Pārlūkot izejas kodu

fix typos, and include setting certbot cron entry

pull/1/head
Craig Stewart pirms 2 gadiem
vecāks
revīzija
e6714d9cfe
2 mainītis faili ar 8 papildinājumiem un 3 dzēšanām
  1. +6
    -1
      guides/building-a-git-repo/finalising.html
  2. +2
    -2
      guides/building-a-git-repo/installweb.html

+ 6
- 1
guides/building-a-git-repo/finalising.html Parādīt failu

@@ -107,7 +107,12 @@ bantime = 900
action = iptables-allports
EOF
sudo service fail2ban restart</pre>
<p>We should now have a working git server. If you set up an Admin user when configuring gitea in the previous steps then we are set. If not you should register a user now, as the first registered user will become admin. Once that is done your Git Server is ready to use.</p>
<p>We should now have a working git server. If you set up an Admin user when configuring gitea in the previous steps then we are set. If not you should register a user now, as the first registered user will become admin. The only remaining step before our server is ready is to automate the renewal of our SSL certificate.</p>
<pre>sudo crontab -e</pre>
<p>This will create an empty crontab for root, and open it in the default editor. As an invalid crontab will stop cron from working properly this command will validate what you save before installing it to cron. You will need to add a line like the below to the end of the file and save it.</p>
<pre>21 05 * * * /usr/bin/certbot renew --manual-auth-hook /root/certbot/auth.sh --manual-cleanup-hook /root/certbot/clean.sh --renew-hook /root/certbot/renew.sh --manual-public-ip-logging-ok --quiet</pre>
<p>This will run the certbot command at 05:21 every day, which will check the expiry of your certificate, and renew it and restart apache if it is about to expire. Feel free to change the time it runs, Lets Encrypt won't want everyone trying to get certificates at the same time.</p>
<p>Once that is done your Git Server is ready to use.</p>
<p style="text-align:center;"><a href="/guides/building-a-git-repo/installgitea.html" title="Installing Gitea">Installing Gitea</a>|<a href="/guides/building-a-git-repo/" title="Building A git Repository Server">Main Page</a>|<a href="/guides/building-a-git-repo/other-considerations.html" title="Other Considerations">Other Considerations</a></p>
</div>
</div>


+ 2
- 2
guides/building-a-git-repo/installweb.html Parādīt failu

@@ -106,7 +106,7 @@ cat &lt;&lt; EOF | sudo tee -a /etc/apache2/sites-available/git.example.com.conf
EOF
sudo a2ensite git.example.com.conf
sudo apache2ctl restart</pre>
<p>This installs apache and certbot, but disables the default webserver, which we do not need, and creates the one we do. Note that the ridirect to the https version of the site will not work as that is not yet enabled. Until we enable the ssl module it will remain that way. But we need the SSL certs first, and that is what certbot is for.</p>
<p>This installs apache and certbot, but disables the default webserver, which we do not need, and creates the one we do. Note that the redirect to the https version of the site will not work as that is not yet enabled. Until we enable the ssl module it will remain that way. But we need the SSL certs first, and that is what certbot is for.</p>
<p>Before we get our free SSL cert we want to control how it validates that we own the domain we are requesting a certificate for, and then we want to request our certificate.</p>
<pre>sudo mkdir /root/certbot
cat << EOF | sudo tee -a /root/certbot/auth.sh > /dev/null
@@ -128,7 +128,7 @@ sudo chmod u+x /root/certbot/renew.sh
sudo certbot --manual-auth-hook /root/certbot/auth.sh\
--manual-cleanup-hook /root/certbot/clean.sh\
--rsa-key-size 4096 -d git.example.com certonly --manual</pre>
<p>This last command will ask you for an email address that will be used to send reminders if your certificate is about to expire, we will prevent that later on in the guide, or if there are urgent problems, I suggest using a valide email address for this reason. It will also ask you to agree to Let's Encrypts terms, and if you are OK with your IP address being logged. Assuming that you agree and accept that your IP will be logged (the IP of your server that is) then you will get an SSL certificate. So now we need to enable some modules for apache and restart it so that our reverse proxy works.</p>
<p>This last command will ask you for an email address that will be used to send reminders if your certificate is about to expire, we will prevent that later on in the guide, or if there are urgent problems, I suggest using a valid email address for this reason. It will also ask you to agree to Let's Encrypts terms, and if you are OK with your IP address being logged. Assuming that you agree and accept that your IP will be logged (the IP of your server that is) then you will get an SSL certificate. So now we need to enable some modules for apache and restart it so that our reverse proxy works.</p>
<pre>sudo a2enmod proxy proxy_http ssl headers remoteip
sudo apache2ctl restart</pre>
<p>Our webserver is now ready, and we can move onto setting up a mail server to send out emails.</p>


Notiek ielāde…
Atcelt
Saglabāt