zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-07-03 09:43:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add sudo and examples

Browse source
This commit is contained in:
Martin Lensment 2015-05-15 17:20:59 +03:00
parent 379834bf72
commit 936c570e1f
3 changed files with 15 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/models/certificate.rb
View file

@ -152,7 +152,7 @@ class Certificate < ActiveRecord::Base
end end
def reload_apache def reload_apache
`/etc/init.d/apache2 reload` `sudo /etc/init.d/apache2 reload`
end end
end end
end end

2
config/application-example.yml
View file

@ -13,7 +13,7 @@ devise_secret: 'please-change-it-you-can-generate-it-with-rake-secret'
# Admin server configuration: # Admin server configuration:
openssl_config_path: '/etc/ssl/openssl.cnf' openssl_config_path: '/etc/ssl/openssl.cnf'
crl_path: '/home/registry/registry/shared/ca/crl/crl.pem' crl_dir: '/home/registry/registry/shared/ca/crl'
ca_cert_path: '/home/registry/registry/shared/ca/certs/ca.crt.pem' ca_cert_path: '/home/registry/registry/shared/ca/certs/ca.crt.pem'
ca_key_path: '/home/registry/registry/shared/ca/private/ca.key.pem' ca_key_path: '/home/registry/registry/shared/ca/private/ca.key.pem'
ca_key_password: 'your-root-key-password' ca_key_password: 'your-root-key-password'

30
doc/certificates.md
View file

@ -207,32 +207,26 @@ Cleanup:
rm Juur-SK.pem.crt EE_Certification_Centre_Root_CA.pem.crt ESTEID-SK_2007.pem.crt ESTEID-SK_2011.pem.crt rm Juur-SK.pem.crt EE_Certification_Centre_Root_CA.pem.crt ESTEID-SK_2007.pem.crt ESTEID-SK_2011.pem.crt
From registry's bin directory, copy update-crl script to somewhere else (so it won't get overwritten during deploys). Configure `CRL_PATH` in the script. Make sure you have this line in application.yml:
sudo ./update-crl crl_dir: '/home/registry/registry/shared/ca/crl'
Edit root's crontab: In rails console:
sudo crontab -e Certificate.update_crl
Add: Update whenever:
00 01,13 * * * path-to-your-script
Apache reload without password
------------------------------
Registrant and Registrar both should be able to reload Apache without password in order Configure apache:
to refresh certificate deprication list for PKI and ID card.
Example /etc/sudoers.d/apache2-no-password
username ALL=(ALL:ALL) ALL, NOPASSWD:/etc/init.d/apache2
If this file is not preset, please create it with 'visudo'. All other edits should be done
alse with 'visudo'
<Location /registrant/id>
SSLVerifyClient require
Options Indexes FollowSymLinks MultiViews
SSLVerifyDepth 2
SSLOptions +StdEnvVars +ExportCertData
</Location>
Development env Development env
--------------- ---------------