10 년 전 · f2c41e77e9
--- a/beaglebone.txt
+++ b/beaglebone.txt
@@ -2629,22 +2629,24 @@ Create a self-signed certificate. The passphrase isn't important and will be rem
 
				 editor /usr/bin/makecert
			
 
				 #+END_SRC
			
 
				 
			
 
				-Enter the following:
			
 
				+Enter the following, changing the country code and location as needed:
			
 
				 
			
 
				 #+BEGIN_SRC: bash
			
 
				 #!/bin/bash
			
 
				 
			
 
				 HOSTNAME=$1
			
 
				-
			
 
				-openssl genrsa -des3 -out $HOSTNAME.key 1024
			
 
				-openssl req -new -x509 -nodes -days 3650 -key $HOSTNAME.key -out $HOSTNAME.crt
			
 
				-openssl rsa -in $HOSTNAME.key -out $HOSTNAME.new.key
			
 
				-cp $HOSTNAME.new.key $HOSTNAME.key
			
 
				-rm $HOSTNAME.new.key
			
 
				-cp $HOSTNAME.key /etc/ssl/private
			
 
				+COUNTRY_CODE="GB"
			
 
				+AREA="Greater Manchester"
			
 
				+LOCATION="Manchester"
			
 
				+ORGANISATION="Freedombone"
			
 
				+
			
 
				+openssl req \
			
 
				+  -x509 -nodes -days 3650 \
			
 
				+  -subj "/O=$ORGANISATION/C=$COUNTRY_CODE/ST=$AREA/L=$LOCATION/CN=$HOSTNAME" \
			
 
				+  -newkey rsa:1024 \
			
 
				+  -keyout /etc/ssl/private/$HOSTNAME.key \
			
 
				+  -out /etc/ssl/certs/$HOSTNAME.crt
			
 
				 chmod 400 /etc/ssl/private/$HOSTNAME.key
			
 
				-cp $HOSTNAME.crt /etc/ssl/certs
			
 
				-shred -zu $HOSTNAME.key $HOSTNAME.crt
			
 
				 /etc/init.d/nginx reload
			
 
				 #+END_SRC
			
 
				 
			
@@ -2655,8 +2657,6 @@ chmod +x /usr/bin/makecert
 
				 makecert $HOSTNAME
			
 
				 #+END_SRC
			
 
				 
			
 
				-Enter some trivial password for the key file, such as "password".  The password will be removed as part of the /makecert/ script which you just created.  Note that leaving a password on the key file would mean that after a power cycle the Apache server will not be able to boot properly (it would wait indefinitely for a password to be manually entered) and would look as if it had crashed.
			
 
				-
			
 
				 If all has gone well then there should be no warnings or errors after you run the service restart command.  After that you should enable ports 80 (HTTP) and 443 (HTTPS) on your internet router/firewall, such that they are redirected to the BBB.
			
 
				 
			
 
				 Also limit the amount of memory which any php scripts can use.
			
@@ -7189,6 +7189,7 @@ map $http_upgrade $connection_upgrade {
 
				 server {
			
 
				     listen 443 ssl;
			
 
				     server_name mysubsonicdomainname.com;
			
 
				+    index index.php;
			
 
				 
			
 
				     error_log  /var/www/mysubsonicdomainname.com/error.log debug;
			
 
				 
			
@@ -7225,11 +7226,11 @@ server {
 
				 
			
 
				 
			
 
				 server {
			
 
				-    listen   80;
			
 
				-    server_name FQDN;
			
 
				+    listen 443 ssl;
			
 
				+    server_name mysubsonicdomainname.com;
			
 
				     charset utf-8;
			
 
				 
			
 
				-    root PATH;
			
 
				+    root /var/www/mysubsonicdomainname.com/htdocs;
			
 
				     index index.php;
			
 
				 
			
 
				     if ( !-d $request_filename ) {
			
@@ -7284,7 +7285,7 @@ Save and exit.
 
				 #+BEGIN_SRC: bash
			
 
				 sed "s/mysubsonicdomainname.com/$HOSTNAME/g" /etc/nginx/sites-available/$HOSTNAME > /tmp/website
			
 
				 cp -f /tmp/website /etc/nginx/sites-available/$HOSTNAME
			
 
				-service nginx restart
			
 
				+/etc/init.d/nginx reload
			
 
				 #+END_SRC