[DRE-commits] [diaspora-installer] 02/03: allow skipping ssl/nginx configuration

Praveen Arimbrathodiyil praveen at moszumanska.debian.org
Wed May 6 14:19:42 UTC 2015 

This is an automated email from the git hooks/post-receive script.

praveen pushed a commit to branch master
in repository diaspora-installer.

commit 7485819ff1827d4c73bcb41fca8ecc3b50baf1e2
Author: Praveen Arimbrathodiyil <praveen at debian.org>
Date:   Wed May 6 19:48:48 2015 +0530

    allow skipping ssl/nginx configuration
---
 debian/diaspora-common.config    | 35 ++++++++++++++++++++++++--------
 debian/diaspora-common.templates | 43 +++++++++++++++++++++++-----------------
 rake-tasks.sh                    | 12 +++++++----
 set-env-nginx.sh                 |  9 ++++++---
 4 files changed, 66 insertions(+), 33 deletions(-)

diff --git a/debian/diaspora-common.config b/debian/diaspora-common.config
index 3c631ac..87168e7 100644
--- a/debian/diaspora-common.config
+++ b/debian/diaspora-common.config
@@ -6,23 +6,42 @@ set -e
 # source debconf stuff
 . /usr/share/debconf/confmodule
 
-# Introduce the package, explain defaults
-db_input high diaspora-common/intro || true
-db_go
 
 # What is your pod address?
 db_input high diaspora-common/url || true
 db_go
 
-# Configure pod address.
-db_get diaspora-common/url
+# Allow user to disable https for local testing
+db_input high diaspora-common/ssl || true
+db_go
 
-/usr/lib/diaspora-common/scripts/set-env-nginx.sh $RET
+# Get ssl choice
+db_get diaspora-common/ssl
+if [ "${RET}" = "true" ]; then
+	db_go    
+	# Configure pod address.
+	db_get diaspora-common/url
+	echo "SSL enabled, configuring nginx for ${RET}..."
+	/usr/lib/diaspora-common/scripts/set-env-nginx.sh ${RET}
+	db_go
+else
+	db_go
+	# Configure pod address.
+	db_get diaspora-common/url
+	echo "SSL disabled, skip nginx configuration for ${RET}..."
+	if ! test -f /etc/diaspora.conf
+        then
+		echo export SERVERNAME=${RET} >> /etc/diaspora.conf
+	        export SERVERNAME=${RET}
+	        echo export ENVIRONMENT_URL="http://$SERVERNAME:3000" >> /etc/diaspora.conf
+	fi
 
-if [ "$RET" = "false" ]; then
-    db_go
 fi
 
+# DB password can be left blank
+db_input high diaspora-common/dbpass || true
+db_go
+
 # source dbconfig-common shell library, and call the hook function
 if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then
    . /usr/share/dbconfig-common/dpkg/config.pgsql
diff --git a/debian/diaspora-common.templates b/debian/diaspora-common.templates
index 887751c..08084aa 100644
--- a/debian/diaspora-common.templates
+++ b/debian/diaspora-common.templates
@@ -1,21 +1,3 @@
-Template: diaspora-common/intro
-Type: note
-_Description: Notes
- You can leave the PostgreSQL application password blank, as the "ident"
- authentication method is used, allowing the diaspora user on the system
- to connect to the Diaspora database without a password.
- .
- Running Diaspora requires at least a self-signed SSL certificate, which
- can be generated using (for instance) the package easy-rsa.
- .
- But a self-signed certificate can only be used for local testing, other
- diaspora pods will not accept a self-signed certificate and this breaks
- federation (your pod will not be able to communicate with other pods).
- .
- startssl.com is the only certification authority that provide free SSL
- certificates that works with diaspora (CAcert provided certificates will
- not work).
-
 Template: diaspora-common/url
 Type: string
 Default: localhost
@@ -31,3 +13,28 @@ _Description: Host name for this instance of Diaspora:
  .
  This host name should not be modified after the initial setup because
  it is hard-coded in the database.
+
+Template: diaspora-common/dbpass
+Type: note
+_Description: PostgreSQL application password
+ You can leave the PostgreSQL application password blank, as the "ident"
+ authentication method is used, allowing the diaspora user on the system
+ to connect to the Diaspora database without a password.
+
+Template: diaspora-common/ssl
+Type: boolean
+Default: true
+_Description: Enable https?
+ If you enable https, you require at least a self-signed SSL certificate to
+ access this diaspora instance (as Nginx is configured to respond only to https
+ requests). Such a certificate (which can be generated using, for instance,
+ the package easy-rsa) is enough for local testing, but will not be accepted
+ for federation with other Diaspora pods.
+ .
+ You may also disable https if you want to access diaspora only locally, via
+ unicorn on port 3000. If you disable https, nginx configuration will be
+ skipped.
+ .
+ Some certificate authorities like StartSSL (startssl.com), WoSign
+ (buy.wosign.com/free) offer free SSL certificates that works with diaspora;
+ however, certificates provided by CAcert will not work with diaspora.
diff --git a/rake-tasks.sh b/rake-tasks.sh
index 36065ec..5a61e57 100755
--- a/rake-tasks.sh
+++ b/rake-tasks.sh
@@ -10,11 +10,15 @@ sudo -u diaspora  touch public/source.tar.gz
 echo "Starting diaspora service..."
 sudo -u diaspora -E nohup ./script/server &
 
-mkdir -p ${diaspora_ssl_path}
-echo "Copy $SERVERNAME-bundle.pem and $SERVERNAME.key to /etc/diaspora/ssl"
-echo "And reload nginx, run # /etc/init.d/nginx reload"
-echo "visit your pod at $ENVIRONMENT_URL"
+if grep https ${diaspora_conf}
+then 
+	mkdir -p ${diaspora_ssl_path}
+	echo "Copy $SERVERNAME-bundle.pem and $SERVERNAME.key to /etc/diaspora/ssl"
+	echo "And reload nginx, run # /etc/init.d/nginx reload"
+fi
+
 echo "To stop diaspora, run # /etc/init.d/diaspora stop"
 echo "To see the service status, run # /etc/init.d/diaspora status"
 echo "To start diaspora service, run # /etc/init.d/diaspora start"
 
+echo "Visit your pod at $ENVIRONMENT_URL"
diff --git a/set-env-nginx.sh b/set-env-nginx.sh
index 90c773b..200eff3 100755
--- a/set-env-nginx.sh
+++ b/set-env-nginx.sh
@@ -5,13 +5,16 @@ then
 	exit 1
 fi
 
+# Read configuration values
+. /etc/diaspora/diaspora-common.conf
+
 nginx_conf_example=/usr/share/doc/diaspora-common/nginx.conf.example
  
-if ! test -f /etc/diaspora.conf
+if ! test -f ${diaspora_conf}
 	then 
-		echo export SERVERNAME=$1 >> /etc/diaspora.conf
+		echo export SERVERNAME=$1 >> ${diaspora_conf}
 		export SERVERNAME=$1
-		echo export ENVIRONMENT_URL=https://$SERVERNAME >> /etc/diaspora.conf
+		echo export ENVIRONMENT_URL=https://$SERVERNAME >> ${diaspora_conf}
 		export ENVIRONMENT_URL=https://$SERVERNAME
 		if test -f ${nginx_conf_example}
 		then

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/diaspora-installer.git

More information about the Pkg-ruby-extras-commits mailing list