From 7f48476173562189fe5714aee49686ed74e51de7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Wed, 23 Dec 2015 14:48:31 +0000 Subject: [PATCH 1/2] doc: Cleaned up nginx configration bits --- README.rst | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/README.rst b/README.rst index 6c6dd60..32174c9 100644 --- a/README.rst +++ b/README.rst @@ -184,7 +184,7 @@ Also enable the application: ln -s ../apps-available/certidude.ini /etc/uwsgi/apps-enabled/certidude.ini We support `nginx-push-stream-module `_, -configure the site in /etc/nginx/sites-available.d/certidude: +configure the site in /etc/nginx/sites-available/certidude: .. code:: @@ -196,7 +196,14 @@ configure the site in /etc/nginx/sites-available.d/certidude: server_name localhost; listen 80 default_server; listen [::]:80 default_server ipv6only=on; + root /usr/local/lib/python3.4/dist-packages/certidude/static; + location /api/ { + include uwsgi_params; + uwsgi_pass certidude_api; + } + + # Add following three if you wish to enable push server on this machine location /pub { allow 127.0.0.1; # Allow publishing only from CA machine push_stream_publisher admin; @@ -212,18 +219,13 @@ configure the site in /etc/nginx/sites-available.d/certidude: push_stream_channels_path $1; push_stream_subscriber eventsource; } - - location / { - include uwsgi_params; - uwsgi_pass certidude_api; - } } Enable the site: .. code:: bash - ln -s ../sites-available.d/certidude.ini /etc/nginx/sites-enabled.d/certidude + ln -s ../sites-available/certidude /etc/nginx/sites-enabled/certidude Also adjust ``/etc/nginx/nginx.conf``: From 1b50b8a3714ad64dc26c04b4d6839b009f1e6262 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Thu, 24 Dec 2015 13:58:24 +0000 Subject: [PATCH 2/2] cli: Fix group ownership for authority setup --- certidude/cli.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/certidude/cli.py b/certidude/cli.py index 2d5571d..99f19a4 100755 --- a/certidude/cli.py +++ b/certidude/cli.py @@ -628,6 +628,9 @@ def certidude_setup_authority(parent, country, state, locality, organization, or ca.sign(key, "sha256") + _, _, uid, gid, gecos, root, shell = pwd.getpwnam("certidude") + os.setegid(gid) + os.umask(0o027) if not os.path.exists(directory): os.makedirs(directory)