Differences

This shows you the differences between two versions of the page.

--- evenements:log:20200606 [2020-06-06 21:03] – [Log] Lomanic
+++ evenements:log:20200606 [2020-06-06 22:30] – [Log] letsencrypt doc… to be continued Lomanic
@@ Line 50: / Line 50: @@
         server.document-root = "/var/www/fuz.re/presence/site"
                 $HTTP["url"] !~ "^/.well-known/acme-challenge/" {
-                        proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3000)) )
+                        proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3000)) ) # the nodejs server handles the HTTPS redirect by itself as historically ESP couldn't talk SSL (and Glitch doesn't auto-redirect), so was not redirecting /api
                 }
         }
@@ Line 62: / Line 62: @@
 }
 </code>''mkdir -p /var/www/fuz.re/presence/site''
-  * letsencrypt
+  * oh letsencrypt, what a nice WTF moment. You have to edit some random ''/etc/letsencrypt/autorenew.sh'' to include your new domain (and of course, this script is only manually called right?) while everything can be done inside certbot already (you can call commands after a successful renewal). For the curious as it's not documented anywhere (found this script almost by mistake in fact):<code>
-  * add ssl to vhost
+sudo letsencrypt certonly -n --agree-tos -d presence.fuz.re --webroot --webroot-path /var/www/fuz.re/presence/site/
-  * test
+sudo cat /etc/letsencrypt/live/presence.fuz.re/{privkey,cert}.pem | sudo tee /etc/lighttpd/certs/presence.fuz.re.pem >/dev/null
+</code>
+  * uncomment the SSL part in ''/etc/lighttpd/lighttpd.conf'' above
+  * http://presence.fuz.re -> https://presence.fuz.re everything looks OK (didn't test with an ESP but it would post a message in #toctoctoc), though there are many unsatisfactory things remaining (the lighttpd/frankenletsencrypt duo is maddening of course, but the presence-button-web code is bad in many ways), this will be for another day