From 6b377bb42148c6a52a007cfedabd9acd73219d67 Mon Sep 17 00:00:00 2001
From: "bernhardreiter bernhardreiter@users.noreply.github.com"
 <actions@github.com>
Date: Mon, 16 May 2022 13:21:19 +0000
Subject: [PATCH] Apply automatic changes

---
 docs/development-ca.md             |  8 +++++---
 docs/install-server-certificate.md |  4 +---
 docs/provider-setup.md             | 21 +++++++++++++++++++++
 3 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/docs/development-ca.md b/docs/development-ca.md
index 20f4b35..483732c 100644
--- a/docs/development-ca.md
+++ b/docs/development-ca.md
@@ -41,7 +41,7 @@ certtool --generate-self-signed --load-privkey rootca-key.pem --outfile rootca-c
 <!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/createWebserverCertForITest.sh&lines=11-55) -->
 <!-- The below code snippet is automatically added from ../docs/scripts/createWebserverCertForITest.sh -->
 ```sh
-cd ~/${FOLDERNAME}
+pushd ~/${FOLDERNAME}
 
 certtool --generate-privkey --outfile testserver-key.pem
 
@@ -66,12 +66,14 @@ certtool --generate-certificate --load-privkey testserver-key.pem --outfile test
 
 cat testserver.crt rootca-cert.pem >bundle.crt
 
-SSL_CERTIFICATE=$(
+export SSL_CERTIFICATE=$(
 echo "$PWD/bundle.crt"
 )
-SSL_CERTIFICATE_KEY=$(
+export SSL_CERTIFICATE_KEY=$(
 echo "$PWD/testserver-key.pem"
 )
+
+popd
 ```
 <!-- MARKDOWN-AUTO-DOCS:END -->
 
diff --git a/docs/install-server-certificate.md b/docs/install-server-certificate.md
index 56b4da9..6f4dd05 100644
--- a/docs/install-server-certificate.md
+++ b/docs/install-server-certificate.md
@@ -50,13 +50,11 @@ finds your your private key and the certificate chain.
 <!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/TLSConfigsForITest.sh&lines=31-37) -->
 <!-- The below code snippet is automatically added from ../docs/scripts/TLSConfigsForITest.sh -->
 ```sh
-        listen 443 ssl default_server; # ipv4
-        listen [::]:443 ssl http2 default_server;  # ipv6
-
         ssl_certificate  '${SSL_CERTIFICATE}'; # e.g. ssl_certificate /etc/ssl/csaf/bundle.crt
         ssl_certificate_key '${SSL_CERTIFICATE_KEY}'; # e.g. ssl_certificate_key /etc/ssl/csaf/testserver-key.pem;
 
         ssl_protocols TLSv1.2 TLSv1.3;
+' > ~/${FOLDERNAME}/TLSConfigs.txt
 ```
 <!-- MARKDOWN-AUTO-DOCS:END -->
 
diff --git a/docs/provider-setup.md b/docs/provider-setup.md
index eac8cdb..1e1dac2 100644
--- a/docs/provider-setup.md
+++ b/docs/provider-setup.md
@@ -120,6 +120,27 @@ This needs to set the `password` option in `config.toml`.
 
 To let nginx resolves the DNS record `csaf.data.security.domain.tld` to fulfill the [Requirement 10](https://docs.oasis-open.org/csaf/csaf/v2.0/cs01/csaf-v2.0-cs01.html#7110-requirement-10-dns-path) configure a new server block (virtual host) in a separated file under `/etc/nginx/available-sites/{DNSNAME}` like following:
 <!-- MARKDOWN-AUTO-DOCS:START (CODE:src=../docs/scripts/DNSConfigForItest.sh&lines=18-35) -->
+<!-- The below code snippet is automatically added from ../docs/scripts/DNSConfigForItest.sh -->
+```sh
+    server {
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+
+        ssl_certificate  '${SSL_CERTIFICATE}'; # e.g. ssl_certificate /etc/ssl/csaf/bundle.crt
+        ssl_certificate_key '${SSL_CERTIFICATE_KEY}'; # e.g. ssl_certificate_key /etc/ssl/csaf/testserver-key.pem;
+
+        root /var/www/html;
+
+        server_name ${DNS_NAME}; # e.g. server_name csaf.data.security.domain.tld;
+
+        location / {
+                try_files /.well-known/csaf/provider-metadata.json =404;
+        }
+
+        access_log /var/log/nginx/dns-domain_access.log;
+        error_log /var/log/nginx/dns-domain_error.log;
+}
+```
 <!-- MARKDOWN-AUTO-DOCS:END -->
 
 Then create a symbolic link to enable the new server block: