-
Notifications
You must be signed in to change notification settings - Fork 48
Description
In case the certificate for the host are managed by dehydrated, it is required to change /etc/nginx/vhosts.d/rmt-server-http.conf to add the required include statement. This manual change of an rpm-owned file is bad. In case this rpm-owned file changes in the future, a manual merge is required. If for some reason the need for the merge is missed after package upgrade, nginx may fail to start - depending on what was changed in that rpm-owned file.
To avoid the need for such merge resolution, a change similar to this is needed to make rpm-server-config compatible with hosts that do use dehydrated, and to hosts which do not use dehydrated. A plain filename can not be used on hosts without dehydrated, therefore some glob pattern needs to be used:
--- /etc/nginx/vhosts.d/rmt-server-http.conf~
+++ /etc/nginx/vhosts.d/rmt-server-http.conf
@@ -6,6 +6,7 @@ server {
error_log /var/log/nginx/rmt_http_error.log;
root /usr/share/rmt/public;
+ include "[a]cme-challenge";
location / {
# RMT accepts registrations over HTTP and HTTPS by default.
# If you want to block registrations over HTTP, you can comment out the following try_files line to support HTTPS only.
There are certainly more changes required for full supprt, like (automatically?) creating the symlinks rmt-server.crt, rmt-server.csr and rmt-server.key to /etc/dehydrated/certs/$FQDN/*.