From 9aba88dc919bdf44ea116d8d1ac3918ebf3d406e Mon Sep 17 00:00:00 2001
From: Brian McCullough <bmccullough@cacert.org>
Date: Thu, 19 Sep 2024 04:22:16 +0200
Subject: [PATCH] Minor re-organising of Instructions, correction of INI file
 and NGinx configuration.

---
 INSTALL.txt             | 5 ++++-
 cacert.ini.sample       | 8 ++++----
 misc/reverse-proxy.conf | 2 ++
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/INSTALL.txt b/INSTALL.txt
index 48e3bae..738eb8e 100644
--- a/INSTALL.txt
+++ b/INSTALL.txt
@@ -2,11 +2,14 @@ Start with Debian 12
 
 When you create your machine create two other DNS entries using your base Domain Name.  They will be "authserver" and "idp."
 
+After you have done the steps described in README.md, continue here.
+
+As Root:
 APT-Install git openssl mkcert postgresql nginx vim make python3-pip python3-venv curl sudo
 Apt-Install php-bz2 php-curl php-gd php-intl php-mbstring php-mcrypt php-pdo php-pgsql php-xml php-zip php-fpm
 Apt-Install certbot python3-certbot-nginx golang-go 
 
-If necessary create a "normal" user and give them "sudo" access in /etc/group
+As described in README.md, create a "normal" user and give them "sudo" access in /etc/group
 
 Become that user.
 
diff --git a/cacert.ini.sample b/cacert.ini.sample
index f82b1c0..416c350 100644
--- a/cacert.ini.sample
+++ b/cacert.ini.sample
@@ -4,7 +4,7 @@ Password="Password for DB"
 
 [URLs]
 InternalHydraEndpointURL="https://hydra.cacert.localhost:4445"
-WellKnownURL="https://registration.<Your URL>:4444/.well-known/openid-configuration"
-AuthURL="https://authserver.<Your URL>:4444/oauth2/auth"
-TokenURL="https://authserver.<Your URL>:4444/oauth2/token"
-UserInfoURL="https://authserver.<Your URL>:4444/userinfo"
+WellKnownURL="https://authserver.<Your URL>/.well-known/openid-configuration"
+AuthURL="https://authserver.<Your URL>/oauth2/auth"
+TokenURL="https://authserver.<Your URL>/oauth2/token"
+UserInfoURL="https://authserver.<Your URL>/userinfo"
diff --git a/misc/reverse-proxy.conf b/misc/reverse-proxy.conf
index 3dd8780..94192ef 100644
--- a/misc/reverse-proxy.conf
+++ b/misc/reverse-proxy.conf
@@ -7,6 +7,8 @@ server {
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     }
+
+    listen <Host IP>:4444 ssl;
 }
 server {
     server_name idp.<My Domain Name>;