SystemSh0cker/gocsaf
1
0
Fork 0
mirror of https://github.com/gocsaf/csaf.git synced 2025-12-22 05:40:11 +01:00
Code Issues Releases Activity Actions

Merge pull request #6 from csaf-poc/initial-nginx-provider-setup

Browse source 
Initial nginx provider setup
This commit is contained in:
Sascha L. Teichmann 2021-12-02 11:19:27 +01:00 committed by GitHub
commit f6a9a85cfb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 109 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

16
README.md
View file

@ -1,3 +1,19 @@
# csaf_distribution # csaf_distribution
**WIP**: A prove of concept for a CSAF trusted provider, checker and aggregator. **WIP**: A prove of concept for a CSAF trusted provider, checker and aggregator.
## Setup
- A recent version of **Go** (1.17+) should be installed. [Go installation](https://go.dev/doc/install)
- Clone the repository `git clone https://github.com/csaf-poc/csaf_distribution.git `
- Build Go components
``` bash
cd csaf_distribution
go build -v ./cmd/...
```
- [Install](http://nginx.org/en/docs/install.html) **nginx**
- To configure nginx see [docs/provider-setup.md](docs/provider-setup.md)

93
docs/provider-setup.md Normal file
View file

@ -0,0 +1,93 @@
# Setup provider
The provider is meant to run as an CGI program in an nginx enviroment.
The following instructions are for an Debian 11 server setup.
```(shell)
apt-get install nginx fcgiwrap
cp /usr/share/doc/fcgiwrap/examples/nginx.conf /etc/nginx/fcgiwrap.conf
systemctl status fcgiwrap.servic
systemctl status fcgiwrap.socket
systemctl is-enabled fcgiwrap.service
systemctl is-enabled fcgiwrap.socket
```
```(shell)
cd /var/www
chgrp -R www-data .
chmod -R g+w .
```
Content of `/etc/nginx/fcgiwrap.conf`
```
# Include this file on your nginx.conf to support debian cgi-bin scripts using
# fcgiwrap
location /cgi-bin/ {
# Disable gzip (it makes scripts feel slower since they have to complete
# before getting gzipped)
gzip off;
# Set the root to /usr/lib (inside this location this means that we are
# giving access to the files under /usr/lib/cgi-bin)
root /usr/lib;
# Fastcgi socket
fastcgi_pass unix:/var/run/fcgiwrap.socket;
# Fastcgi parameters, include the standard ones
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.go)(.*)$;
# Adjust non standard parameters (SCRIPT_FILENAME)
fastcgi_param SCRIPT_FILENAME /usr/lib$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param CSAF_CONFIG /usr/lib/csaf/config.toml;
}
```
Add to `/etc/nginx/sites-enabled/default`:
```
server {
location / {
# Other config
# ...
# For atomic directory switches
disable_symlinks off;
# directory listings
autoindex on;
}
# enable CGI
include fcgiwrap.conf;
}
```
Place the binary under `/usr/lib/cgi-bin/csaf_provider.go`.
Make sure `/usr/lib/cgi-bin/` exists.
Create configuarion file under `/usr/lib/csaf/config.toml`:
```
# upload_signature = true
# key = "/usr/lib/csaf/public.asc"
key = "/usr/lib/csaf/private.asc"
#tlps = ["green", "red"]
domain = "http://192.168.56.102"
#no_passphrase = true
```
with suitable replacements.
Create the folders:
```(shell)
curl http://192.168.56.102/cgi-bin/csaf_provider.go/create
```