third-party-mirrors/EDDN
1
0
Fork 0
mirror of https://github.com/EDCD/EDDN.git synced 2025-04-28 14:12:13 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update docs and apache contrib file for 'no more TLS'

Browse Source
This commit is contained in:
Athanasius 2022-03-12 15:25:55 +00:00
parent 4b0898122d
commit e613767afa
No known key found for this signature in database
GPG Key ID: 8C392035DD80FD62
2 changed files with 10 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
contrib/apache-eddn.conf
View File

@ -151,15 +151,14 @@
</LimitExcept> </LimitExcept>
</LocationMatch> </LocationMatch>
<IfModule mod_proxy.c> <IfModule mod_proxy.c>
SSLProxyEngine On
SSLProxyVerify none
ProxyPreserveHost On ProxyPreserveHost On
ProxyRequests Off ProxyRequests Off
# Must be https, not http, as the Gateway process is <Location "/">
# expecting only https requests. # Yes, plain HTTP, as the Gateway process knows nothing of
ProxyPass "/" "https://127.0.0.1:8081/" # TLS.
ProxyPassReverse "/" "https://127.0.0.1:8081/" ProxyPass "http://127.0.0.1:8081/"
</Location>
</IfModule> </IfModule>
</VirtualHost> </VirtualHost>
</IfModule> </IfModule>

18
docs/Running-this-software.md
View File

@ -316,12 +316,6 @@ Default application configuration is in the file `src/eddn/conf/Settings.py`.
Do **not** change anything in this file, see below about overriding using Do **not** change anything in this file, see below about overriding using
another file. another file.
1. You will need to obtain a TLS certificate from, e.g. LetsEncrypt. The
application will need access to this and its private key file.
CERT_FILE = '/etc/letsencrypt/live/YOUROWN.eddn.edcd.io/fullchain.pem'
KEY_FILE = '/etc/letsencrypt/live/YOUROWN.eddn.edcd.io/privkey.pem'
1. Network configuration 1. Network configuration
1. `RELAY_HTTP_BIND_ADDRESS` and `RELAY_HTTP_PORT` define the IP and port 1. `RELAY_HTTP_BIND_ADDRESS` and `RELAY_HTTP_PORT` define the IP and port
on which the Relay listens for, e.g. `/stats/` requests. on which the Relay listens for, e.g. `/stats/` requests.
@ -384,7 +378,6 @@ There is an **example** of this in
[eddn-settings-overrides-EXAMPLE.json](./eddn-settings-overrides-EXAMPLE.json). [eddn-settings-overrides-EXAMPLE.json](./eddn-settings-overrides-EXAMPLE.json).
It sets: It sets:
1. The TLS CERT and KEY files.
1. The gateway to listen on `0.0.0.0` rather than localhost (necessary 1. The gateway to listen on `0.0.0.0` rather than localhost (necessary
when testing in a VM). when testing in a VM).
1. Configures the database connection and credentials. 1. Configures the database connection and credentials.
@ -533,14 +526,13 @@ proxying:
If using Apache on a Debian server then you need some ProxyPass directives: If using Apache on a Debian server then you need some ProxyPass directives:
<IfModule mod_proxy.c> <IfModule mod_proxy.c>
SSLProxyEngine On
SSLProxyVerify none
ProxyPreserveHost On ProxyPreserveHost On
ProxyRequests Off
# Pass through 'gateway' upload URL to Debian VM # Pass through anything with path prefix /eddn
ProxyPass "/eddn/upload/" "https://VM_HOST:8081/upload/" <Location "/eddn/">
# Pass through 'monitor' URLs to Debian VM ProxPass "http://127.0.0.1:8081/"
ProxyPass "/eddn/" "https://VM_HOST/" </Location>
</IfModule> </IfModule>
This assumes you don't have a dedicated virtual host in this case, hence the This assumes you don't have a dedicated virtual host in this case, hence the