-
Notifications
You must be signed in to change notification settings - Fork 21
/
provider-setup.md
93 lines (69 loc) · 2.03 KB
/
provider-setup.md
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# Setup provider
The provider is meant to run as an CGI program in an nginx enviroment.
The following instructions are for an Debian 11 server setup.
```(shell)
apt-get install nginx fcgiwrap
cp /usr/share/doc/fcgiwrap/examples/nginx.conf /etc/nginx/fcgiwrap.conf
systemctl status fcgiwrap.servic
systemctl status fcgiwrap.socket
systemctl is-enabled fcgiwrap.service
systemctl is-enabled fcgiwrap.socket
```
```(shell)
cd /var/www
chgrp -R www-data .
chmod -R g+w .
```
Content of `/etc/nginx/fcgiwrap.conf`
```
# Include this file on your nginx.conf to support debian cgi-bin scripts using
# fcgiwrap
location /cgi-bin/ {
# Disable gzip (it makes scripts feel slower since they have to complete
# before getting gzipped)
gzip off;
# Set the root to /usr/lib (inside this location this means that we are
# giving access to the files under /usr/lib/cgi-bin)
root /usr/lib;
# Fastcgi socket
fastcgi_pass unix:/var/run/fcgiwrap.socket;
# Fastcgi parameters, include the standard ones
include /etc/nginx/fastcgi_params;
fastcgi_split_path_info ^(.+\.go)(.*)$;
# Adjust non standard parameters (SCRIPT_FILENAME)
fastcgi_param SCRIPT_FILENAME /usr/lib$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param CSAF_CONFIG /usr/lib/csaf/config.toml;
}
```
Add to `/etc/nginx/sites-enabled/default`:
```
server {
location / {
# Other config
# ...
# For atomic directory switches
disable_symlinks off;
# directory listings
autoindex on;
}
# enable CGI
include fcgiwrap.conf;
}
```
Place the binary under `/usr/lib/cgi-bin/csaf_provider.go`.
Make sure `/usr/lib/cgi-bin/` exists.
Create configuarion file under `/usr/lib/csaf/config.toml`:
```
# upload_signature = true
# key = "/usr/lib/csaf/public.asc"
key = "/usr/lib/csaf/private.asc"
#tlps = ["green", "red"]
domain = "http://192.168.56.102"
#no_passphrase = true
```
with suitable replacements.
Create the folders:
```(shell)
curl http://192.168.56.102/cgi-bin/csaf_provider.go/create
```