From 2a74c2d5da206f7ed10eff4800eecf6fea4b070a Mon Sep 17 00:00:00 2001 From: "Sascha L. Teichmann" Date: Mon, 29 Nov 2021 14:52:05 +0100 Subject: [PATCH 1/7] Initial nginx setup for provider. --- docs/provider-setup.md | 71 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 docs/provider-setup.md diff --git a/docs/provider-setup.md b/docs/provider-setup.md new file mode 100644 index 0000000..e05c036 --- /dev/null +++ b/docs/provider-setup.md @@ -0,0 +1,71 @@ +# Setup provider + +The provider is meant to run as an CGI program in an nginx enviroment. + +The following instructions are for an Debian 11 server setup. + +```(shell) +apt-get install nginx fcgiwrap +cp /usr/share/doc/fcgiwrap/examples/nginx.conf /etc/nginx/fcgiwrap.conf +systemctl status fcgiwrap.servic +systemctl status fcgiwrap.socket +systemctl is-enabled fcgiwrap.service +systemctl is-enabled fcgiwrap.socket +``` + +Content of `/etc/nginx/fcgiwrap.conf` + +``` +# Include this file on your nginx.conf to support debian cgi-bin scripts using +# fcgiwrap +location /cgi-bin/ { + # Disable gzip (it makes scripts feel slower since they have to complete + # before getting gzipped) + gzip off; + + # Set the root to /usr/lib (inside this location this means that we are + # giving access to the files under /usr/lib/cgi-bin) + root /usr/lib; + + # Fastcgi socket + fastcgi_pass unix:/var/run/fcgiwrap.socket; + + # Fastcgi parameters, include the standard ones + include /etc/nginx/fastcgi_params; + + fastcgi_split_path_info ^(.+\.go)(.*)$; + + # Adjust non standard parameters (SCRIPT_FILENAME) + fastcgi_param SCRIPT_FILENAME /usr/lib$fastcgi_script_name; + + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param CSAF_CONFIG /usr/lib/csaf/config.toml; +} +``` + +Add to `/etc/nginx/sites-available/default`: + +``` +server { + + # include fcgiwrap.conf;... + + include fcgiwrap.conf; +} +``` + +Place the binary under `/usr/lib/cgi-bin/csaf_provider.go`. +Make sure `/usr/lib/cgi-bin/` exists. + +Create configuarion file under `/usr/lib/csaf/config.toml`: + +``` +# upload_signature = true +# key = "/usr/lib/csaf/public.asc" +key = "/usr/lib/csaf/private.asc" +#tlps = ["green", "red"] +domain = "http://192.168.56.102" +#no_passphrase = true` +``` + +with sui \ No newline at end of file From 920a75822677f49a99638e4827d10f17b89b629d Mon Sep 17 00:00:00 2001 From: Fadi Abbud Date: Mon, 29 Nov 2021 17:06:03 +0100 Subject: [PATCH 2/7] Add Setup instructions to README --- README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.md b/README.md index 2ec9336..dd4f422 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,19 @@ # csaf_distribution **WIP**: A prove of concept for a CSAF trusted provider, checker and aggregator. + + +## Setup + +- A new version of **Go** should be installed. [Go installation](https://go.dev/doc/install) + +- Clone the repository `git clone https://github.com/csaf-poc/csaf_distribution.git ` + +- Build Go components + ``` bash + cd csaf_distribution + go build -v ./cmd/... +``` + +- [Install](http://nginx.org/en/docs/install.html) **nginx** +- To configure nginx see [docs/provider-setup.md](docs/provider-setup.md) \ No newline at end of file From 766a4395c7f65bb8d1554e7605b2455654ea3222 Mon Sep 17 00:00:00 2001 From: "Sascha L. Teichmann" Date: Mon, 29 Nov 2021 20:32:14 +0100 Subject: [PATCH 3/7] Be a bit more precise with Go version. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index dd4f422..374ae0f 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ ## Setup -- A new version of **Go** should be installed. [Go installation](https://go.dev/doc/install) +- A recent version of **Go** (1.17+) should be installed. [Go installation](https://go.dev/doc/install) - Clone the repository `git clone https://github.com/csaf-poc/csaf_distribution.git ` @@ -16,4 +16,4 @@ ``` - [Install](http://nginx.org/en/docs/install.html) **nginx** -- To configure nginx see [docs/provider-setup.md](docs/provider-setup.md) \ No newline at end of file +- To configure nginx see [docs/provider-setup.md](docs/provider-setup.md) From fd851a731711aad61392778665f69c49d4cfab2c Mon Sep 17 00:00:00 2001 From: Fadi Abbud Date: Tue, 30 Nov 2021 11:13:46 +0100 Subject: [PATCH 4/7] Remove a needless backtick --- docs/provider-setup.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/provider-setup.md b/docs/provider-setup.md index e05c036..5b6d8ec 100644 --- a/docs/provider-setup.md +++ b/docs/provider-setup.md @@ -18,7 +18,7 @@ Content of `/etc/nginx/fcgiwrap.conf` ``` # Include this file on your nginx.conf to support debian cgi-bin scripts using # fcgiwrap -location /cgi-bin/ { +location /cgi-bin/ { # Disable gzip (it makes scripts feel slower since they have to complete # before getting gzipped) gzip off; @@ -65,7 +65,7 @@ Create configuarion file under `/usr/lib/csaf/config.toml`: key = "/usr/lib/csaf/private.asc" #tlps = ["green", "red"] domain = "http://192.168.56.102" -#no_passphrase = true` +#no_passphrase = true ``` with sui \ No newline at end of file From 3fe5b532ad8d550ef5b408e76e94577281a6ba48 Mon Sep 17 00:00:00 2001 From: "Sascha L. Teichmann" Date: Tue, 30 Nov 2021 13:11:26 +0100 Subject: [PATCH 5/7] Added right change for www-data --- docs/provider-setup.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/provider-setup.md b/docs/provider-setup.md index 5b6d8ec..7c0ad81 100644 --- a/docs/provider-setup.md +++ b/docs/provider-setup.md @@ -13,6 +13,12 @@ systemctl is-enabled fcgiwrap.service systemctl is-enabled fcgiwrap.socket ``` +```(shell) +cd /var/www +chgrp -R www-data . +chmod -R g+w . +``` + Content of `/etc/nginx/fcgiwrap.conf` ``` @@ -68,4 +74,4 @@ domain = "http://192.168.56.102" #no_passphrase = true ``` -with sui \ No newline at end of file +with sui From e95645559294dda2e4c436708ca41216e2a38499 Mon Sep 17 00:00:00 2001 From: "Sascha L. Teichmann" Date: Tue, 30 Nov 2021 13:14:12 +0100 Subject: [PATCH 6/7] Fixed missing sentence in readme. --- docs/provider-setup.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/provider-setup.md b/docs/provider-setup.md index 7c0ad81..cdfdd36 100644 --- a/docs/provider-setup.md +++ b/docs/provider-setup.md @@ -74,4 +74,9 @@ domain = "http://192.168.56.102" #no_passphrase = true ``` -with sui +with suitable replacements. + +Create the folders: +```(shell) +curl http://192.168.56.102/cgi-bin/csaf_provider.go/create +``` From 666faf5a5ad4b500b101bd9d549bdbae6c22fe9f Mon Sep 17 00:00:00 2001 From: "Sascha L. Teichmann" Date: Tue, 30 Nov 2021 16:13:10 +0100 Subject: [PATCH 7/7] Describe how to enable dir listings and link following. --- docs/provider-setup.md | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/docs/provider-setup.md b/docs/provider-setup.md index cdfdd36..da47fca 100644 --- a/docs/provider-setup.md +++ b/docs/provider-setup.md @@ -49,14 +49,25 @@ location /cgi-bin/ { } ``` -Add to `/etc/nginx/sites-available/default`: +Add to `/etc/nginx/sites-enabled/default`: ``` server { - # include fcgiwrap.conf;... + location / { + # Other config + # ... - include fcgiwrap.conf; + # For atomic directory switches + disable_symlinks off; + + # directory listings + autoindex on; + } + + # enable CGI + + include fcgiwrap.conf; } ```