Improve aggregator setup docs (#163)

* Improve aggregator setup docs * Add hints how to serve the aggregator output using nginx. * Add hint that the permission of the aggregator config file should be restricted. * Add a setuid bit to the aggregator integration test script to easy manual serving. * Wording Co-authored-by: Sascha L. Teichmann <sascha.teichmann@intevation.de>
2025-12-22 05:40:11 +01:00 · 2022-06-09 11:00:30 +02:00 · 2022-06-09 11:00:30 +02:00 · 19d39b85d3
commit 19d39b85d3
parent 25cb3b2c10
2 changed files with 21 additions and 2 deletions
--- a/docs/csaf_aggregator.md
+++ b/docs/csaf_aggregator.md
@ -22,9 +22,13 @@ Usage example for a single run, to test if the config is good:

 Once the config is good, you can run the aggregator periodically
 in two modes. For instance using `cron` on Ubuntu and after placing
-the config file in `/etc/csaf_aggregator.toml`:
+the config file in `/etc/csaf_aggregator.toml` and making sure
+its permissions only allow the user `www-data` to read it:

 ```bash
+chown www-data /etc/csaf_aggregator.toml
+chmod go-rwx /etc/csaf_aggregator.toml
+
 mkdir /var/log/csaf_aggregator
 mkdir ~www-data/bin
 cp bin-linux-amd64/csaf_aggregator ~www-data/bin/
@ -48,6 +52,21 @@ SHELL=/bin/bash
 ```


+#### serve via web server
+
+Serve the paths where the aggregator writes its `html/` output
+by means of a webserver.
+In the config example below place is configured by the path given for `web`.
+
+The user running the aggregator has to be able to write there
+and the web server must be able to read the files.
+
+If you are using nginx, the setup instructions for the provider provide
+and example. You can leave out the cgi-bin part,
+potentially commend out the TLS client parts and
+adjust the `root` path accordingly.
+
+
 ### config options

 The following options can be used in the config file in TOML format: