ruhnet
/
leapi
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 2 Wiki Activity
Browse Source

Changed LEAPI server cert file from tls_cert_path to tls_chain_path.

master
Ruel Tmeizeh 4 years ago
parent
2982c43ca8
commit
0af84c42b2
3 changed files with 10 additions and 6 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +5
    -1
      README.md
  2. +1
    -1
      leapi_config.json
  3. +4
    -4
      main.go

+ 5
- 1
README.md View File

@ -31,7 +31,11 @@ LEAPI operates in a multi-master configuration. When you add or delete a server
- Download the LEAPI binary, or build from source.
- Copy it to ```/opt/leapi```
- You may use the included SystemD service file if you use a SystemD based distribution.
- Edit the ```leapi_config.json``` file for your needs, leaving ```production``` set to ```false``` until setup is complete. Copy the config file to ```/opt/leapi``` or ```/etc```.
- Edit the ```leapi_config.json``` file for your needs, leaving ```production``` set to ```false``` until setup is complete. Note: if you enable HTTPS in the config file, LEAPI needs a certificate to be able to start (it requires the ```tls_chain_path``` and ```tls_key_path```. You can generate a temporary self signed certificate and key with openssl:
```
openssl req -x509 -nodes -newkey rsa:4096 -keyout privkey.key -out cert.crt -sha256 -days 365
```
- Copy the config file to ```/opt/leapi``` or ```/etc```.
- Install getssl
```
curl --silent https://raw.githubusercontent.com/srvrco/getssl/latest/getssl > /opt/leapi/getssl ; chmod 700 /opt/leapi/getssl


+ 1
- 1
leapi_config.json View File

@ -19,7 +19,7 @@
"reload_command":"systemctl reload leapi ; systemctl restart nginx", //needs to match on all servers
"check_port":"443", //the port/service to check to verify cert installation (https/imap/imaps/xmpp/ftp/smtp)
"production":false, //if false, the staging LE server will be used. Set true to use the rate limited real server.
"secret_key":"jEn-vQ832h^01j2rUq0jd-svji8ejf"
"secret_key":"SecReT_KeY-4API-AuThenTiCaTiON"
}

+ 4
- 4
main.go View File

@ -264,13 +264,13 @@ func main() {
syncPort = leapiconf.HTTPS_ServerPort
//certPair, err := tls.LoadX509KeyPair(leapiconf.TLSCertificateFile, leapiconf.TLSKeyFile)
if !fileExists(leapiconf.TLSCertFile) || !fileExists(leapiconf.TLSKeyFile) {
if !fileExists(leapiconf.TLSChainFile) || !fileExists(leapiconf.TLSKeyFile) {
fmt.Println("Provided certificate and/or key file does not exist! Terminating.")
log.Fatal("Provided certificate and/or key file does not exist! Terminating.")
}
//Create loader for cert files
kpr, err := NewKeypairReloader(leapiconf.TLSCertFile, leapiconf.TLSKeyFile)
kpr, err := NewKeypairReloader(leapiconf.TLSChainFile, leapiconf.TLSKeyFile)
if err != nil {
log.Fatal(err)
}
@ -375,8 +375,8 @@ func NewKeypairReloader(certPath, keyPath string) (*keypairReloader, error) {
c := make(chan os.Signal, 1)
signal.Notify(c, syscall.SIGHUP)
for range c {
log.Printf("Received SIGHUP, reloading TLS certificate and key from %q and %q", leapiconf.TLSCertFile, leapiconf.TLSKeyFile)
fmt.Printf("Received SIGHUP, reloading TLS certificate and key from %q and %q\n", leapiconf.TLSCertFile, leapiconf.TLSKeyFile)
log.Printf("Received SIGHUP, reloading TLS certificate and key from %q and %q", leapiconf.TLSChainFile, leapiconf.TLSKeyFile)
fmt.Printf("Received SIGHUP, reloading TLS certificate and key from %q and %q\n", leapiconf.TLSChainFile, leapiconf.TLSKeyFile)
if err := result.maybeReload(); err != nil {
log.Printf("Keeping old TLS certificate because the new one could not be loaded: %v", err)
fmt.Printf("Keeping old TLS certificate because the new one could not be loaded: %v", err)


Write Preview
Loading…
Cancel
Save