diff --git a/etc/hosts b/etc/hosts index d5f9bc4..4e24940 100644 --- a/etc/hosts +++ b/etc/hosts @@ -1,2 +1,8 @@ ::1 servnest.test -127.0.0.1 servnest.test +::1 ns1.servnest.test +::1 ns2.servnest.test +::1 sftp.servnest.test +::1 ht.servnest.test +::1 test1.ht.servnest.test +::1 test2.ht.servnest.test +::1 test3.ht.servnest.test diff --git a/install/apache.sh b/install/apache.sh index bb68b63..38e751c 100644 --- a/install/apache.sh +++ b/install/apache.sh @@ -33,7 +33,6 @@ if [[ $OS = "debian" ]]; then sed -i 's#/usr/lib/httpd/modules/#/usr/lib/apache2/modules/#g' /etc/apache2/apache2.conf sed -i 's#ServerRoot "/etc/httpd"#ServerRoot "/etc/apache2"#' /etc/apache2/apache2.conf sed -i 's/LoadModule unixd_module/#LoadModule unixd_module/' /etc/apache2/apache2.conf - sed -i 's/LoadModule mpm_event_module/#LoadModule mpm_event_module/' /etc/apache2/apache2.conf sed -i 's/LoadModule log_config_module/#LoadModule log_config_module/' /etc/apache2/apache2.conf sed -i 's#/var/log/httpd/#/var/log/apache2/#g' /etc/apache2/apache2.conf diff --git a/install/nginx.sh b/install/nginx.sh index c210cf8..a601903 100644 --- a/install/nginx.sh +++ b/install/nginx.sh @@ -3,7 +3,11 @@ # Generate default self-signed TLS key pair openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.key -out /etc/ssl/certs/servnest.crt -openssl req -subj '/' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/ht.servnest.test.key -out /etc/ssl/certs/ht.servnest.test.crt +openssl req -subj '/CN=servnest.test' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/servnest.test.key -out /etc/ssl/certs/servnest.test.crt + +openssl req -subj '/CN=ht.servnest.test' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/ht.servnest.test.key -out /etc/ssl/certs/ht.servnest.test.crt + +openssl req -subj '/CN=*.ht.servnest.test' -new -newkey RSA:3072 -days 3650 -nodes -x509 -keyout /etc/ssl/private/wildcard.ht.servnest.test.key -out /etc/ssl/certs/wildcard.ht.servnest.test.crt rm -r /etc/nginx/* cp -r /install/nginx/* /etc/nginx/ diff --git a/install/nginx/sites/interface.conf b/install/nginx/sites/interface.conf index 917e66d..55d6221 100644 --- a/install/nginx/sites/interface.conf +++ b/install/nginx/sites/interface.conf @@ -32,8 +32,8 @@ server { access_log /var/log/nginx/servnest-access.log servnest if=$loggable; # For a public server, these should point to a Let's Encrypt-trusted key pair - ssl_certificate /etc/ssl/certs/servnest.crt; - ssl_certificate_key /etc/ssl/private/servnest.key; + ssl_certificate /etc/ssl/certs/servnest.test.crt; + ssl_certificate_key /etc/ssl/private/servnest.test.key; } map $request_method $loggable { # Log only POST requests "POST" 1; diff --git a/install/nginx/sites/subdomain.conf b/install/nginx/sites/subdomain.conf index a6ecf1e..79b9f10 100644 --- a/install/nginx/sites/subdomain.conf +++ b/install/nginx/sites/subdomain.conf @@ -5,8 +5,8 @@ server { listen 127.0.0.1:42443 ssl http2; server_name *.ht.servnest.test; - ssl_certificate /etc/ssl/certs/ht.servnest.test.crt; - ssl_certificate_key /etc/ssl/private/ht.servnest.test.key; + ssl_certificate /etc/ssl/certs/wildcard.ht.servnest.test.crt; + ssl_certificate_key /etc/ssl/private/wildcard.ht.servnest.test.key; include inc/proxy.conf; } diff --git a/mkosi.default.d/debian/mkosi.default b/mkosi.default.d/debian/mkosi.default index 544e2fb..9383183 100644 --- a/mkosi.default.d/debian/mkosi.default +++ b/mkosi.default.d/debian/mkosi.default @@ -13,6 +13,7 @@ Packages = libnginx-mod-http-headers-more-filter python3-certbot-nginx knot-dnsutils + knot-dnssecutils php-sqlite3 golang-1.19 openssh-server @@ -20,3 +21,4 @@ Packages = gettext php-curl sshpass + less diff --git a/mkosi.postinst b/mkosi.postinst index 5b64edb..ff92053 100755 --- a/mkosi.postinst +++ b/mkosi.postinst @@ -21,3 +21,6 @@ if [[ $OS = "arch" ]]; then pacman-key --init pacman-key --populate fi + +# Enable testing option +sed -i 's/local_only_check = false/local_only_check = true/' /srv/servnest/core/config.ini