From aaa20d4c4cc3219c321e56124ed794f6a1083736 Mon Sep 17 00:00:00 2001 From: Christian MOMON Date: Thu, 18 Nov 2021 18:21:53 +0000 Subject: [PATCH] =?UTF-8?q?D=C3=A9placement=20des=20parties=20Pare-feu=20e?= =?UTF-8?q?t=20Serveur=20web=20dans=20la=20documentation=20de=20la=20machi?= =?UTF-8?q?ne.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 96 +------------------------------------------------------ 1 file changed, 1 insertion(+), 95 deletions(-) diff --git a/README.md b/README.md index 3907582..5d99bdf 100644 --- a/README.md +++ b/README.md @@ -2,101 +2,7 @@ Service d'audio-conférence de l'association Libre en communs. -Déployé sur la machine `audio.a-lec.org`. - -# Serveur web (installation élémentaire) -Installation d'un service nginx pour : -- la gestion des certificats SSL ; -- l'installation d'une page d'information sur comment se connecter au Mumble ; -- la possible installation d'un service client web pour Mumble ; -- l'éventuel déploiement de StatoolInfos ; -- … - -Ouvrir les ports http (80) et https (443) : -``` -ufw allow 'Nginx HTTP' -ufw allow 'Nginx HTTPS' -``` - -Installer les paquets : -``` -apt-get install nginx python3-certbot-nginx -``` - -Configurer a minima le site web dans `/etc/nginx/sites-available/audio.a-lec.org` : -``` -server -{ - listen 80; - listen [::]:80; - - server_name audio.a-lec.org; - - access_log /var/log/nginx/audio.a-lec.org-access.log; - error_log /var/log/nginx/audio.a-lec.org-error.log; -} -``` - -Activer la configuration : -``` -cd /etc/nginx/sites-enable/ -ln -s ../sites-available/audio.a-lec.org -``` - -Vérifier que c'est bon et recharger : -``` -nginx -t && systemctl reload nginx -``` - -Configurer le certificat SSl : -``` -certbot --nginx -``` - -Mettre beau le fichier `/etc/nginx/sites-enabled/audio.a-lec.org` : -``` -server -{ - listen 80; - listen [::]:80; - - server_name audio.a-lec.org; - - access_log /var/log/nginx/audio.a-lec.org-access.log; - error_log /var/log/nginx/audio.a-lec.org-error.log; - - return 302 https://$host$request_uri; -} - -server -{ - set_real_ip_from 192.169.1.1; - real_ip_header proxy_protocol; - listen [::]:443 ssl ipv6only=on; - listen 443 ssl; - - server_name audio.a-lec.org; - - access_log /var/log/nginx/audio.a-lec.org-access.log; - error_log /var/log/nginx/audio.a-lec.org-error.log; - - ssl_certificate /etc/letsencrypt/live/audio.a-lec.org/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/audio.a-lec.org/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - root /var/www/audio.a-lec.org; - location = / - { - index index.xhtml; - } -} -``` - -Vérifier que c'est bon et recharger : -``` -nginx -t && systemctl reload nginx -``` +Déployé sur la machine `audio.a-lec.org` (voir la documentation spécifique). # Site web