nginx: generate certificates for test targets
Podman will be used to test the generated Debian packages to ensure that they work properly. However, this means that it is NOT shione and therefore cannot solve letsencrypt challenge among many other things that can only be done by shione. The goal is to have a staging area that can mock the latter.
This commit is contained in:
parent
207bf43a8b
commit
cd8f0e853f
GPG key ID:
1F2BB159B645E575
1 changed files with 21 additions and 11 deletions
20
debian/nginx-config.postinst
vendored
20
debian/nginx-config.postinst
vendored
|
|
@ -2,21 +2,31 @@
|
|||
#
|
||||
# TODO: Handle "$1".
|
||||
|
||||
set -e
|
||||
set -eu
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
# `certbot` *must* be installed by this package.
|
||||
if [ "$(hostname)" = shione ]; then
|
||||
certbot \
|
||||
--nginx \
|
||||
--agree-tos \
|
||||
--redirect \
|
||||
--hsts \
|
||||
--staple-ocsp \
|
||||
--email renken+letsencrypt@shione.net \
|
||||
-d shione.net \
|
||||
-d www.shione.net \
|
||||
-d git.shione.net
|
||||
else
|
||||
out=/etc/letsencrypt/live/shione.net
|
||||
|
||||
mkdir -p -- "$out"
|
||||
openssl genrsa \
|
||||
>"$out"/privkey.pem
|
||||
openssl req \
|
||||
-new \
|
||||
-x509 \
|
||||
-key /etc/letsencrypt/live/shione.net/privkey.pem \
|
||||
-subj '/CN=shione.net/O=shione.net./C=FR' \
|
||||
>/etc/letsencrypt/live/shione.net/fullchain.pem
|
||||
fi
|
||||
|
||||
# Apply new nginx configuration.
|
||||
deb-systemd-invoke restart nginx
|
||||
|
|
|
|||
Loading…
Reference in a new issue