To set up a https webserver one needs a certificate, which has to be renewed periodically. How to automate this is explaind in the acme tutorial.
First of all, one needs to create the directory
where the web page lives.
For this, create the directory
/home/www/@PAGENAME@.
A symlink indicating domain and port is required
for tipidee,
replace @DOMAINNAME@
with the name of the domain the certificate is for.
The entire directory structure should belong to a user
specific to the webserver, here, www is proposed.
drwxr-x--- - www www /home/www lrwxrwxrwx - www www ├── @DOMAINNAME1@:443 -> @PAGENAME1@ lrwxrwxrwx - www www ├── @DOMAINNAME2@:443 -> @PAGENAME1@ lrwxrwxrwx - www www ├── @DOMAINNAME3@:443 -> @PAGENAME3@ drwxr-x--- - www www ├── @PAGENAME1@ drwxr-x--- - www www └── @PAGENAME3@
The web sites can then be create inside the
@PAGENAMEX@ directories.
Next, the system service for the
tipidee webserver needs to be created.
Create a
source directory
src/web/tipideed-https-ip4-srv
in the
system configuration directory.
tipideed-https-ip4-srv ├── dependencies.d │ ├── mount # empty/arbitrary │ └── networking # empty/arbitrary ├── notification-fd # 3 ├── producer-for # tipideed-http-ipv4-log ├── run # see below └── type # longrun
With the following run script:
#!/bin/execlineb -P fdmove -c 2 1 s6-envuidgid www export KEYFILE /etc/ssl/letsencrypt/domain.key export CERTFILE /etc/ssl/letsencrypt/signed_chain.crt export TLS_UID @UIDOFTLSUSER@ export TLS_GID @GIDOFTLSUSER@ execline-cd /home/www fdmove 1 3 s6-tlsserver -1 -U -K 30000 -- @YOURIP@ 443 tipideed
Do not forget to replace @UIDOFTLSUSER@
and GIDOFTLSUSER
with the UID and GID of the user tls from the
acme tutorial.
It can be found at /etc/passwd.
Also replace @YOURIP@
with the ip address of the server.
If desired repeat the process for IPv6,
the directory would then be
system/src/web/tipideed-https-ip6-srv
and producer-for
should contain tipideed-https-ip6-log.