From bf8119a027a680c3f05714cbd2d38ed5c365f496 Mon Sep 17 00:00:00 2001 From: Collin J. Doering Date: Fri, 31 May 2024 10:19:07 -0400 Subject: balg02: Re-enable https (that was disabled in 4230616) - https was initially disabled as nginx failed to start due to a missing certificate - Worth noting that dhparam's were manually generated on balg02 --- .guix/guix-na/config/balg02.scm | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/.guix/guix-na/config/balg02.scm b/.guix/guix-na/config/balg02.scm index 7945465..371f514 100644 --- a/.guix/guix-na/config/balg02.scm +++ b/.guix/guix-na/config/balg02.scm @@ -225,7 +225,6 @@ PUBLISH-URL." "ssl_ciphers HIGH:!aNULL:!MD5;" "ssl_prefer_server_ciphers on;" - ;; TODO: these need to be generated ;; Use our own DH parameters created with: ;; openssl dhparam -out dhparams.pem 2048 ;; as suggested at . @@ -306,24 +305,25 @@ synonymous IETF language tags that should be mapped to the same $lang." "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;"))) ;; HTTPS servers - ;; (nginx-server-configuration - ;; (listen '("443 ssl")) - ;; (server-name '("cuirass.genenetwork.org")) - ;; (ssl-certificate (le "cuirass.genenetwork.org")) - ;; (ssl-certificate-key (le "cuirass.genenetwork.org" 'key)) - ;; (locations (balg02-locations %publish-url)) - ;; (raw-content - ;; (append - ;; %tls-settings - ;; (list - ;; "access_log /var/run/nginx/https.access.log;" - ;; "proxy_set_header X-Forwarded-Host $host;" - ;; "proxy_set_header X-Forwarded-Port $server_port;" - ;; "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" - ;; ;; For Cuirass admin interface authentication - ;; "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;" - ;; "ssl_verify_client optional;")))) - )) + (nginx-server-configuration + (listen '("443 ssl")) + (server-name '("cuirass.genenetwork.org")) + (ssl-certificate (le "cuirass.genenetwork.org")) + (ssl-certificate-key (le "cuirass.genenetwork.org" 'key)) + (locations (balg02-locations %publish-url)) + (raw-content + (append + %tls-settings + (list + "access_log /var/run/nginx/https.access.log;" + "proxy_set_header X-Forwarded-Host $host;" + "proxy_set_header X-Forwarded-Port $server_port;" + "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" + ;; TODO: + ;; For Cuirass admin interface authentication + ;; "ssl_client_certificate /etc/ssl-ca/certs/ca.crt;" + ;; "ssl_verify_client optional;" + )))))) (define %extra-content (list -- cgit v1.2.3