diff --git a/README.md b/README.md index c85aec4..78f5faa 100644 --- a/README.md +++ b/README.md @@ -4,16 +4,12 @@ This repository contains units and config files for our frontal web starting (at instance running (for web remote access if need be). We must manually unlock certificates volume, then start nginx. ### Files -* `lighttpd-webssh.conf` is a sub-conf file for lighttpd, making it serve WebSSH. * `etc-letsencrypt.mount` allows to unlock and mount encrypted certificates volume. * Relevant information should be added to `/etc/crypttab`. * `etc-letsencrypt.timer` is a timer to automatically start previous unit, **but this is currently not used**. -* `start-lighttpd.conf` is a drop-in Systemd unit file, which starts lighttpd should nginx fail to start. - * This is not intended for starting process, more in case of failed (remote) restart of nginx. * `wait-for-dns.conf` is a drop-in Systemd unit file, which prevents nginx to start before DNS server is operational. #### Installation -* `install.sh` script copies Systemd files to their destination and sets lighttpd conf (and creates a certificate if -needed). +* `install.sh` script copies Systemd files to their destination. ### TODO * RAS diff --git a/install.sh b/install.sh index 8d759ae..86b5baa 100755 --- a/install.sh +++ b/install.sh @@ -20,27 +20,12 @@ $sudo cp $run_directory/etc-letsencrypt.mount /etc/systemd/system/ if [ ! -d /etc/systemd/system/nginx.service.d ]; then $sudo mkdir /etc/systemd/system/nginx.service.d fi -$sudo cp $run_directory/start-lighttpd.conf /etc/systemd/system/nginx.service.d/ $sudo cp $run_directory/wait-for-dns.conf /etc/systemd/system/nginx.service.d/ -echo "Setting up lighttpd..." -$sudo cp $run_directory/lighttpd-webssh.conf /etc/lighttpd/conf-available/99-webssh.conf -$sudo rm /etc/lighttpd/conf-enabled/* -$sudo ln -s /etc/lighttpd/conf-available/10-proxy.conf /etc/lighttpd/conf-enabled/ -$sudo ln -s /etc/lighttpd/conf-available/10-ssl.conf /etc/lighttpd/conf-enabled/ -$sudo ln -s /etc/lighttpd/conf-available/99-webssh.conf /etc/lighttpd/conf-enabled/ -if [ ! -f /etc/lighttpd/server.pem ]; then - echo "Creating an SSL certificate for lighttpd:" - $sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out /etc/lighttpd/server.pem -keyout \ - /etc/lighttpd/server.pem -subj "/C=/ST=/L=/O=/OU=/CN=" -fi - echo "Reloading Systemd..." $sudo systemctl daemon-reload -echo "Disabling nginx and enabling lighttpd..." +echo "Disabling nginx..." $sudo systemctl disable nginx -$sudo systemctl enable lighttpd echo "Finished install. Exiting..." -echo "NOTE: Neither nginx nor lighttpd were started/stopped." exit 0 diff --git a/lighttpd-webssh.conf b/lighttpd-webssh.conf deleted file mode 100644 index ec83162..0000000 --- a/lighttpd-webssh.conf +++ /dev/null @@ -1,20 +0,0 @@ -# This is a sub-conf file for lighttpd -# Its purpose is to serve localhost:8000 to anyone reaching https://kto.black -# It should thus be copied to /etc/lighttpd/conf-available, and symlinked to conf-enabled -# The other links in conf-enabled should be 10-proxy.conf and 10-ssl.conf -# A self signed certificate with key included should be generated at /etc/lighttpd/server.pem - -$SERVER["socket"] == ":80" { - $HTTP["host"] =~ ".*" { - url.redirect = (".*" => "https://kto.black") - } -} - -$SERVER["socket"] == ":443" { - $HTTP["host"] == "kto.black" { - proxy.server = ("" => (("host" => "localhost", "port" => 8000))) - proxy.header = ( - "upgrade" => "enable" - ) - } -} diff --git a/start-lighttpd.conf b/start-lighttpd.conf deleted file mode 100644 index 89a6821..0000000 --- a/start-lighttpd.conf +++ /dev/null @@ -1,6 +0,0 @@ -# This file is a drop-in addon for standard nginx Systemd service -# Its purpose is to start lighttpd should nginx fail to start - -[Unit] -Conflicts=lighttpd.service -OnFailure=lighttpd.service