Revision: 261 http://svn.sv.gnu.org/viewvc/?view=rev&root=administration&revision=261 Author: rwp Date: 2016-10-15 22:45:36 +0000 (Sat, 15 Oct 2016) Log Message: ----------- https: Various...
Modified Paths: -------------- trunk/sviki/https.mdwn Modified: trunk/sviki/https.mdwn =================================================================== --- trunk/sviki/https.mdwn 2016-10-15 22:45:29 UTC (rev 260) +++ trunk/sviki/https.mdwn 2016-10-15 22:45:36 UTC (rev 261) @@ -49,9 +49,9 @@ Savannah's non-root certbot installation ---------------------------------------- -Bob Proulx developed and installed a modified `certbot` recipe which -allows `certbot-auto` to operate as a non-root user, isolated in its -own directory. This setup is used on `frontend0`, `vcs0`, and `mgt0`. +On Savannah we have installed a modified `certbot` recipe which allows +`certbot-auto` to operate as a non-root user, isolated in its own +directory. This setup is used on `frontend0`, `vcs0`, and `mgt0`. ### Web Server Configuration, Part 1 @@ -59,15 +59,15 @@ Alias /.well-known /home/certbot/www/certbot/.well-known <Directory "/home/certbot/www/"> - AllowOverride None - Require all granted + AllowOverride None + Require all granted </Directory> If using Nginx, use the following: (frontend0 does not yet use Nginx however mgt0 and vcs0 do.) location /.well-known { - root /home/certbot/www/ ; + root /home/certbot/www/ ; } Reload Apache or Nginx. @@ -234,11 +234,11 @@ ssl_certificate /home/certbot/etc/live/frontend0.savannah.gnu.org/fullchain.pem; ssl_certificate_key /home/certbot/etc/live/frontend0.savannah.gnu.org/privkey.pem; ssl_dhparam /etc/ssl/dhparam.pem; - ssl_prefer_server_ciphers On; - ssl_ciphers ... use current accepted values - ssl_protocols ... use current accepted values - ssl_session_cache shared:SSL:10m; - ssl_session_timeout 10m; + ssl_prefer_server_ciphers On; + ssl_ciphers ... use current accepted values + ssl_protocols ... use current accepted values + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; include ssl_params.local; # Many more SSL-specific configuration