From 0af84c42b22a7ca5e6a80e5417d80b94a36a3724 Mon Sep 17 00:00:00 2001 From: RuhNet Date: Thu, 21 Apr 2022 16:26:15 -0400 Subject: [PATCH] Changed LEAPI server cert file from tls_cert_path to tls_chain_path. --- README.md | 6 +++++- leapi_config.json | 2 +- main.go | 8 ++++---- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index ff5daba..40cc409 100644 --- a/README.md +++ b/README.md @@ -31,7 +31,11 @@ LEAPI operates in a multi-master configuration. When you add or delete a server - Download the LEAPI binary, or build from source. - Copy it to ```/opt/leapi``` - You may use the included SystemD service file if you use a SystemD based distribution. -- Edit the ```leapi_config.json``` file for your needs, leaving ```production``` set to ```false``` until setup is complete. Copy the config file to ```/opt/leapi``` or ```/etc```. +- Edit the ```leapi_config.json``` file for your needs, leaving ```production``` set to ```false``` until setup is complete. Note: if you enable HTTPS in the config file, LEAPI needs a certificate to be able to start (it requires the ```tls_chain_path``` and ```tls_key_path```. You can generate a temporary self signed certificate and key with openssl: +``` +openssl req -x509 -nodes -newkey rsa:4096 -keyout privkey.key -out cert.crt -sha256 -days 365 +``` +- Copy the config file to ```/opt/leapi``` or ```/etc```. - Install getssl ``` curl --silent https://raw.githubusercontent.com/srvrco/getssl/latest/getssl > /opt/leapi/getssl ; chmod 700 /opt/leapi/getssl diff --git a/leapi_config.json b/leapi_config.json index 30ba982..37fb63d 100644 --- a/leapi_config.json +++ b/leapi_config.json @@ -19,7 +19,7 @@ "reload_command":"systemctl reload leapi ; systemctl restart nginx", //needs to match on all servers "check_port":"443", //the port/service to check to verify cert installation (https/imap/imaps/xmpp/ftp/smtp) "production":false, //if false, the staging LE server will be used. Set true to use the rate limited real server. - "secret_key":"jEn-vQ832h^01j2rUq0jd-svji8ejf" + "secret_key":"SecReT_KeY-4API-AuThenTiCaTiON" } diff --git a/main.go b/main.go index e690301..6050e42 100644 --- a/main.go +++ b/main.go @@ -264,13 +264,13 @@ func main() { syncPort = leapiconf.HTTPS_ServerPort //certPair, err := tls.LoadX509KeyPair(leapiconf.TLSCertificateFile, leapiconf.TLSKeyFile) - if !fileExists(leapiconf.TLSCertFile) || !fileExists(leapiconf.TLSKeyFile) { + if !fileExists(leapiconf.TLSChainFile) || !fileExists(leapiconf.TLSKeyFile) { fmt.Println("Provided certificate and/or key file does not exist! Terminating.") log.Fatal("Provided certificate and/or key file does not exist! Terminating.") } //Create loader for cert files - kpr, err := NewKeypairReloader(leapiconf.TLSCertFile, leapiconf.TLSKeyFile) + kpr, err := NewKeypairReloader(leapiconf.TLSChainFile, leapiconf.TLSKeyFile) if err != nil { log.Fatal(err) } @@ -375,8 +375,8 @@ func NewKeypairReloader(certPath, keyPath string) (*keypairReloader, error) { c := make(chan os.Signal, 1) signal.Notify(c, syscall.SIGHUP) for range c { - log.Printf("Received SIGHUP, reloading TLS certificate and key from %q and %q", leapiconf.TLSCertFile, leapiconf.TLSKeyFile) - fmt.Printf("Received SIGHUP, reloading TLS certificate and key from %q and %q\n", leapiconf.TLSCertFile, leapiconf.TLSKeyFile) + log.Printf("Received SIGHUP, reloading TLS certificate and key from %q and %q", leapiconf.TLSChainFile, leapiconf.TLSKeyFile) + fmt.Printf("Received SIGHUP, reloading TLS certificate and key from %q and %q\n", leapiconf.TLSChainFile, leapiconf.TLSKeyFile) if err := result.maybeReload(); err != nil { log.Printf("Keeping old TLS certificate because the new one could not be loaded: %v", err) fmt.Printf("Keeping old TLS certificate because the new one could not be loaded: %v", err)