bvdb's questions -server

bvdb

Asked: 2019-10-12 11:23:21 +0800 CST

give systemd service access to certificates in protected folder

2

I use certbot to generate certificate files. The certificate files are created in /etc/letsencrypt/live/.... The live folder is created by certbot and is only accessible to admins.

In the past, I then copied these files to the folder of my application, and that worked fine. But it felt wrong to copy the certificate files.

So, I am wondering if there is a possibility to leave the files where they are. I tried to put this in practice, but I am struggling to give my application access to the folder. I had no problems adjusting the paths, but it has no privileges to access the folder.

I am wondering how I can give my application access to the files.

The application is launched using a systemd configuration file. I originally had this systemd config:

[Unit]
Description=my-service
Documentation=http://documentation.domain.com
After=network.target

[Service]
Type=simple
TimeoutSec=0
User=ubuntu
ExecStart=/usr/bin/node /home/ubuntu/my-service/server.js
Restart=on-failure

[Install]
WantedBy=multi-user.target

I tried adding the following line, but it made no difference.

PermissionsStartOnly=true

bvdb

Asked: 2019-03-15 16:51:34 +0800 CST

Signed SSL Certificates for server without port 80/443

1

I am stuck with a security issue.

I registered my domain with amazon Route53, but the actual server is not hosted at Amazon at all. Instead it is hosted by a 3rd party, and only 2 ports are opened on this instance: port 22 (for SSH) and port 1337 (for websockets).

The application runs fine, but I need to enable HTTPS now for this server.

In the past I used the AWS loadbalancer to forward HTTPS to HTTP on a specific EC2 instance, and that works great, without having the need to actually create a certificate for the specific instance.

Unfortunately, I have the impression that I cannot use this approach now, because the server is hosted elsewhere, and the loadbalancer only works for AWS instances.

By contrast, I did configure a record to redirect the hostname to the IP address of the server, which works fine.

I decided to make the certificates myself. However, it appears that my self-signed certificates are blocked by chrome by default. So, instead I tried to use a CA. I tried this with LetsEncrypt, however it wasn't a success. The problem, is that LetsEncrypt wants to validate the hostname halfway through the installation, and it can only do this on port 80 it seems, which I do not have at my disposal.

Any ideas ?

bvdb

Asked: 2017-03-01 06:56:51 +0800 CST

What does regsvr32 do?

7

To register a DLL file on a windows server using regsvr32, do you first need to move the file to your system32 folder or is that actually done automatically once you call the regsvr32 command?

If I just drop a dll file on my desktop and register it there, can I just delete it after registration? What would happen after removing it?

In other words, how does the regsvr actually really work?

give systemd service access to certificates in protected folder

Signed SSL Certificates for server without port 80/443

What does regsvr32 do?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?