Skip to content

Commit 33576ca

Browse files
fititntfititnt
committed
delta (#1), openresty (#16): HTTPS em tempo real funciona! :D
1 parent 639d94e commit 33576ca

File tree

1 file changed

+10
-32
lines changed

1 file changed

+10
-32
lines changed

diario-de-bordo/delta.sh

Lines changed: 10 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -183,14 +183,21 @@ sudo apt install luarocks
183183
# Instala o lua-resty-auto-ssl
184184
sudo luarocks install lua-resty-auto-ssl
185185

186-
$ sudo luarocks install lua-resty-auto-ssl
186+
## Específico para Ubuntu 18.04. Talvez se aplique a outros sistemas.
187+
# @see https://github.com/openssl/openssl/issues/7754#issuecomment-444063355
188+
# Caso ocorra erros ao usar o comando openssl seja para criar chave de fallback
189+
# ou o resty-auto-ssl:
190+
# "err: Can't load ./.rnd into RNG" pode ser necessário comentar a linha
191+
# que tenha 'RANDFILE' em /etc/ssl/openssl.cnf.
192+
# Você pode usar 'vim /etc/ssl/openssl.cnf' ou executar o comando seguinte uma vez
193+
sed -i '/RANDFILE/s/^/#/g' /etc/ssl/openssl.cnf
187194

188195
# Create /etc/resty-auto-ssl and make sure it's writable by whichever user your
189196
# nginx workers run as (in this example, "www-data").
190197
sudo mkdir /etc/resty-auto-ssl
191198
sudo chown www-data /etc/resty-auto-ssl
192-
193-
## TODO: rever permissões e usuário do NGinx/OpenResty em breve (fititnt, 2019-06-22 21:40 BRT)
199+
# Caso tenha problemas com permissão:
200+
# sudo chown www-data -R /etc/resty-auto-ssl
194201

195202
#### OpenResty + GUI/lua-resty-auto-ssl, configuração mínima ___________________
196203
# Edite o arquivo do NGinx para ficar conforme https://github.com/GUI/lua-resty-auto-ssl#installation
@@ -204,38 +211,9 @@ sudo openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
204211
-keyout /etc/ssl/resty-auto-ssl-fallback.key \
205212
-out /etc/ssl/resty-auto-ssl-fallback.crt
206213

207-
## root@aguia-pescadora-1:~# sudo openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
208-
## > -subj '/CN=sni-support-required-for-valid-ssl' \
209-
## > -keyout /etc/ssl/resty-auto-ssl-fallback.key \
210-
## > -out /etc/ssl/resty-auto-ssl-fallback.crt
211-
## Can't load /root/.rnd into RNG
212-
## 140384327201216:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
213-
214-
215214
# Reinicie o Openresty
216215
sudo systemctl status openresty
217216
sudo systemctl reload openresty
218217

219218
# Para ver erros
220219
tail -f /usr/local/openresty/nginx/logs/error.log
221-
222-
# Erros para tentativa de obter HTTPS para 173.249.10.99.nip.io
223-
224-
## /usr/local/bin/resty-auto-ssl/start_sockproc: line 55: kill: (21760) - No such process
225-
## 2019/06/23 01:50:14 [error] 22053#22053: *16 [lua] lets_encrypt.lua:41: issue_cert(): auto-ssl: dehydrated failed: env HOOK_SECRET=a6e7818677010e3a6addeae5a1b8aaebf65169bd31dd063e88bf3b69cb22b7d5 HOOK_SERVER_PORT=8999 /usr/local/bin/resty-auto-ssl/dehydrated --cron --accept-terms --no-lock --domain 173.249.10.99.nip.io --challenge http-01 --config /etc/resty-auto-ssl/letsencrypt/config --hook /usr/local/bin/resty-auto-ssl/letsencrypt_hooks status: 256 out: # INFO: Using main config file /etc/resty-auto-ssl/letsencrypt/config
226-
## + Generating account key...
227-
## + Registering account key with ACME server...
228-
## Processing 173.249.10.99.nip.io
229-
## + Signing domains...
230-
## + Creating new directory /etc/resty-auto-ssl/letsencrypt/certs/173.249.10.99.nip.io ...
231-
## + Creating chain cache directory /etc/resty-auto-ssl/letsencrypt/chains
232-
## + Generating private key...
233-
## + Generating signing request...
234-
## + Requesting authorization for 173.249.10.99.nip.io...
235-
## err: Can't load ./.rnd into RNG
236-
## 140690134127040:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=./.rnd
237-
## /usr/local/bin/resty-auto-ssl/dehydrated: line 693: /etc/resty-auto-ssl/letsencrypt/.acme-challenges/gKNgIbdZEGhq9iIhxRK6Hn8xe_kbMJwCKAgVDnxdk3o: Permission denied
238-
## , context: ssl_certificate_by_lua*, client: 201.21.106.135, server: 0.0.0.0:443
239-
## 2019/06/23 01:50:14 [error] 22053#22053: *16 [lua] ssl_certificate.lua:97: issue_cert(): auto-ssl: issuing new certificate failed: dehydrated failure, context: ssl_certificate_by_lua*, client: 201.21.106.135, server: 0.0.0.0:443
240-
## 2019/06/23 01:50:14 [error] 22053#22053: *16 [lua] ssl_certificate.lua:286: auto-ssl: could not get certificate for 173.249.10.99.nip.io - using fallback - failed to get or issue certificate, context: ssl_certificate_by_lua*, client: 201.21.106.135, server: 0.0.0.0:443
241-
## 2019/06/23 01:50:17 [error] 22053#22053: *18 [lua] lets_encrypt.lua:41: issue_cert(): auto-ssl: dehydrated failed: env HOOK_SECRET=a6e7818677010e3a6addeae5a1b8aaebf65169bd31dd063e88bf3b69cb22b7d5 HOOK_SERVER_PORT=8999 /usr/local/bin/resty-auto-ssl/dehydrated --cron --accept-terms --no-lock --domain 173.249.10.99.nip.io --challenge http-01 --config /etc/resty-auto-ssl/letsencrypt/config --hook /usr/local/bin/resty-auto-ssl/letsencrypt_hooks status: 256 out: # INFO: Using main config file /etc/resty-auto-ssl/letsencrypt/config

0 commit comments

Comments
 (0)