From 2dbc0dec305c980880316b73b026561bc4328411 Mon Sep 17 00:00:00 2001 From: tobiasKaminsky Date: Tue, 19 Dec 2023 14:37:46 +0100 Subject: [PATCH 1/3] Add client cert auth Signed-off-by: tobiasKaminsky --- shallow-server/Dockerfile | 2 ++ shallow-server/initnc.sh | 4 ++-- shallow-server/run.sh | 2 ++ shallow-server/ssl/default-ssl.conf | 32 ++++++++++++++++++++++++++ shallow-server/ssl/selfsigned-cli.crt | 19 +++++++++++++++ shallow-server/ssl/selfsigned-cli.csr | 16 +++++++++++++ shallow-server/ssl/selfsigned-cli.key | 28 ++++++++++++++++++++++ shallow-server/ssl/selfsigned-cli.p12 | Bin 0 -> 2515 bytes 8 files changed, 101 insertions(+), 2 deletions(-) create mode 100644 shallow-server/ssl/selfsigned-cli.crt create mode 100644 shallow-server/ssl/selfsigned-cli.csr create mode 100644 shallow-server/ssl/selfsigned-cli.key create mode 100644 shallow-server/ssl/selfsigned-cli.p12 diff --git a/shallow-server/Dockerfile b/shallow-server/Dockerfile index f0b87d73..2334e073 100644 --- a/shallow-server/Dockerfile +++ b/shallow-server/Dockerfile @@ -41,6 +41,8 @@ ADD ssl/dhparam.pem /etc/ssl/certs/ ADD ssl/default-ssl.conf /etc/apache2/conf-available/ssl-params.conf ADD ssl/nextcloud.crt /etc/ssl/certs/nextcloud.crt ADD ssl/nextcloud.key /etc/ssl/private/nextcloud.key +ADD ssl/selfsigned-cli.crt /etc/ssl/certs/selfsigned-ca.crt +ADD ssl/selfsigned-cli.key /etc/ssl/private/selfsigned-cli.key ADD ssl/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf ADD default-nextcloud.conf /etc/apache2/sites-enabled/default-nextcloud.conf ADD nextcloud.ini /etc/php/8.1/apache2/conf.d/nextcloud.ini diff --git a/shallow-server/initnc.sh b/shallow-server/initnc.sh index 823d67d8..33a4e2a1 100755 --- a/shallow-server/initnc.sh +++ b/shallow-server/initnc.sh @@ -6,7 +6,7 @@ export BRANCH=${BRANCH:=master} cd /var/www/html/ # Run 'apt-get update' to unlock files. This seems neccessary on self hosted runners with fuse-overlayfs, -# otherwise git checkout will error out with 'file exists' error. Needs to be run here, doesn't work when +# otherwise git checkout will error out with 'file exists' error. Needs to be run here, doesn't work when # done inside the Dockerfile apt-get update @@ -40,7 +40,7 @@ else fi -if test -z "$REDIS" +if test -z "$REDIS" then echo "\$REDIS not set, ignoring..." else diff --git a/shallow-server/run.sh b/shallow-server/run.sh index 634f1d40..43cb8dfe 100755 --- a/shallow-server/run.sh +++ b/shallow-server/run.sh @@ -3,6 +3,8 @@ set -e cd /var/www/html/ +echo "Listen 8080" >> /etc/apache2/ports.conf + . /etc/apache2/envvars # allow php and apache2 to create their run socket diff --git a/shallow-server/ssl/default-ssl.conf b/shallow-server/ssl/default-ssl.conf index a3834c5c..64272a5c 100644 --- a/shallow-server/ssl/default-ssl.conf +++ b/shallow-server/ssl/default-ssl.conf @@ -24,4 +24,36 @@ downgrade-1.0 force-response-1.0 + + + ServerAdmin webmaster@localhost + + DocumentRoot /var/www/html + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + SSLEngine on + + SSLCertificateFile /etc/ssl/certs/nextcloud.crt + SSLCertificateKeyFile /etc/ssl/private/nextcloud.key + + # client cert + SSLCACertificateFile /etc/ssl/certs/selfsigned-ca.crt + SSLCertificateKeyFile /etc/ssl/private/selfsigned-cli.key + SSLVerifyClient require + SSLVerifyDepth 10 + + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + + BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + + diff --git a/shallow-server/ssl/selfsigned-cli.crt b/shallow-server/ssl/selfsigned-cli.crt new file mode 100644 index 00000000..d8009c84 --- /dev/null +++ b/shallow-server/ssl/selfsigned-cli.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIC/jCCAeYCAWUwDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV +BAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDAeFw0yMzEyMTgxMzM2NDZaFw0yNDEyMTcxMzM2NDZaMEUxCzAJBgNVBAYTAkFV +MRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRz +IFB0eSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3jKLeOiSB +aJAT97e6InHWGJPZpQLaVMF2QvV4Qo5bG6erlK9+AWsRjXUAddO/8K66PMNRI1Yg +8lv/2bajzyC6bKJEi+C5FidAY0yfaKmDrEIVTtMPQoMriFUwxOAiupfsQsr8qo78 +tP9hgL44u6VgSirH29EoFpi+UD92Y2NYM+RSNMWFaBubidq2q6+3LeSmfbG3UF3x +dfgRudSzWwU/sNdHn3a0avZ2LdubJnYDRsKtMzsRyfYttLHtKInpD+jHoQ8mX6st +zrDTbVoPCiEQFsBKbB0ZZk5QC9MpB7RSFNy9x+gywHzu2PKhqdoI7KHKULMJRUXF +K4rRJO7gA857AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIZb9ClWoDKH0kdSstSH +hxSkrbrkpKOLUGnkZqEfi1mm4wLCreJjZl7ETg9PceqvYmqf+BC1VQsmPZ3Kd2vI +8HtmJ3KpAUgz3gcl4GctKKQRNWMXaX1p9beuS6C9e0bE1+zXWs0+gvs4+0Im55XP +wsbUWz90Ne/eZo7zM3uYBCIJSuWrXSZqXRuX4XCY57Y3NiL94ORaar7BJp2VrL1I +lvYLXsH1TgRzuJGq+2kTIsXioyVsnIIy91WfZKgWIHG0ta9UKoJdm57QQWAG8sLY +OOgANBJwDvtYvilmiFajpNVy7x9pGxq8kaUi4KNh5otu8bmCON7SErSXMj+xAuwd +KLU= +-----END CERTIFICATE----- diff --git a/shallow-server/ssl/selfsigned-cli.csr b/shallow-server/ssl/selfsigned-cli.csr new file mode 100644 index 00000000..abae8d00 --- /dev/null +++ b/shallow-server/ssl/selfsigned-cli.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICijCCAXICAQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAPeMot46JIFokBP3t7oicdYYk9mlAtpUwXZC9XhC +jlsbp6uUr34BaxGNdQB107/wrro8w1EjViDyW//ZtqPPILpsokSL4LkWJ0BjTJ9o +qYOsQhVO0w9CgyuIVTDE4CK6l+xCyvyqjvy0/2GAvji7pWBKKsfb0SgWmL5QP3Zj +Y1gz5FI0xYVoG5uJ2rarr7ct5KZ9sbdQXfF1+BG51LNbBT+w10efdrRq9nYt25sm +dgNGwq0zOxHJ9i20se0oiekP6MehDyZfqy3OsNNtWg8KIRAWwEpsHRlmTlAL0ykH +tFIU3L3H6DLAfO7Y8qGp2gjsocpQswlFRcUritEk7uADznsCAwEAAaAAMA0GCSqG +SIb3DQEBCwUAA4IBAQAEyqpbulAtsCRSvukliH1VRqwA759+ySXTl05PKHfK313m +9JkoOGSfQX7j5aJwPyGfPhh3OjlzVX0PK6FaNrXloXSkcsgB5lVxCsk5Fw3bq1sj +bZA/Vv7CMF5mFmkIdRl9xJ5m5j5z+w8GQosOMPr/avSBaVncA/cqhd3vx0ZmiE7p +V/qI9w8xTu6CNkdtTrqTz5cveuIkqOwqUcdxtHqhSuoz0RGWAk6FJ6FRY8Ml3iAP +ZC6vGbu/k5YHo4xPB7V8b8yRLh9/5FIVpBgfYSgyvwSedOV2DdrDHQmFtol+ym/d +14gMprNeRH7o0/FaVUu/JxpQdPy8hP6YQR/o/ASC +-----END CERTIFICATE REQUEST----- diff --git a/shallow-server/ssl/selfsigned-cli.key b/shallow-server/ssl/selfsigned-cli.key new file mode 100644 index 00000000..e43a7923 --- /dev/null +++ b/shallow-server/ssl/selfsigned-cli.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD3jKLeOiSBaJAT +97e6InHWGJPZpQLaVMF2QvV4Qo5bG6erlK9+AWsRjXUAddO/8K66PMNRI1Yg8lv/ +2bajzyC6bKJEi+C5FidAY0yfaKmDrEIVTtMPQoMriFUwxOAiupfsQsr8qo78tP9h +gL44u6VgSirH29EoFpi+UD92Y2NYM+RSNMWFaBubidq2q6+3LeSmfbG3UF3xdfgR +udSzWwU/sNdHn3a0avZ2LdubJnYDRsKtMzsRyfYttLHtKInpD+jHoQ8mX6stzrDT +bVoPCiEQFsBKbB0ZZk5QC9MpB7RSFNy9x+gywHzu2PKhqdoI7KHKULMJRUXFK4rR +JO7gA857AgMBAAECggEAGMG3AhF/gspMamrM3tprVwrTMnd8Wbhoi/q1+4ZwdS/G +rMlXDvt2U+WOjMgRMAdnz1acqUR8QcRAgM2q+dE7nS6YaybasmKYSf9ZnjGZ46y6 +WSYubmlrnn1pGPz/dgms1Y3NKMf9Onb2zq9Q7ByRX+1a6kI+CyEjZRkNF7pofjKp +VCy623TJIPEml3P2Anxst2ZwglwPcu52IDt3yqssQ0SfX25g04uU6Tem0MClvDLO +iMYjFNPWT8Xek3HiwlvWHvQzrcJzdo+hc9XU4gxynCRtxcWTd2+2lJTIJW24vTcc +VW3aNIdA95GMFZHrM/0c5s40ZBKo21fjw/TCPlQg6QKBgQD9oQirpfimfKk8AQdQ +XLeqrm/NY4SmID901eHTOgNW7x1QT9LqfgsV449agQ85J12oo3JicfVOLrcloO8F +Z9zPxoWOvn8qlbJXecDNVqaO3lK9uyc6mNhu1ljItEZTdpamF9LudEv0UkgVWI19 +8XeMA/gnPAT2t/nkbu+AzWhVcwKBgQD53Q2K5WflcHKvzo9LhsORkN3zS3k05DFS +cPyOwi7Bkr2K9oG7oGxzELgWNRUDCBC0gDGC6RUu1+eaS3BAQJk88miZX2BkiUcS +mj9Hn3MmQ5aPwCNRMfrQkBXsU6bEGkKoz12IFioApATj2yBuRVA+WpjeafsASeiB +6jmCp0cg2QKBgGIqsAZv6PvXiFE3PLN4D4a6mX9vo2oBVU5NcmilLaG6TyhEnSgx +vOyt9VBcX54JhJC/IojD/uRR5IVl8t2uw6KP/iWvydybsDl3YI6ZmUH2/yN8isR9 +YFgWEqssS4QGhGypD/VHghaAunG4ops6mMDS0HuvGWS89LXb0kuSNW3NAoGAc2no +F4BfvVtznkGLbxeQvmxsGTWDhyrgnXQTNN39OuzNIKM8ya4QahYO8jMSwZO4I6gT +NqTzY+/Wyy6NayBrp/tQ1Yd4vveqHK2jDTJZvhL6OOxHY/nyIORtO/xny61VnSQr +z/Bs9l7M43MUR9s8dZDji9joV/nLrDbE2dTqxgECgYB8+QH+PiRXO2zwqDp5AOiP +sfGY/+mNd33Hniuh7eZCEoBFopgvP/Hcz+Fo6oaOZapKP120x3rYsNQxgOUvr4Z+ +sKqsWqUqMy/yKwD8WIFp5BeNam4/duItoEDntx79LAwbTQB0nZxoyPAuU5A2x2dC +TAWBlEw8g/ePIHm3cPiQMg== +-----END PRIVATE KEY----- diff --git a/shallow-server/ssl/selfsigned-cli.p12 b/shallow-server/ssl/selfsigned-cli.p12 new file mode 100644 index 0000000000000000000000000000000000000000..33ed260edc69b4f3cc72e67d0ac4ff2044633254 GIT binary patch literal 2515 zcmai$c{J1u8^_JYEXZzXEWJkdxj$ta*$E}r5?KbNv1ExbB5P*G(lw+@i(O+aON=dB z$&!6fSJsFugUDXg>z?;L-9PUi&w0-C{hsGMe|+e4&Wjn^Uuf*V4!e>>5;06 zMl?GZ3}*q@S>gY?21dYG01;NiwHRZND+CIXg>t!&ML#z^W6Y~>JBIVQM(^JxL#|~7 z@c9g*DN=Yl@M?3N*5IbSaomL|rj5aD=I;8V-1m-BYTtD1qHjQF2-GHj>BjK{(UjJV z4s!x#xWP^0tbH2oO3iX8DPRL?L&hRjGxv5vZ_fYd#NUCNzZ^xc8yg$E-}4k}xT)=LT&S1-49KEnlq}-aG3T0ATD69AMe~qW|qo(8t z<*3ENy6hGc9aS?lbg<3BqE!y&=w@_v!W>4C9^(rdGFX5+(HWXfs7&eME?Y0U3+;DMo|wE@u|iSciF{la8*to8eOEKJ$* z_$w!IQ{i9x+QFYZ7VjK(e$X)I>^o^O)w82}zYgW%WGEj4{0r9CSiOV zvKHIrWLFh>rKFMdlB67GI@i4ejtYZbu^o4*=U8E%D3RB?A7nVv?0cI1wW`pWT5O09)00QdJZWd^DCP&GH?ky2HoDo$SpBe$ ztN#0z?`{3axa0+6C6`jo>kQRWIXOCMg9NLXs=Q3ZpeWMhQQZ>FoZ!@(i0#xK^gH6W zwcW*TZ5!dytMJ}KTTYlf*>RasIrcsNWd+}1oGelryIzEs3#NeQ5 zK9rfZ`Vp05=jd52&3a{Bik}!xQD)x^ZRIWi|7F>f^1=5M?UMMBw%FrWJWIi9NNqn! zs6N%b$vUx%M#`*+`_Uq>lUT4h>CfSx(trfWFzT7K zg22b7;<2dkZ-KA60TNuwlzZ{7fiJDlx2$&jv@|dNSS85hTQ8Ih9o)XI)4VSctSoqs z^-K*A8*8%=A9Q$!kh^ke4|7hrL;N7WC*9dP%$9Eqqbry|{4E?8buac7q4=kzbg2s^(PfRnW;Cg`LGKR#G)yfxMdEo`~g?gxwNT`LgM% zrd`LCBLZ2I?yIe;5fbG&s5gVx>-O0cIjv2aczmNAU7=2t)Ud!La8)_e2OcD+_nvlQ z3F{a=-ns!OPTikEFmrGyC?n0>7TsqGSxQW$wFhLpRJy8Lt$&6<`KwmLZ_pe~+&ih8tf^p&t4Lvrn(Gu=$-VJ3`8KV!H zcTd5@>`|Y&d}QElQ5(B;xRA#{@qY?7I8=cYCx3LlY_XTfCeasEZo7{G;ywlgg^C#* zMJ@gh#gxj*`UAsdi@WeYA{6Wq63KVd%qBS^iaCQB5=uOIuk95h9z(oB3A%^1 zWYJ>GpSZSwlZT%L5_KPiq_#q4K87OFCIMPl~8tP7rRqhWo%!_Ss97`n3} z>ldEF(4i*p$9QYor@h4a^Bq50dMEh1<}7_4E!|LRPG=l^>c%5;bDdt7Yrileg&<+_ z8{)#|d2NlT$8o?RyW#&}c?1%1T9oNehW4sLzP5eQ%nZslWX?;bm zYhH|dS}K%_%aN3~hTFHAsD)TI?J4s|-3JG#u)Y>v0Z&{Ta8Bct(G3H46Tm$D~7rCLyf|zg%S2D2Z@6P_n zj~?5-FWvH>zowL%KF?B^T&oFpK0k|7yNQ1Lr*b^Kr2Hr}W(qSUUH{DR0@p;)jr6KD(ZVFZ==eZ>1#Df8TZcO#-0fZl z%;rQjA+yR5xTZx7HFDlaM%fZOWAsvWUxPo)UH}Kba4ln@ zGV|$~!cykTy}m-lb@C;*nG62e~8y^&JPwB*s@N$&wyDu5`vZ8Dt{*H z|15)bfm1ZmlS2l0_fK!AQ+?uv=v;5Ao{flkRrf7%S^iyoZ`p{nz|u@@ROK zLYCErP>x;NuozW45@{AW8CFAlq$mkU`~ob3Ur_+c7q`m(NB|=h8?c=y^B`sa*?#6Q z8qft40ghkq5Eukwfr@{D*~cbiopjm{vDQj+`#6912`)M$$za`Rz<%lBm~{>muHTL^ Mjv9FG^*3t&3tyCWoB#j- literal 0 HcmV?d00001 From 3310ded305a6792bae85445851d6569976962d26 Mon Sep 17 00:00:00 2001 From: tobiasKaminsky Date: Thu, 25 Jan 2024 12:36:48 +0100 Subject: [PATCH 2/3] add legacy p12 for older Android versions Signed-off-by: tobiasKaminsky --- shallow-server/ssl/selfsigned-cli-legacy.p12 | Bin 0 -> 2373 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 shallow-server/ssl/selfsigned-cli-legacy.p12 diff --git a/shallow-server/ssl/selfsigned-cli-legacy.p12 b/shallow-server/ssl/selfsigned-cli-legacy.p12 new file mode 100644 index 0000000000000000000000000000000000000000..ee300f67747dc27c0d97b2e123f351ae006675e2 GIT binary patch literal 2373 zcmV-L3A*+$f(bza0Ru3C2?quVDuzgg_YDCD0ic2i_ymFo^e}=5@Gyb{rv?cshDe6@ z4FLxRpn?OKFoFY=0s#Opf&+~P2`Yw2hW8Bt2LUh~1_~;MNQUHQP28z1$6+~ai-ew+&mQ_=AkaQtr`SW$<%om_8U8$7L!57^BBi= z{ga9ZqJnVgm5`vA+=;=aTgD{1?0E@;%LX-KntR5#)lTdKxouE;5)i(-Xhj=?J)@KD z&iXWn1Rt!-Z$fxP0Z)LJ?R!svR-4kut!&JhJPH9rH^YpcT(6I9VV$xHiJME@G=Vz<_``vjG}8!PEuF- z`>6ND)pX87qOr|iXFz^sO~l1o)5Mi^m^dj~I$`aXP}SQ;u7-Q9cd<*oCYbCht0Ai+@VGO5i>;;Ud%iXj7p< z6!Q7rwKz>^637;pcH{VjhaY5F-or))KG#9UW7Pl{^O49WC@lzHyG@c!S^H&f=Ttj} zKx67r>(yF{f1%`H;qHE51(#jO*4M8oM#k%t8qizB#*$i`^s}t4W`W3X%6hrw$#$qb zw`ke#-F*6AS;Kc!J+F|w*YYhnU})RYJkK7#RH6AaV9%<%r$TvLKZ4_^eFYeqzS)7f zqHcxMxh4(slpR`Ln9^FrIk+3>jRFAA5g{+gw-Ww$Vbi`*FXrgT7x8N0~uz(VsXNI53d zi?eW+V9Rr&wP0qt64vKAJNiV5GUhfsC<#$mT87g`JckzqaN42LT+qfP=iEY>6&EoK zsYW)Rq>#8rsz^@VIH+Y-e}G;Gplu?l_7}9x7SKCIOh9~Nml761o*C7h=>E+WCE#Dx z9g&HxM#*SLEn2{JO`5-)Y{IEYPobSskfr9IbR#!