| Age | Commit message (Collapse) | Author |
|---|
|
The web services on fennell-hosted run behind a reverse proxy which I do not
control, and only forwards HTTP/HTTPS traffic. No DNS entries point to the
underlying server. Therefore, the standard approach of using any DNS name that
points to that server does not work here.
I already have an entry in my ssh config for the underlying server under an
alias. So, if I do ssh ${alias}, then it picks up the IP address from that
config file. I want to use the same approach here, without duplicating the IP
address. This means I must use the config file.
This should allow me to use more flexible naming for other servers in the
config file too, matching how I ssh to those servers normally.
|
|
I run a prosody transport server, to interact with legacy networks. Since
invites are disabled on this server, nginx doesn't run and so there's no need
to restart it in this case.
|
|
I no longer host forgejo, so there is no need for a dedicated command to update
the certs.
|
|
This is used for some of the services on fennell.dev, like munin, cgit and
snac.
|
|
It will only get out of date, especially the config section.
I can't see this project being useful for anyone but me, but if someone
contacts me saying they use this repo, I'll recreate the README to match what
questions they have. I don't think that's a likely scenario, though.
|
|
This gives a brief introduction to the goals of the project, and outlines the
config file format.
|
|
Different domains are managed by different identities both in deSEC and
letsencrypt. Therefore, we should store these per domain, instead of globally.
|
|
This project's initial purpose was to automatically renew certiricates across
multiple prosody servers. However, over time, it has been used with more
services, each with their own ad-hoc and custom installation scripts.
This commit replaces the install-for-prosody script with a more general script
that can handle multiple different kinds of services in the future.
|
|
This commit adds the initial structure / scaffolding on which the rest of the
project can be built.
The idea is to have an entry point written in python, which parses a toml file
which contains information about each domain, and general configuration of the
lego tool which will actually renew the certificates. Each domain has an
additional post-renew script, the path to which is given in the config file,
which is used to install the new certificates onto the remote hosts if
necessary.
|
