SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions

Improve nginx example config

Browse source 
* Make files more readable: Move ";" from variable and add it into the nginx config file.
* Add missing nginx option `disable_symlinks off;` to the tlp paths.
This commit is contained in:
Fadi Abbud 2022-04-12 16:05:45 +02:00 committed by GitHub
parent 9bbe3e1eb8
commit e8166121c7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 8 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/scripts/TLSClientConfigsForITest.sh
View file

@ -22,15 +22,15 @@ cd ~/csaf_distribution/docs/scripts/
source ./createCCForITest.sh
echo '
ssl_client_certificate '${SSL_CLIENT_CERTIFICATE}' # e.g. ssl_client_certificate /etc/ssl/rootca-cert.pem;
ssl_client_certificate '${SSL_CLIENT_CERTIFICATE}'; # e.g. ssl_client_certificate /etc/ssl/rootca-cert.pem;
ssl_verify_client optional;
ssl_verify_depth 2;
# This example allows access to all three TLP locations for all certs.
location ~ /.well-known/csaf/(red|green|amber)/{
# For atomic directory switches
disable_symlinks off;
autoindex on;
# in this location access is only allowed with client certs
if ($ssl_client_verify != SUCCESS){
# we use status code 404 == "Not Found", because we do not

4
docs/scripts/TLSConfigsForITest.sh
View file

@ -31,8 +31,8 @@ echo '
listen 443 ssl default_server; # ipv4
listen [::]:443 ssl http2 default_server; # ipv6
ssl_certificate '${SSL_CERTIFICATE}' # e.g. ssl_certificate /etc/ssl/csaf/bundle.crt
ssl_certificate_key '${SSL_CERTIFICATE_KEY}' # e.g. ssl_certificate_key /etc/ssl/csaf/testserver-key.pem;
ssl_certificate '${SSL_CERTIFICATE}'; # e.g. ssl_certificate /etc/ssl/csaf/bundle.crt
ssl_certificate_key '${SSL_CERTIFICATE_KEY}'; # e.g. ssl_certificate_key /etc/ssl/csaf/testserver-key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
' > TLSConfigs.txt

2
docs/scripts/createCCForITest.sh
View file

@ -53,5 +53,5 @@ certtool --generate-certificate --load-privkey testclient2-key.pem --outfile tes
certtool --load-ca-certificate rootca-cert.pem --load-certificate testclient2.crt --load-privkey testclient2-key.pem --to-p12 --p12-name "Test Client 2" --null-password --outder --outfile testclient2.p12
SSL_CLIENT_CERTIFICATE=$(
echo "$PWD/rootca-cert.pem;"
echo "$PWD/rootca-cert.pem"
)

4
docs/scripts/createWebserverCertForITest.sh
View file

@ -34,8 +34,8 @@ certtool --generate-certificate --load-privkey testserver-key.pem --outfile test
cat testserver.crt rootca-cert.pem >bundle.crt
SSL_CERTIFICATE=$(
echo "$PWD/bundle.crt;"
echo "$PWD/bundle.crt"
)
SSL_CERTIFICATE_KEY=$(
echo "$PWD/testserver-key.pem;"
echo "$PWD/testserver-key.pem"
)