-9VY`5MWIa9t>W+me8jV_4`s1I znbh4AH$6?g{&l8JEHFJtwvp$O_zS+Q;xa4mV&DT71G+Hg-T;|)zpA`RDaE&N+WFVb z=&GXyw>5BmpQ)W}u7B*OFIWR}*UQulP!ddMQZCT26JuPAY3ihUANf z-=vbM<5I~6Y2R136*n5sj=XV5wa4S4(#wP#8KIn^zDrfsixdk%MSaiYFoFd^1_>&L zNQUv2yu*90D`rR^IxSpMhlQH3itU)J@8P*3I1V!y8ZiABy>ZUt=W~u)DHv|`Tb4NcDw8*92BmuupSA5iPgx|odn`#kf zr^|=wI(>4beLI=)P4ZZZKNGF_uETpAn=a)Ow5a&Xm?i1dL14hdAS~@1(>8+B$RBXj z)43bDuFCcDxuAf>lZ3|}kDZ*UY&GAipTyZzy6TtTl&c|bSEyZc3o0GDs~vYSL(s9yo$A zrpcG~j<1EtXz+tA05(j28H@E?wEo*uxx2%1t9PC09=7d`GL+Dd7!!KkZPJY;aW9E` z{CI8+zk>DD_CsVXpi*5QY@pZP&Au)9oE@gqSBgYhM0wyMB063%;X-e_=ex{r#Qi`D z7#-8fYCHLY;+OR#^(&}!YzQseU`vRUlI}k-2RDSQPm_)OWr^i$;|h%4eMV1Z9d3jf z{N&Il8x@pW2Kn;^*p1L&aQd393MU8QE3poal|U3y*z`a%Rl1+)9KBMU%UqDsutM7x zvfgIE)}F-{(_xpr@}5u8^-gr`|7$xyuD)F6we&;&Ho8rF7Mz%`pn72pQ9#>nOCNPf zBEONur)ES~E}}njn`DjsYhU1fN(fPXzo$A6Oc)}c#6CU}Del*c_fSj zQ4{?A|FbG;)~BqDIk^-5JxL{NuTcPP{rl zC6@(#Ros}}^|h2f%0cwe$%o3YV0RLhl^`3}vmMdSz?hX?0r|aDW+L0{-g_0KuNmFU zc0#X8@I;7e(*%b_IYGIsTy45&Cm+wnB1QnyWNH=oM4*PWGI_AFJ0~|MPoI+BpXb4^ zxwzy#{UHqM@;y(ry9qgQa2tZj77z#m-}ooOJ)Va;3}t}JM*r!>BPXA&c$c7CS-AjQ z(f7wZUVf{jNK`630t<_Dv0&O;G)wD+Wvz)MtpnFB$kNyDDeBBt5d3IH{RQ6@H?xjz zO>mM$xiGy&ox#3N-;P&^Jk|wZ?f(L;hw1O%bNv0A*&Q;Z%2 Date: Fri, 26 Jan 2024 17:46:23 +0100 Subject: [PATCH 3/3] make more clear that this is for testing purpose only Signed-off-by: tobiasKaminsky --- shallow-server/Dockerfile | 4 ++-- shallow-server/ssl/default-ssl.conf | 5 +++-- ...igned-cli-legacy.p12 => dev-test-key-legacy.p12} | Bin .../ssl/{selfsigned-cli.crt => dev-test-key.crt} | 0 .../ssl/{selfsigned-cli.csr => dev-test-key.csr} | 0 .../ssl/{selfsigned-cli.key => dev-test-key.key} | 0 .../ssl/{selfsigned-cli.p12 => dev-test-key.p12} | Bin 7 files changed, 5 insertions(+), 4 deletions(-) rename shallow-server/ssl/{selfsigned-cli-legacy.p12 => dev-test-key-legacy.p12} (100%) rename shallow-server/ssl/{selfsigned-cli.crt => dev-test-key.crt} (100%) rename shallow-server/ssl/{selfsigned-cli.csr => dev-test-key.csr} (100%) rename shallow-server/ssl/{selfsigned-cli.key => dev-test-key.key} (100%) rename shallow-server/ssl/{selfsigned-cli.p12 => dev-test-key.p12} (100%) diff --git a/shallow-server/Dockerfile b/shallow-server/Dockerfile index 2334e073..f978cee1 100644 --- a/shallow-server/Dockerfile +++ b/shallow-server/Dockerfile @@ -41,8 +41,8 @@ ADD ssl/dhparam.pem /etc/ssl/certs/ ADD ssl/default-ssl.conf /etc/apache2/conf-available/ssl-params.conf ADD ssl/nextcloud.crt /etc/ssl/certs/nextcloud.crt ADD ssl/nextcloud.key /etc/ssl/private/nextcloud.key -ADD ssl/selfsigned-cli.crt /etc/ssl/certs/selfsigned-ca.crt -ADD ssl/selfsigned-cli.key /etc/ssl/private/selfsigned-cli.key +ADD ssl/dev-test-key.crt /etc/ssl/certs/dev-test-key.crt +ADD ssl/dev-test-key.key /etc/ssl/private/dev-test-key.key ADD ssl/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf ADD default-nextcloud.conf /etc/apache2/sites-enabled/default-nextcloud.conf ADD nextcloud.ini /etc/php/8.1/apache2/conf.d/nextcloud.ini diff --git a/shallow-server/ssl/default-ssl.conf b/shallow-server/ssl/default-ssl.conf index 64272a5c..0a7b637e 100644 --- a/shallow-server/ssl/default-ssl.conf +++ b/shallow-server/ssl/default-ssl.conf @@ -39,8 +39,9 @@ SSLCertificateKeyFile /etc/ssl/private/nextcloud.key # client cert - SSLCACertificateFile /etc/ssl/certs/selfsigned-ca.crt - SSLCertificateKeyFile /etc/ssl/private/selfsigned-cli.key + ## This is for local development testing only! + SSLCACertificateFile /etc/ssl/certs/dev-test-key.crt + SSLCertificateKeyFile /etc/ssl/private/dev-test-key.key SSLVerifyClient require SSLVerifyDepth 10 diff --git a/shallow-server/ssl/selfsigned-cli-legacy.p12 b/shallow-server/ssl/dev-test-key-legacy.p12 similarity index 100% rename from shallow-server/ssl/selfsigned-cli-legacy.p12 rename to shallow-server/ssl/dev-test-key-legacy.p12 diff --git a/shallow-server/ssl/selfsigned-cli.crt b/shallow-server/ssl/dev-test-key.crt similarity index 100% rename from shallow-server/ssl/selfsigned-cli.crt rename to shallow-server/ssl/dev-test-key.crt diff --git a/shallow-server/ssl/selfsigned-cli.csr b/shallow-server/ssl/dev-test-key.csr similarity index 100% rename from shallow-server/ssl/selfsigned-cli.csr rename to shallow-server/ssl/dev-test-key.csr diff --git a/shallow-server/ssl/selfsigned-cli.key b/shallow-server/ssl/dev-test-key.key similarity index 100% rename from shallow-server/ssl/selfsigned-cli.key rename to shallow-server/ssl/dev-test-key.key diff --git a/shallow-server/ssl/selfsigned-cli.p12 b/shallow-server/ssl/dev-test-key.p12 similarity index 100% rename from shallow-server/ssl/selfsigned-cli.p12 rename to shallow-server/ssl/dev-test-key.p12