1,084
edits
FeministWiki:Technical documentation: Difference between revisions
FeministWiki:Technical documentation (view source)
Revision as of 21:15, 21 December 2019
, 21 December 2019→Custom repos
Technician (talk | contribs) |
Technician (talk | contribs) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 117: | Line 117: | ||
cat fullchain.pem privkey.pem > certbundle.pem | cat fullchain.pem privkey.pem > certbundle.pem | ||
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', | The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''' automatically. It stops Apache, runs the commands described above, and starts Apache again. This can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands. Note that the letsencrypt command may not work well on a "dumb" terminal such as an Emacs shell buffer. If in doubt, run it from within a proper terminal emulator. | ||
=== Readability of the key files === | |||
To ensure that processes running under unprivileged users can read key files, ensure that the users they run under are members of the <code>ssl-cert</code> group, which should have read access to the files in <code>/etc/letsencrypt/live/feministwiki.org</code>. | |||
== Ubuntu package repositories == | |||
Currently, FeministWiki runs on Ubuntu 16.04 LTS (Xenial), which has rather old Apache and PHP packages. We use the Ubuntu PPAs <code>ondrej/apache2</code> and <code>ondrej/php</code> to get newer versions. | |||
For F-Droid packages, we use the <code>fdroid/fdroidserver</code> Ubuntu PPA. | |||
== Services == | == Services == | ||