Merge pull request 'add let's encrypt support' (#3 ) from gnunux/dataset:issue/letsencrypt into main

Reviewed-on: https://cloud.silique.fr/gitea/risotto/dataset/pulls/3
Merge pull request 'update ldap and postgresql password' (#2 ) from gnunux/dataset:issue/update_password into main
2022-03-15 11:52:23 +00:00 · 2022-03-15 11:51:47 +00:00 · 2022-03-15 11:50:52 +00:00 · 2022-03-15 12:48:40 +01:00 · 2022-03-15 12:12:09 +01:00 · 2022-03-15 12:01:51 +01:00
28 changed files with 177 additions and 53 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+__pycache__
--- a/seed/applicationservice/2022.03.08/apache/dictionaries/20_web.xml
+++ b/seed/applicationservice/2022.03.08/apache/dictionaries/20_web.xml
@ -24,7 +24,7 @@
  <constraints>
    <fill name="get_chain">
      <param name="authority_cn" type="variable">revprox_client_server_domainname</param>
-      <param name="authority_name">ReverseProxy</param>
+      <param name="authority_name">InternalReverseProxy</param>
      <target>server_ca</target>
    </fill>
  </constraints>
--- a/seed/applicationservice/2022.03.08/apache/templates/server.crt
+++ b/seed/applicationservice/2022.03.08/apache/templates/server.crt
@ -1 +1 @@
-%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="ReverseProxy")
+%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy")
--- a/seed/applicationservice/2022.03.08/apache/templates/server.key
+++ b/seed/applicationservice/2022.03.08/apache/templates/server.key
@ -1 +1 @@
-%%get_private_key(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="ReverseProxy")
+%%get_private_key(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name="InternalReverseProxy")
--- a/seed/applicationservice/2022.03.08/base/funcs/funcs.py
+++ b/seed/applicationservice/2022.03.08/base/funcs/funcs.py
@ -6,8 +6,8 @@ from os.path import dirname as _dirname, abspath as _abspath, join as _join, isf
 from os import makedirs as _makedirs


-HERE = _dirname(_abspath(__main__.__file__))
-PASSWORD_DIR = _join(HERE, 'password')
+_HERE = _dirname(_abspath(__main__.__file__))
+_PASSWORD_DIR = _join(_HERE, 'password')


 def get_password(server_name: str, 
@ -56,7 +56,7 @@ def _set_password(server_name: str,
                  ) -> str:
    if not server_name or not username:
        return
-    dir_name = _join('password', server_name, description)
+    dir_name = _join(_PASSWORD_DIR, server_name, description)
    if not _isdir(dir_name):
        _makedirs(dir_name)
    file_name = _join(dir_name, username)
--- a/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml
+++ b/seed/applicationservice/2022.03.08/dovecot/dictionaries/22_dovecot.xml
@ -17,7 +17,7 @@
      <override/>
    </service>
    <service name="dovecot" target="multi-user">
-      <file file_type="variable" source="ca_ReverseProxy.crt">revprox_ca_file</file>
+      <file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
      <file engine="none" source="sysuser-dovecot.conf">/sysusers.d/1dovecot.conf</file>
      <file engine="none" source="tmpfile-dovecot.conf">/tmpfiles.d/0dovecot.conf</file>
      <file engine='none'>/etc/dovecot/conf.d/10-logging.conf</file>
@ -99,7 +99,7 @@
    </check>
    <fill name="calc_value">
      <param type="variable">tls_ca_directory</param>
-      <param>ca_ReverseProxy.crt</param>
+      <param>ca_InternalReverseProxy.crt</param>
      <param name="join">/</param>
      <target>revprox_ca_file</target>
    </fill>
--- a/seed/applicationservice/2022.03.08/dovecot/templates/ca_InternalReverseProxy.crt
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/ca_InternalReverseProxy.crt
@ -0,0 +1 @@
+%%get_chain(%%revprox_server_domainname, authority_name='InternalReverseProxy')
--- a/seed/applicationservice/2022.03.08/dovecot/templates/ca_ReverseProxy.crt
+++ b/seed/applicationservice/2022.03.08/dovecot/templates/ca_ReverseProxy.crt
@ -1 +0,0 @@
-%%get_chain(%%revprox_server_domainname, authority_name='ReverseProxy')
--- a/seed/applicationservice/2022.03.08/gitea/manual/image/preinstall/gitea.sh
+++ b/seed/applicationservice/2022.03.08/gitea/manual/image/preinstall/gitea.sh
@ -1 +1 @@
-PKG="$PKG git openssh-server"
+PKG="$PKG git"
--- a/seed/applicationservice/2022.03.08/letsencrypt/README.md
+++ b/seed/applicationservice/2022.03.08/letsencrypt/README.md
@ -0,0 +1,34 @@
+# Gestion Let's encrypt
+
+## Fonctionnement du service application
+
+Ce service gère le téléchargement et la mise à disposition des certificats Let's encrypt.
+
+Le certificat doit être disponible avant l'installation de la machine de destination.
+C'est pourquoi ce le certificat est téléchargement grâce au défi DNS-1.
+
+Il faut donc installer certbot + python3-certbot-dns-xxx (sur une Fedora), par exemple pour OVH "python3-certbot-dns-ovh".
+
+Attention, en utilisant ce service vous acceptez les conditions d'utilisation de Let's Encrypt !
+
+## Utiliser Let's encrypt dans une machine
+
+Dans applicationservice.yml ajouter la dépendance "letsencrypt".
+
+Sur la machine installer Certb
+
+## Configurer Let's encrypt
+
+```
+rougail.letsencrypt.domain_names": ["nom de domaine"],
+rougail.letsencrypt.authority_cn": {"0": "nom de domaine"},
+rougail.letsencrypt.authority_name": {"0": "NomAutorité"},
+rougail.letsencrypt.plugin_name": {"0": "ovh"},
+rougail.letsencrypt.credential_filename": {"0": "/home/user/ovh.ini"},
+rougail.letsencrypt.email": {"0": "gnunux@gnunux.info"}
+```
+
+## Exemple avec OVH
+
+Installation du greffon Certbot : https://certbot-dns-ovh.readthedocs.io/en/stable/
+Création d'une clef d'API : https://eu.api.ovh.com/createToken/
--- a/seed/applicationservice/2022.03.08/letsencrypt/applicationservice.yml
+++ b/seed/applicationservice/2022.03.08/letsencrypt/applicationservice.yml
@ -0,0 +1,4 @@
+format: '0.1'
+description: Let's encrypt
+depends:
+  - base-fedora-35
--- a/seed/applicationservice/2022.03.08/letsencrypt/dictionaries/20-letsencrypt.xml
+++ b/seed/applicationservice/2022.03.08/letsencrypt/dictionaries/20-letsencrypt.xml
@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<rougail version="0.10">
+  <variables>
+    <family name='letsencrypt' description="Défi DNS pour Let's encrypt" leadership="True">
+      <variable name="domain_names" type="domainname" description="Nom des domaines" multi="True"/>
+      <variable name="authority_cn" description="Nom de domaine de l'autorité" mandatory="True"/>
+      <variable name="authority_name" description="Nom de l'authorité" mandatory="True"/>
+      <variable name="plugin_name" type="string" description="Nom du greffon de mise à jour DNS du domaine" mandatory="True"/>
+      <variable name="credential_filename" type="filename" description="Nom du fichier de configuration du greffin" mandatory="True"/>
+      <variable name="email" type="mail" description="Courriel associé au certificat" mandatory="True"/>
+    </family>
+  </variables>
+  <constraints>
+    <check name="letsencrypt_certif">
+      <param type="variable">authority_cn</param>
+      <param type="variable">authority_name</param>
+      <param type="variable">plugin_name</param>
+      <param type="variable">credential_filename</param>
+      <param type="variable">email</param>
+      <target>domain_names</target>
+    </check>
+  </constraints>
+</rougail>
+
+
--- a/seed/applicationservice/2022.03.08/letsencrypt/funcs/letsencrypt.py
+++ b/seed/applicationservice/2022.03.08/letsencrypt/funcs/letsencrypt.py
@ -0,0 +1,75 @@
+import __main__
+from subprocess import run as _run
+from os.path import dirname as _dirname, abspath as _abspath, join as _join, isfile as _isfile, isdir as _isdir
+from datetime import datetime as _datetime
+from shutil import copyfile as _copyfile
+from os import makedirs as _makedirs
+
+
+
+_HERE = _dirname(_abspath(__main__.__file__))
+_LE_DIR = _join(_HERE, 'pki', 'letsencrypt')
+_X509_DIR = _join(_HERE, 'pki', 'x509')
+
+
+def letsencrypt_certif(domain: str,
+                       authority_cn: str,
+                       authority_name: str,
+                       plugin_name: str,
+                       credential_filename: str,
+                       email: str,
+                       ) -> None:
+    if None in (domain, authority_cn, authority_name, plugin_name, credential_filename, email):
+        return
+    date_file = _join(_LE_DIR, f'{domain}.date')
+    date = _datetime.now()
+    today = str(date.date())
+    if not _isfile(date_file):
+        letsencrypt_date = '0'
+    else:
+        with open(date_file, 'r') as fh:
+            letsencrypt_date = fh.read().strip()
+    if letsencrypt_date != today:
+        print(f"Obtain or renew Let's Encrypt certificate for {domain}...")
+        cli_args = ['certbot',
+                    'certonly',
+                    f'--dns-{plugin_name}',
+                    f'--dns-{plugin_name}-credentials',
+                    credential_filename,
+                    '-d',
+                    domain,
+                    '--quiet',
+                    '--config-dir', 
+                    f'{_LE_DIR}/{domain}/config',
+                    '--work-dir',
+                    f'{_LE_DIR}/{domain}/work',
+                    '--logs-dir',
+                    f'{_LE_DIR}/{domain}/logs',
+                    '--agree-tos',
+                    '-m',
+                    email,
+                    '--dns-ovh-propagation-seconds',
+                    '360',
+                    ]
+        ret = _run(cli_args, capture_output=True)
+        if ret.returncode != 0:
+            raise ValueError(ret.stderr)
+        print("Done")
+    with open(date_file, 'w') as fh:
+        fh.write(today)
+    rootdir = _join(_X509_DIR, f'{authority_name}+{authority_cn}')
+    chaindir = _join(rootdir, 'ca')
+    certdir = _join(rootdir, 'certificats', domain, 'server')
+    week_number = date.isocalendar().week
+    for dirname in (chaindir, certdir):
+        if not _isdir(dirname):
+            _makedirs(dirname)
+    _copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'chain.pem'),
+              _join(chaindir, f'certificate_{week_number}.crt'),
+              )
+    _copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'privkey.pem'),
+              _join(certdir, 'private.key'),
+              )
+    _copyfile(_join(_LE_DIR, domain, 'config/live', domain, 'fullchain.pem'),
+              _join(certdir, f'certificate_{week_number}.crt'),
+              )
--- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/dictionaries/25_nginx.xml
+++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/dictionaries/25_nginx.xml
@ -5,8 +5,7 @@
      <override engine="creole"/>
      <file source="nginx-options-rp.conf">/etc/nginx/conf.d/options-rp.conf</file>
      <file source="revprox-nginx.conf">/etc/nginx/conf.d/risotto.conf</file>
-      <file source="ca.crt" file_type="variable" mode="600">nginx_chain_filename</file>
-      <file>/etc/pki/ca-trust/source/anchors/ca_ReverseProxy.crt</file>
+      <file>/etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt</file>
      <file source="certificate.crt" file_type="variable" mode="600" variable="revprox_domainnames_all">nginx_certificate_filename</file>
      <file source="private.key" file_type="variable" mode="600" variable="revprox_domainnames_all">nginx_private_key_filename</file>
    </service>
@ -26,8 +25,6 @@
      <variable name="revprox_domainnames_all" type="domainname" description="Tous les noms de domaines" multi="True" hidden="True"/>
      <variable name='nginx_private_key_filename' type="filename" description="Private key filename" hidden='True' multi='True'/>
      <variable name='nginx_certificate_filename' type="filename" description="Certificate filename" hidden='True' multi='True'/>
-      <variable name='nginx_chain_filename' type="filename" description="Chain filename" hidden='True' multi='True'/>
-      <variable name='nginx_chain' type="string" description="Certificate" hidden='True' multi='True'/>
      <variable name='internal_nginx_chain' type="string" description="Certificate" hidden='True'/>
    </family>
  </variables>
@ -53,22 +50,9 @@
      <param name="multi" type="boolean">True</param>
      <target>nginx_private_key_filename</target>
    </fill>
-    <fill name="calc_value">
-      <param>/etc/nginx/</param>
-      <param type="variable">revprox_domainnames_all</param>
-      <param>.ca</param>
-      <param name="join"></param>
-      <param name="multi" type="boolean">True</param>
-      <target>nginx_chain_filename</target>
-    </fill>
-    <fill name="get_chain">
-      <param name="authority_cn" type="variable">revprox_domainnames_all</param> 
-      <param name="authority_name">ReverseProxy</param>
-      <target>nginx_chain</target>
-    </fill>
    <fill name="get_chain">
      <param name="authority_cn" type="variable">domain_name_eth0</param> 
-      <param name="authority_name">ReverseProxy</param>
+      <param name="authority_name">InternalReverseProxy</param>
      <target>internal_nginx_chain</target>
    </fill>
  </constraints>
--- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/ca_InternalReverseProxy.crt
+++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/ca_InternalReverseProxy.crt
--- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/certificate.crt
+++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/certificate.crt
@ -1,5 +1 @@
-%set %%extra_domainnames = []
-%for %%idx in %%range(1, %%number_of_interfaces)
-  %%extra_domainnames.append(%%getVar('domain_name_eth' + %%str(%%idx)))
-%end for
-%%get_certificate(%%domain_name_eth0, 'ReverseProxy', extra_domainnames=%%extra_domainnames)
+%%get_certificate(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='ReverseProxy')
--- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/private.key
+++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/private.key
@ -1 +1 @@
-%%get_private_key(%%domain_name_eth0, 'ReverseProxy')
+%%get_private_key(cn=%%rougail_variable, authority_cn=%%domain_name_eth0, authority_name='ReverseProxy')
--- a/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf
+++ b/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf
@ -6,13 +6,7 @@
 server {
    listen 80;
    server_name %%domainname;
-    error_page   403 404 502 503 504  /error.html;
-
-    location / {
-        rewrite     ^(.*)  https://$host$1 permanent;
-        break;
-    }
-# FIXME     return 301 https://www.domain.com$request_uri; => https://www.nginx.com/blog/creating-nginx-rewrite-rules/
+    return 301 https://www.domain.com$request_uri;
 }

 # Configuration HTTPS %%domainname
@ -20,7 +14,6 @@ server {
    listen 443 ssl http2;
    ssl_certificate    %%nginx_certificate_filename[%%idx];
    ssl_certificate_key     %%nginx_private_key_filename[%%idx];
-    ssl_client_certificate    %%nginx_chain_filename[%%idx];
    server_name %%domainname;
    error_page   403 404 502 503 504  /error.html;
    location = /error.html{
@ -44,7 +37,7 @@ server {
        proxy_set_header        X-Forwarded-Proto       $scheme;
        proxy_set_header        Destination             $dest;
  %end if
-        proxy_ssl_trusted_certificate /etc/pki/ca-trust/source/anchors/ca_ReverseProxy.crt;
+        proxy_ssl_trusted_certificate /etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt;
        proxy_ssl_verify       on;
        proxy_ssl_verify_depth 2;
        proxy_ssl_session_reuse on;
--- a/seed/applicationservice/2022.03.08/openldap-server/dictionaries/21_openldap-server.xml
+++ b/seed/applicationservice/2022.03.08/openldap-server/dictionaries/21_openldap-server.xml
@ -8,6 +8,7 @@
      <file owner="ldap" mode="400">/etc/pki/tls/private/openldap.key</file>
      <file owner="ldap">/var/lib/ldap/DB_CONFIG</file>
      <file>/secrets/users.ldif</file>
+      <file>/secrets/users_mod.ldif</file>
      <file>/secrets/config.ldif</file>
      <file>/secrets/config_acl.ldif</file>
      <file>/secrets/admin_ldap.pwd</file>
--- a/seed/applicationservice/2022.03.08/openldap-server/templates/slapd.service
+++ b/seed/applicationservice/2022.03.08/openldap-server/templates/slapd.service
@ -13,3 +13,4 @@ ExecStart=+/usr/sbin/slapd -u ldap -h ldaps:///
 #waiting for ldap server...
 ExecStartPost=/usr/bin/timeout 90 sh -c 'while ! 3<> /dev/tcp/localhost/%%ldap_port; do sleep 1; done'
 ExecStartPost=-/usr/bin/ldapmodify -D %%ldap_admin_dn -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/config_acl.ldif
+ExecStartPost=-/usr/bin/ldapmodify -D %%ldap_admin_dn -y /usr/local/lib/secrets/admin_ldap.pwd -v -f /usr/local/lib/secrets/users_mod.ldif
--- a/seed/applicationservice/2022.03.08/openldap-server/templates/users_mod.ldif
+++ b/seed/applicationservice/2022.03.08/openldap-server/templates/users_mod.ldif
@ -0,0 +1,9 @@
+# Remote
+%for %%remote in %%accounts.remotes
+ %set %%name = %%normalize_family(%%remote)
+dn: %%accounts['remote_' + %%name]['dn_' + %%name]
+changetype: modify
+replace: userPassword
+userPassword:: %%ssha_encode(%%accounts['remote_' + %%name]['password_' + %%name])
+
+%end for
--- a/seed/applicationservice/2022.03.08/postfix-relay/funcs/opendkim.py
+++ b/seed/applicationservice/2022.03.08/postfix-relay/funcs/opendkim.py
@ -10,12 +10,12 @@ def _eprint(*args, **kwargs):
 _dknewkey.eprint = _eprint


-HERE = _dirname(_abspath(__main__.__file__))
-DKIM_DIR = _join(HERE, 'pki/dkim')
+_HERE = _dirname(_abspath(__main__.__file__))
+_DKIM_DIR = _join(_HERE, 'pki/dkim')


 def get_dkim_key(domain_name_eth0, domain):
-    dkim_dir = _join(DKIM_DIR, domain_name_eth0, domain)
+    dkim_dir = _join(_DKIM_DIR, domain_name_eth0, domain)
    dkim_file_src = _join(dkim_dir, f'{domain}')
    dkim_file_key = _join(dkim_dir, f'{domain}.key')
    dkim_file = _join(dkim_dir, f'{domain}.dns')
--- a/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.sql
+++ b/seed/applicationservice/2022.03.08/postgresql-server/templates/postgresql.sql
@ -2,5 +2,6 @@
 %set %%name = %%normalize_family(%%server)
 CREATE DATABASE "%%name";
 CREATE ROLE "%%name" WITH LOGIN ENCRYPTED PASSWORD '%%accounts["remote_" + %%name]["password_" + %%name]';
+ALTER USER "%%name" PASSWORD '%%accounts["remote_" + %%name]["password_" + %%name]';
 GRANT ALL PRIVILEGES ON DATABASE "%%name" TO "%%name";
 %end for
--- a/seed/applicationservice/2022.03.08/reverse-proxy-client/dictionaries/20_nginx_client.xml
+++ b/seed/applicationservice/2022.03.08/reverse-proxy-client/dictionaries/20_nginx_client.xml
@ -2,7 +2,7 @@
 <rougail version="0.10">
  <services>
    <service name="nginx" manage="False">
-      <file file_type="variable" source="ca_ReverseProxy.crt">revprox_ca_file</file>
+      <file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
      <file file_type="variable" source="revprox.crt">revprox_cert_file</file>
      <file file_type="variable" source="revprox.key" owner_type="variable" owner="revprox_client_cert_owner" group_type="variable" group="revprox_client_cert_group" mode="400">revprox_key_file</file>
    </service>
@ -45,7 +45,7 @@
    </fill>
    <fill name="calc_value">
      <param type="variable">tls_ca_directory</param>
-      <param>ca_ReverseProxy.crt</param>
+      <param>ca_InternalReverseProxy.crt</param>
      <param name="join">/</param>
      <target>revprox_ca_file</target>
    </fill>
--- a/seed/applicationservice/2022.03.08/reverse-proxy-client/templates/ca_InternalReverseProxy.crt
+++ b/seed/applicationservice/2022.03.08/reverse-proxy-client/templates/ca_InternalReverseProxy.crt
@ -1 +1 @@
-%%get_chain(%%revprox_client_server_domainname, authority_name='ReverseProxy')
+%%get_chain(%%revprox_client_server_domainname, authority_name='InternalReverseProxy')
--- a/seed/applicationservice/2022.03.08/reverse-proxy-client/templates/revprox.crt
+++ b/seed/applicationservice/2022.03.08/reverse-proxy-client/templates/revprox.crt
@ -1,2 +1,2 @@
-%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name='ReverseProxy', type="server")
-%%get_chain(%%revprox_client_server_domainname, 'ReverseProxy')
+%%get_certificate(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name='InternalReverseProxy', type="server")
+%%get_chain(%%revprox_client_server_domainname, 'InternalReverseProxy')
--- a/seed/applicationservice/2022.03.08/reverse-proxy-client/templates/revprox.key
+++ b/seed/applicationservice/2022.03.08/reverse-proxy-client/templates/revprox.key
@ -1 +1 @@
-%%get_private_key(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name='ReverseProxy', type='server')
+%%get_private_key(%%domain_name_eth0, authority_cn=%%revprox_client_server_domainname, authority_name='InternalReverseProxy', type='server')
--- a/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml
+++ b/seed/applicationservice/2022.03.08/roundcube/dictionaries/31_roundcube.xml
@ -35,7 +35,7 @@
    <fill name="calc_oauth2_client_external">
      <param type="variable" optional="True">revprox_client_external_domainname</param>
      <param type="variable" optional="True">revprox_client_location</param>
-      <param>/index.php/login/oauth</param>
+      <param>index.php/login/oauth</param>
      <target>oauth2_client_login</target>
    </fill>
  </constraints>
Author	SHA1	Message	Date
gnunux@silique.fr	ac338c6067	Merge pull request 'add let's encrypt support' (#3 ) from gnunux/dataset:issue/letsencrypt into main Reviewed-on: https://cloud.silique.fr/gitea/risotto/dataset/pulls/3	2022-03-15 11:52:23 +00:00
gnunux@silique.fr	9f62fce115	Merge pull request 'update ldap and postgresql password' (#2 ) from gnunux/dataset:issue/update_password into main Reviewed-on: https://cloud.silique.fr/gitea/risotto/dataset/pulls/2	2022-03-15 11:51:47 +00:00
gnunux@silique.fr	bd964455ea	Merge pull request 'separate internal and external certificates from the reverse proxy' (#1 ) from gnunux/dataset:issue/reverseproxy_internal into main Reviewed-on: https://cloud.silique.fr/gitea/risotto/dataset/pulls/1	2022-03-15 11:50:52 +00:00
Emmanuel Garette	2f52e4f7f9	add let's encrypt support	2022-03-15 12:48:40 +01:00
Emmanuel Garette	fa7653dd14	update ldap and postgresql password	2022-03-15 12:12:09 +01:00
Emmanuel Garette	e7980db685	separate internal and external certificates from the reverse proxy	2022-03-15 12:01:51 +01:00
				`@ -0,0 +1 @@`
				`%%get_chain(%%revprox_server_domainname, authority_name='InternalReverseProxy')`
				`@ -1 +0,0 @@`
				`%%get_chain(%%revprox_server_domainname, authority_name='ReverseProxy')`