From 21657888e88215bc75ee683b832b72e3cc512dbb Mon Sep 17 00:00:00 2001 From: Max Pearl Date: Mon, 9 Mar 2020 12:15:24 -0700 Subject: [PATCH 1/6] Issue #60 - adding domains to logfiles. --- templates.d/nginx.conf.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/templates.d/nginx.conf.txt b/templates.d/nginx.conf.txt index dce8f8e..dd44da0 100644 --- a/templates.d/nginx.conf.txt +++ b/templates.d/nginx.conf.txt @@ -36,6 +36,12 @@ events { } http { + + # Set custom log status + log_format compression '$remote_user [$time_local] %DNS_DOMAIN%' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" '; + # nginx fails without large enough buckets (sigh) map_hash_bucket_size %NGINX_HASH_BUCKET_SIZE%; server_names_hash_bucket_size %NGINX_HASH_BUCKET_SIZE%; From 634275e6b09b3823e44ae825514bd8c70fd68365 Mon Sep 17 00:00:00 2001 From: Max Pearl Date: Tue, 10 Mar 2020 11:53:13 -0700 Subject: [PATCH 2/6] Moved custom log toward end of http block. --- templates.d/nginx.conf.txt | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/templates.d/nginx.conf.txt b/templates.d/nginx.conf.txt index dd44da0..a71fc0a 100644 --- a/templates.d/nginx.conf.txt +++ b/templates.d/nginx.conf.txt @@ -36,12 +36,6 @@ events { } http { - - # Set custom log status - log_format compression '$remote_user [$time_local] %DNS_DOMAIN%' - '"$request" $status $body_bytes_sent ' - '"$http_referer" "$http_user_agent" '; - # nginx fails without large enough buckets (sigh) map_hash_bucket_size %NGINX_HASH_BUCKET_SIZE%; server_names_hash_bucket_size %NGINX_HASH_BUCKET_SIZE%; @@ -698,6 +692,10 @@ http { # origin headers not debugged %%ENDIF + # Set custom log status + log_format compression '$remote_user [$time_local] %DNS_DOMAIN%' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" '; # header purge more_clear_headers "Age"; more_clear_headers "Server"; From 01348cb9e165a0a17ed44be6ea520e48d674dbd8 Mon Sep 17 00:00:00 2001 From: Max Pearl Date: Tue, 10 Mar 2020 12:12:18 -0700 Subject: [PATCH 3/6] adding %%BEGIN and %%END blocks --- templates.d/nginx.conf.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/templates.d/nginx.conf.txt b/templates.d/nginx.conf.txt index a71fc0a..41a8c24 100644 --- a/templates.d/nginx.conf.txt +++ b/templates.d/nginx.conf.txt @@ -692,10 +692,13 @@ http { # origin headers not debugged %%ENDIF + %%BEGIN # Set custom log status - log_format compression '$remote_user [$time_local] %DNS_DOMAIN%' + log_format compression '$remote_user [$time_local] "%DNS_DOMAIN%"' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" '; + %%END + # header purge more_clear_headers "Age"; more_clear_headers "Server"; From bfaa2337ce18f1d09be4e527304d9f309336e0e1 Mon Sep 17 00:00:00 2001 From: Max Pearl Date: Tue, 10 Mar 2020 12:15:43 -0700 Subject: [PATCH 4/6] removing extra quotes --- templates.d/nginx.conf.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates.d/nginx.conf.txt b/templates.d/nginx.conf.txt index 41a8c24..d962652 100644 --- a/templates.d/nginx.conf.txt +++ b/templates.d/nginx.conf.txt @@ -694,7 +694,7 @@ http { %%BEGIN # Set custom log status - log_format compression '$remote_user [$time_local] "%DNS_DOMAIN%"' + log_format compression '$remote_user [$time_local] %DNS_DOMAIN%' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" '; %%END From 0ca053a33b7ea49279d7e6f5c04580f82d147324 Mon Sep 17 00:00:00 2001 From: Max Pearl Date: Tue, 10 Mar 2020 12:17:26 -0700 Subject: [PATCH 5/6] adding space for log file --- templates.d/nginx.conf.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates.d/nginx.conf.txt b/templates.d/nginx.conf.txt index d962652..08d8da2 100644 --- a/templates.d/nginx.conf.txt +++ b/templates.d/nginx.conf.txt @@ -694,7 +694,7 @@ http { %%BEGIN # Set custom log status - log_format compression '$remote_user [$time_local] %DNS_DOMAIN%' + log_format compression '$remote_user [$time_local] %DNS_DOMAIN% ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" '; %%END From a1ef87e92b257b770ef99b1e8130ba2cb5c5aae1 Mon Sep 17 00:00:00 2001 From: Max Pearl Date: Thu, 15 Jul 2021 12:32:01 -0700 Subject: [PATCH 6/6] Tweaks in HOW-TO-INSTALL for HARICA. --- docs.d/HOW-TO-INSTALL.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs.d/HOW-TO-INSTALL.md b/docs.d/HOW-TO-INSTALL.md index e0430cd..86ebbb3 100644 --- a/docs.d/HOW-TO-INSTALL.md +++ b/docs.d/HOW-TO-INSTALL.md @@ -141,6 +141,7 @@ passphrase, and remember it, because you will need it soon. Also: make sure to download the `privateKey.pem` file that is offered, and keep it in a safe place. +If you manually create the CSR on the server, you'll use the 'onionaddress.key' file generated by openssl. ## You will need to prove ownership of the site, to the CA For example: HARICA will tell you that you need to post @@ -169,6 +170,8 @@ eotk config projectname.conf && eotk nxreload projectname ...to install the URL handlers. +HARICA has a process of validation which involves generating an onion-csr. You won't need to add anything to your configuration. + ### Optional: what if you have multiple Onion addresses? You can put multiple `path,value` strings into `ssl_proof_csv`, space-separated; @@ -225,7 +228,7 @@ There are two steps to installation: Step 1: copy the PEM Bundle file from HARICA, on top of `ONIONADDRESS.onion.cert` -Step 2: unlock and extract the private key, by doing: +Step 2: unlock and extract (or rename) the private key, by doing: `openssl ec -in privateKey.pem -out ONIONADDRESS.onion.pem` @@ -233,6 +236,9 @@ Step 2: unlock and extract the private key, by doing: if you chose to use RSA as the algorithm, you will need to use `openssl rsa ...` instead. +If you manually created the CSR, then rename the 'onionaddress.key' file +the CSR generated to 'onionaddress.onion.pem'. + Then: change directory back to the EOTK directory, and do `eotk nxreload projectname`, and test it.