Differences
This shows you the differences between two versions of the page.
public:geminitoaster [2021/02/21 19:24] – created Nico | public:geminitoaster [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Installing vger on FreeBSD, using inetd and nginx ====== | ||
- | ===== Get the sources and compile 'em ===== | ||
- | |||
- | <code bash> | ||
- | $ git clone https:// | ||
- | $ cd vger | ||
- | $ make | ||
- | $ sudo make install | ||
- | </ | ||
- | |||
- | ===== Create a dedicated user ===== | ||
- | |||
- | Create a user with no shell and no password | ||
- | <code bash> | ||
- | # adduser | ||
- | Username: gemini | ||
- | Full name: gemini | ||
- | Uid (Leave empty for default): | ||
- | Login group [gemini]: | ||
- | Login group is gemini. Invite gemini into other groups? []: | ||
- | Login class [default]: | ||
- | Shell (sh csh tcsh bash rbash zsh rzsh git-shell nologin) [sh]: nologin | ||
- | Home directory [/ | ||
- | Home directory permissions (Leave empty for default): | ||
- | Use password-based authentication? | ||
- | Lock out the account after creation? [no]: | ||
- | Username | ||
- | Password | ||
- | Full Name : gemini | ||
- | Uid : 1015 | ||
- | Class : | ||
- | Groups | ||
- | Home : / | ||
- | Home Mode : | ||
- | Shell : / | ||
- | Locked | ||
- | OK? (yes/no): yes | ||
- | adduser: INFO: Successfully added (gemini) to the user database. | ||
- | Add another user? (yes/no): no | ||
- | Goodbye! | ||
- | </ | ||
- | |||
- | ===== Add a service ===== | ||
- | |||
- | inetd requires a defined service in / | ||
- | < | ||
- | echo " | ||
- | </ | ||
- | |||
- | ===== Activate and launch inetd ===== | ||
- | |||
- | * Add the following lines to / | ||
- | < | ||
- | gemini | ||
- | gemini | ||
- | </ | ||
- | |||
- | * Activate inetd either by issuing | ||
- | < | ||
- | # sysrc inetd_enable=" | ||
- | </ | ||
- | |||
- | or, if you use separate files: | ||
- | < | ||
- | # echo " | ||
- | </ | ||
- | |||
- | * Finaly, launch inetd: | ||
- | < | ||
- | # service inetd start | ||
- | </ | ||
- | |||
- | ===== Use nginx as a "TLS Proxy" ===== | ||
- | |||
- | * Compile the port with the stream module | ||
- | * Activate it in configuration file, and create a stream section at the same level as the http section used for your virtualhosts: | ||
- | |||
- | <code nginx> | ||
- | load_module / | ||
- | |||
- | stream { | ||
- | server { | ||
- | listen 1965 ssl; | ||
- | |||
- | ssl_certificate | ||
- | ssl_certificate_key / | ||
- | ssl_trusted_certificate / | ||
- | |||
- | proxy_pass 127.0.0.1: | ||
- | } | ||
- | } | ||
- | </ | ||
- | |||
- | ===== Usage ===== | ||
- | |||
- | vger's vhost parameter is set (-v), so we'll have to create one or more directories within gemini' | ||
- | |||
- | ===== Basic monitoring ===== | ||
- | |||
- | The following miniamlistic script can be used to check for capsule availability in Nagios/ | ||
- | |||
- | <code bash> | ||
- | #!/bin/sh | ||
- | TLS_CLIENT="/ | ||
- | |||
- | errorOutput=$(echo -n " | ||
- | errorCode=$? | ||
- | if [ $errorCode -gt 0 ] | ||
- | then | ||
- | echo " | ||
- | return 2 | ||
- | else | ||
- | echo "OK: capsule responding" | ||
- | return 0 | ||
- | fi | ||
- | </ | ||
- | |||
- | ===== Greetings ===== | ||
- | |||
- | Many many thanks to [[https:// |