這邊簡單紀錄一下rpi2上面架gogs + letsencrypt 簽證
gogs setup
-
adduser a
git
-
start once :
./gogs web
-
change
custom/conf/app.ini
, see: configuration_cheat_sheet[server] PROTOCOL = https DOMAIN = myhost.example.com HTTP_PORT = 3000 ROOT_URL = https://myhost.example.com:3000/ DISABLE_SSH = true ; Generate steps: ; $ ./gogs cert -ca=true -duration=8760h0m0s -host=myhost.example.com CERT_FILE = custom/https/cert.pem KEY_FILE = custom/https/key.pem [session] PROVIDER = memory ;less IO used
-
start by
./gogs web
. Or -
Adding Gogs to
init.d
-
download script
wget https://raw.githubusercontent.com/gogits/gogs/master/scripts/init/debian/gogs
-
Move the file to
/etc/init.d
and changeWORKINGDIR=/home/git/gogs
# move the files and update the system sudo mv /home/git/gogs.init /etc/init.d/gogs sudo chmod ug+x /etc/init.d/gogs sudo update-rc.d gogs defaults 30 70
- Test your setup by running
sudo service gogs start
and visiting the URL for your site (ex.git.example.com
)
letsencrypt setup
change following letsencrypt.tw
to your domain!
-
see letsencrypt.tw
-
mkdir /home/git/letsencrypt/ && cd /home/git/letsencrypt/
-
download
letsencrypt.sh
,config
,hook.sh
wget https://raw.githubusercontent.com/lukas2511/letsencrypt.sh/master/letsencrypt.sh wget https://raw.githubusercontent.com/lukas2511/letsencrypt.sh/master/docs/examples/config wget https://raw.githubusercontent.com/lukas2511/letsencrypt.sh/master/docs/examples/hook.sh
-
mkdir -p /home/git/letsencrypt/challenge/.well-known/acme-challenge
and editconfig
WELLKNOWN="/home/git/letsencrypt/challenge/.well-known/acme-challenge"
-
edit
domains.txt
, add your domain. -
start a simpe http file server with root dir at
/home/git/letsencrypt/challenge/
:package main import ( "fmt" "net/http" "flag" ) var port = flag.String("p", ":80", "bind port") var dir = flag.String("d", "./challenge", "bind dir") func main() { flag.Parse() http.Handle("/", http.FileServer(http.Dir(*dir))) err := http.ListenAndServe(*port, nil) if err != nil { fmt.Println(err) } }
-
exec
/home/git/letsencrypt/letsencrypt.sh -c -d letsencrypt.tw
should output some like this:# INFO: Using main config file /home/git/letsencrypt/config Processing letsencrypt.tw + Signing domains... + Generating private key... + Generating signing request... + Requesting challenge for letsencrypt.tw... + Responding to challenge for letsencrypt.tw... + Challenge is valid! + Requesting certificate... + Checking certificate... + Done! + Creating fullchain.pem... + Done!
-
renew by this add to cron:
0 0 * * * root sleep $((($RANDOM * 2 + $RANDOM) % 86400)); ( /home/git/letsencrypt/letsencrypt.sh -c -d letsencrypt.tw && /usr/sbin/service gogs restart )
-
add to gogs:
mkdir /home/git/gogs/custom/https/ && cd /home/git/gogs/custom/https/ ln-s /home/git/letsencrypt/certs/letsencrypt.tw/privkey.pem key.pem ln-s /home/git/letsencrypt/certs/letsencrypt.tw/fullchain.pem cert.pem
沒有留言:
張貼留言