From 2a74c2d5da206f7ed10eff4800eecf6fea4b070a Mon Sep 17 00:00:00 2001 From: "Sascha L. Teichmann" Date: Mon, 29 Nov 2021 14:52:05 +0100 Subject: [PATCH] Initial nginx setup for provider. --- docs/provider-setup.md | 71 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 docs/provider-setup.md diff --git a/docs/provider-setup.md b/docs/provider-setup.md new file mode 100644 index 0000000..e05c036 --- /dev/null +++ b/docs/provider-setup.md @@ -0,0 +1,71 @@ +# Setup provider + +The provider is meant to run as an CGI program in an nginx enviroment. + +The following instructions are for an Debian 11 server setup. + +```(shell) +apt-get install nginx fcgiwrap +cp /usr/share/doc/fcgiwrap/examples/nginx.conf /etc/nginx/fcgiwrap.conf +systemctl status fcgiwrap.servic +systemctl status fcgiwrap.socket +systemctl is-enabled fcgiwrap.service +systemctl is-enabled fcgiwrap.socket +``` + +Content of `/etc/nginx/fcgiwrap.conf` + +``` +# Include this file on your nginx.conf to support debian cgi-bin scripts using +# fcgiwrap +location /cgi-bin/ { + # Disable gzip (it makes scripts feel slower since they have to complete + # before getting gzipped) + gzip off; + + # Set the root to /usr/lib (inside this location this means that we are + # giving access to the files under /usr/lib/cgi-bin) + root /usr/lib; + + # Fastcgi socket + fastcgi_pass unix:/var/run/fcgiwrap.socket; + + # Fastcgi parameters, include the standard ones + include /etc/nginx/fastcgi_params; + + fastcgi_split_path_info ^(.+\.go)(.*)$; + + # Adjust non standard parameters (SCRIPT_FILENAME) + fastcgi_param SCRIPT_FILENAME /usr/lib$fastcgi_script_name; + + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param CSAF_CONFIG /usr/lib/csaf/config.toml; +} +``` + +Add to `/etc/nginx/sites-available/default`: + +``` +server { + + # include fcgiwrap.conf;... + + include fcgiwrap.conf; +} +``` + +Place the binary under `/usr/lib/cgi-bin/csaf_provider.go`. +Make sure `/usr/lib/cgi-bin/` exists. + +Create configuarion file under `/usr/lib/csaf/config.toml`: + +``` +# upload_signature = true +# key = "/usr/lib/csaf/public.asc" +key = "/usr/lib/csaf/private.asc" +#tlps = ["green", "red"] +domain = "http://192.168.56.102" +#no_passphrase = true` +``` + +with sui \ No newline at end of file