Skip to content
Snippets Groups Projects
Select Git revision
  • 390d6836cfd61db36c6d23cc23a168f140d1b40f
  • main default
  • qlearn-4
  • qlearning5
  • qlearn5
  • render
  • qlearn
  • ball
  • fire
  • player
10 results

fire.h

Blame
  • provision.sh 2.04 KiB
    # STEP 0
    sudo apt-get update
    
    # STEP 1 - install d'apache
    sudo apt-get -y install apache2
    
    # STEP2 - install d'openssl
    sudo apt-get install openssl
    
    # STEP3 - ssl certs (re)generation
    sudo mkdir -p /etc/apache2/ssl
    # vagrant ssh
    # >>> # man make-ssl-cert
    # >>> # sudo /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
    # >>> # /usr/share/ssl-cert/ssleay.cnf ->  System template to be enhanced
    # /etc/ssl/certs/ssl-cert-snakeoil.pem -> fourni par openssl
    # /etc/ssl/private/ssl-cert-snakeoil.key -> fourni par openssl
    sudo make-ssl-cert generate-default-snakeoil --force-overwrite # regenerate ssl cert
    
    # STEP4 - apache configuration
    # /etc/apache2/ports.conf -> to read nothing to change
    # port 443 /etc/apache2/sites-available/default-ssl.conf -> to read nothing to change
    # port 80 /etc/apache2/sites-available/000-default.conf -> to read nothing to change
    # a2 = apache2, en = enable, mod = module
    # <=> ln -s /etc/apache2/sites-available/000-default.conf  /etc/apache2/sites-enabled/000-default.conf
    sudo a2enmod ssl
    # a2 = apache2, en = enable, site = virtual host
    # <=> ln -s /etc/apache2/mods-available/ssl.conf  /etc/apache2/mods-enabled/ssl.conf
    # && ln -s /etc/apache2/mods-available/ssl.load  /etc/apache2/mods-enabled/ssl.load
    sudo a2ensite default-ssl
    sudo systemctl reload apache2.service
    
    # http://0.0.0.0:8443/ -> bad request (connect with http on https port)
    # https://0.0.0.0:8443/ -> NET::ERR_CERT_AUTHORITY_INVALID ->
    
    # STEP 5 - make host accessible with https only - 80 closed or forawarded
    # STEP 6 - generate cert with openssl bestpractice
    # STEP 7 - enhance apache secuirty configuration https://cipherli.st/
    # STEP 8 - signed cert with https://letsencrypt.org/
    # STEP 9 - nginx as reverse proxy / http router - nginx front serve listen 80
    # STEP 10 - nginx as reverse proxy / https router - nginx front serve listen 443 - configure cert ssl with nginx
    # STEP 11 - make host accessible with https only - 80 closed or forawarded + make apache unrachable from outside
    # STEP 12 - enhance nginx secuirty configuration https://cipherli.st/