* /usr/local/share/ca-certificates
|
||||||
cmd: update-ca-certificates -f
|
cmd: update-ca-certificates -f
|
||||||
cmd: cp misc/reverse-proxy.conf /etc/nginx/conf.d
|
cmd: cp misc/reverse-proxy.conf /etc/nginx/conf.d
|
||||||
cmd: ( cd /var/www/html ; mv -i index.html index.html-orig )
|
cmd: ( cd /var/www/html ; mv -i index.html index.html-orig )
|
||||||
|
|
|
@ -6,7 +6,11 @@ Most of the instructions are in INSTALL.txt, but this will give you a few instru
|
||||||
|
|
||||||
To install this project, you should start with a machine, whether physical or virtual, based on Debian 12.
|
To install this project, you should start with a machine, whether physical or virtual, based on Debian 12.
|
||||||
|
|
||||||
You also need to have Git installed in this machine.
|
You will need three DNS entries pointing at this machine.
|
||||||
|
|
||||||
|
They are the normal one, one that is "authserver.[Your Domain Name]" and "idp.[Your Domain Name]".
|
||||||
|
|
||||||
|
Before continuing, you will need to have Git installed in this machine.
|
||||||
|
|
||||||
You will probably want to do:
|
You will probably want to do:
|
||||||
|
|
||||||
|
|
|
@ -1,69 +1,41 @@
|
||||||
#stream {
|
|
||||||
#map $ssl_preread_server_name $targetBackend {
|
|
||||||
#authserver.cacert-phoenix.org 127.0.0.4444;
|
|
||||||
#}
|
|
||||||
#}
|
|
||||||
|
|
||||||
#server {
|
|
||||||
# if ($host = authserver.cacert-phoenix.org) {
|
|
||||||
#return 301 https://$host$request_uri;
|
|
||||||
#} # managed by Certbot
|
|
||||||
|
|
||||||
# inet 141.98.154.48/23 brd 141.98.155.255 scope global eth0
|
|
||||||
# valid_lft forever preferred_lft forever
|
|
||||||
# inet6 2a02:c202:3014:5331::1/64 scope global
|
|
||||||
|
|
||||||
# listen 141.98.154.48:4444;
|
|
||||||
# # ssl on;
|
|
||||||
# server_name authserver.cacert-phoenix.org;
|
|
||||||
# return 404; # managed by Certbot
|
|
||||||
|
|
||||||
# location / {
|
|
||||||
#proxy_pass https://127.0.0.1:4444;
|
|
||||||
#proxy_set_header Host $host;
|
|
||||||
#p#roxy_set_header X-Real-IP $remote_addr;
|
|
||||||
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
#}
|
|
||||||
|
|
||||||
#}
|
|
||||||
server {
|
server {
|
||||||
if ($host = authserver.cacert-phoenix.org) {
|
if ($host = authserver.<My Domain Name>) {
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
} # managed by Certbot
|
} # managed by Certbot
|
||||||
|
|
||||||
|
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name authserver.cacert-phoenix.org;
|
server_name authserver.<My Domain Name>;
|
||||||
return 404; # managed by Certbot
|
return 404; # managed by Certbot
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
server {
|
server {
|
||||||
if ($host = idp.cacert-phoenix.org) {
|
if ($host = idp.<My Domain Name>) {
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
} # managed by Certbot
|
} # managed by Certbot
|
||||||
|
|
||||||
|
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name idp.cacert-phoenix.org;
|
server_name idp.<My Domain Name>;
|
||||||
return 404; # managed by Certbot
|
return 404; # managed by Certbot
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
server {
|
server {
|
||||||
if ($host = registration.cacert-phoenix.org) {
|
if ($host = <My Domain Name>) {
|
||||||
return 301 https://$host$request_uri;
|
return 301 https://$host$request_uri;
|
||||||
} # managed by Certbot
|
} # managed by Certbot
|
||||||
|
|
||||||
|
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name registration.cacert-phoenix.org;
|
server_name <My Domain Name>;
|
||||||
return 404; # managed by Certbot
|
return 404; # managed by Certbot
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
server {
|
server {
|
||||||
server_name authserver.cacert-phoenix.org;
|
server_name authserver.<My Domain Name>;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass https://127.0.0.1:4444;
|
proxy_pass https://127.0.0.1:4444;
|
||||||
|
@ -75,14 +47,14 @@ server {
|
||||||
listen 443 ssl; # managed by Certbot
|
listen 443 ssl; # managed by Certbot
|
||||||
listen 141.98.154.48:4444 ssl;
|
listen 141.98.154.48:4444 ssl;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/registration.cacert-phoenix.org/fullchain.pem; # managed by Certbot
|
ssl_certificate /etc/letsencrypt/live/<My Domain Name>/fullchain.pem; # managed by Certbot
|
||||||
ssl_certificate_key /etc/letsencrypt/live/registration.cacert-phoenix.org/privkey.pem; # managed by Certbot
|
ssl_certificate_key /etc/letsencrypt/live/<My Domain Name>/privkey.pem; # managed by Certbot
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||||
|
|
||||||
}
|
}
|
||||||
server {
|
server {
|
||||||
server_name idp.cacert-phoenix.org;
|
server_name idp.<My Domain Name>;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass https://127.0.0.1:3000;
|
proxy_pass https://127.0.0.1:3000;
|
||||||
|
@ -93,15 +65,15 @@ server {
|
||||||
|
|
||||||
listen 443 ssl; # managed by Certbot
|
listen 443 ssl; # managed by Certbot
|
||||||
listen 141.98.154.48:3000 ssl;
|
listen 141.98.154.48:3000 ssl;
|
||||||
ssl_certificate /etc/letsencrypt/live/registration.cacert-phoenix.org/fullchain.pem; # managed by Certbot
|
ssl_certificate /etc/letsencrypt/live/<My Domain Name>/fullchain.pem; # managed by Certbot
|
||||||
ssl_certificate_key /etc/letsencrypt/live/registration.cacert-phoenix.org/privkey.pem; # managed by Certbot
|
ssl_certificate_key /etc/letsencrypt/live/<My Domain Name>/privkey.pem; # managed by Certbot
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
server_name registration.cacert-phoenix.org;
|
server_name <My Domain Name>;
|
||||||
|
|
||||||
root /var/www/html;
|
root /var/www/html;
|
||||||
|
|
||||||
|
@ -148,8 +120,8 @@ server {
|
||||||
}
|
}
|
||||||
|
|
||||||
listen 443 ssl http2; # managed by Certbot
|
listen 443 ssl http2; # managed by Certbot
|
||||||
ssl_certificate /etc/letsencrypt/live/registration.cacert-phoenix.org/fullchain.pem; # managed by Certbot
|
ssl_certificate /etc/letsencrypt/live/<My Domain Name>/fullchain.pem; # managed by Certbot
|
||||||
ssl_certificate_key /etc/letsencrypt/live/registration.cacert-phoenix.org/privkey.pem; # managed by Certbot
|
ssl_certificate_key /etc/letsencrypt/live/<My Domain Name>/privkey.pem; # managed by Certbot
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue