Remove lighttpd from setup

This commit is contained in:
Alexandre CATTEAU 2022-12-26 18:06:55 +01:00
parent b54b4f4db1
commit e4e79cc531
4 changed files with 2 additions and 47 deletions

View File

@ -4,16 +4,12 @@ This repository contains units and config files for our frontal web starting (at
instance running (for web remote access if need be). We must manually unlock certificates volume, then start nginx. instance running (for web remote access if need be). We must manually unlock certificates volume, then start nginx.
### Files ### Files
* `lighttpd-webssh.conf` is a sub-conf file for lighttpd, making it serve WebSSH.
* `etc-letsencrypt.mount` allows to unlock and mount encrypted certificates volume. * `etc-letsencrypt.mount` allows to unlock and mount encrypted certificates volume.
* Relevant information should be added to `/etc/crypttab`. * Relevant information should be added to `/etc/crypttab`.
* `etc-letsencrypt.timer` is a timer to automatically start previous unit, **but this is currently not used**. * `etc-letsencrypt.timer` is a timer to automatically start previous unit, **but this is currently not used**.
* `start-lighttpd.conf` is a drop-in Systemd unit file, which starts lighttpd should nginx fail to start.
* This is not intended for starting process, more in case of failed (remote) restart of nginx.
* `wait-for-dns.conf` is a drop-in Systemd unit file, which prevents nginx to start before DNS server is operational. * `wait-for-dns.conf` is a drop-in Systemd unit file, which prevents nginx to start before DNS server is operational.
#### Installation #### Installation
* `install.sh` script copies Systemd files to their destination and sets lighttpd conf (and creates a certificate if * `install.sh` script copies Systemd files to their destination.
needed).
### TODO ### TODO
* RAS * RAS

View File

@ -20,27 +20,12 @@ $sudo cp $run_directory/etc-letsencrypt.mount /etc/systemd/system/
if [ ! -d /etc/systemd/system/nginx.service.d ]; then if [ ! -d /etc/systemd/system/nginx.service.d ]; then
$sudo mkdir /etc/systemd/system/nginx.service.d $sudo mkdir /etc/systemd/system/nginx.service.d
fi fi
$sudo cp $run_directory/start-lighttpd.conf /etc/systemd/system/nginx.service.d/
$sudo cp $run_directory/wait-for-dns.conf /etc/systemd/system/nginx.service.d/ $sudo cp $run_directory/wait-for-dns.conf /etc/systemd/system/nginx.service.d/
echo "Setting up lighttpd..."
$sudo cp $run_directory/lighttpd-webssh.conf /etc/lighttpd/conf-available/99-webssh.conf
$sudo rm /etc/lighttpd/conf-enabled/*
$sudo ln -s /etc/lighttpd/conf-available/10-proxy.conf /etc/lighttpd/conf-enabled/
$sudo ln -s /etc/lighttpd/conf-available/10-ssl.conf /etc/lighttpd/conf-enabled/
$sudo ln -s /etc/lighttpd/conf-available/99-webssh.conf /etc/lighttpd/conf-enabled/
if [ ! -f /etc/lighttpd/server.pem ]; then
echo "Creating an SSL certificate for lighttpd:"
$sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 999 -nodes -out /etc/lighttpd/server.pem -keyout \
/etc/lighttpd/server.pem -subj "/C=/ST=/L=/O=/OU=/CN="
fi
echo "Reloading Systemd..." echo "Reloading Systemd..."
$sudo systemctl daemon-reload $sudo systemctl daemon-reload
echo "Disabling nginx and enabling lighttpd..." echo "Disabling nginx..."
$sudo systemctl disable nginx $sudo systemctl disable nginx
$sudo systemctl enable lighttpd
echo "Finished install. Exiting..." echo "Finished install. Exiting..."
echo "NOTE: Neither nginx nor lighttpd were started/stopped."
exit 0 exit 0

View File

@ -1,20 +0,0 @@
# This is a sub-conf file for lighttpd
# Its purpose is to serve localhost:8000 to anyone reaching https://kto.black
# It should thus be copied to /etc/lighttpd/conf-available, and symlinked to conf-enabled
# The other links in conf-enabled should be 10-proxy.conf and 10-ssl.conf
# A self signed certificate with key included should be generated at /etc/lighttpd/server.pem
$SERVER["socket"] == ":80" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://kto.black")
}
}
$SERVER["socket"] == ":443" {
$HTTP["host"] == "kto.black" {
proxy.server = ("" => (("host" => "localhost", "port" => 8000)))
proxy.header = (
"upgrade" => "enable"
)
}
}

View File

@ -1,6 +0,0 @@
# This file is a drop-in addon for standard nginx Systemd service
# Its purpose is to start lighttpd should nginx fail to start
[Unit]
Conflicts=lighttpd.service
OnFailure=lighttpd.service