luke
/
fat-gitea
Watch 1
Star 0
Fork 0
Code Pull Requests 0 Releases 0 Activity
Browse Source

jakies drobne zmiany

master
Lukasz Jarosz 5 years ago
parent
5fbb185437
commit
02fe87463c
2 changed files with 5 additions and 2 deletions
Unified View Show Diff Stats
  1. 4
    1
      README.md
  2. 1
    1
      files/usr/bin/ssl-auto-renew

+ 4
- 1
README.md View File

11
11
12 
 ## SSL
 12 
 ## SSL
13 
 Image supports using SSL with nginx which acts as reverse proxy for Gitea. It has embedded Lets Encrypt support with auto renewal. If you don't have account.key script will generate it for you.
 13 
 Image supports using SSL with nginx which acts as reverse proxy for Gitea. It has embedded Lets Encrypt support with auto renewal. If you don't have account.key script will generate it for you.
14 
-Required files for cert are /data/ssl/cert.crt /data/ssl/cert.key .
14 
+Required files for cert are /data/ssl/cert.crt /data/ssl/cert.key .
15 
+
16 
+## Gitea
17 
+There are a few tweaks to app.ini template. Most of them are around disabling unecessary logs and features that may lead to potentional exploit of installation.

+ 1
- 1
files/usr/bin/ssl-auto-renew View File

5 
     [[ ! -f $file ]] && exit
 5 
     [[ ! -f $file ]] && exit
6 
   done
 6 
   done
7
7
8 
-  python3 -m acme_tiny --account-key /data/ssl/account.key --csr /data/ssl/domain.csr --acme-dir /run/nginx/challenges > /data/ssl/cert.crt
8 
+  python3 -m acme_tiny --account-key /data/ssl/account.key --csr /data/ssl/domain.csr --acme-dir /run/nginx/challenges > /tmp/cert.crt && mv /tmp/cert.crt /data/ssl/cert.crt
9 
   s6-svc -du /etc/s6/nginx
 9 
   s6-svc -du /etc/s6/nginx
10 
 fi
 10 
 fi

Write Preview
Loading…
Cancel
Save