mirror of
https://github.com/internetee/registry.git
synced 2025-07-02 17:23:34 +02:00
Add sudo and examples
This commit is contained in:
parent
379834bf72
commit
936c570e1f
3 changed files with 15 additions and 21 deletions
|
@ -152,7 +152,7 @@ class Certificate < ActiveRecord::Base
|
|||
end
|
||||
|
||||
def reload_apache
|
||||
`/etc/init.d/apache2 reload`
|
||||
`sudo /etc/init.d/apache2 reload`
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -13,7 +13,7 @@ devise_secret: 'please-change-it-you-can-generate-it-with-rake-secret'
|
|||
|
||||
# Admin server configuration:
|
||||
openssl_config_path: '/etc/ssl/openssl.cnf'
|
||||
crl_path: '/home/registry/registry/shared/ca/crl/crl.pem'
|
||||
crl_dir: '/home/registry/registry/shared/ca/crl'
|
||||
ca_cert_path: '/home/registry/registry/shared/ca/certs/ca.crt.pem'
|
||||
ca_key_path: '/home/registry/registry/shared/ca/private/ca.key.pem'
|
||||
ca_key_password: 'your-root-key-password'
|
||||
|
|
|
@ -207,32 +207,26 @@ Cleanup:
|
|||
|
||||
rm Juur-SK.pem.crt EE_Certification_Centre_Root_CA.pem.crt ESTEID-SK_2007.pem.crt ESTEID-SK_2011.pem.crt
|
||||
|
||||
From registry's bin directory, copy update-crl script to somewhere else (so it won't get overwritten during deploys). Configure `CRL_PATH` in the script.
|
||||
Make sure you have this line in application.yml:
|
||||
|
||||
sudo ./update-crl
|
||||
crl_dir: '/home/registry/registry/shared/ca/crl'
|
||||
|
||||
Edit root's crontab:
|
||||
In rails console:
|
||||
|
||||
sudo crontab -e
|
||||
Certificate.update_crl
|
||||
|
||||
Add:
|
||||
Update whenever:
|
||||
|
||||
00 01,13 * * * path-to-your-script
|
||||
|
||||
|
||||
Configure apache:
|
||||
|
||||
Apache reload without password
|
||||
------------------------------
|
||||
|
||||
Registrant and Registrar both should be able to reload Apache without password in order
|
||||
to refresh certificate deprication list for PKI and ID card.
|
||||
|
||||
Example /etc/sudoers.d/apache2-no-password
|
||||
|
||||
username ALL=(ALL:ALL) ALL, NOPASSWD:/etc/init.d/apache2
|
||||
|
||||
If this file is not preset, please create it with 'visudo'. All other edits should be done
|
||||
alse with 'visudo'
|
||||
|
||||
<Location /registrant/id>
|
||||
SSLVerifyClient require
|
||||
Options Indexes FollowSymLinks MultiViews
|
||||
SSLVerifyDepth 2
|
||||
SSLOptions +StdEnvVars +ExportCertData
|
||||
</Location>
|
||||
|
||||
Development env
|
||||
---------------
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue