[Popcon-developers] Bug#865718: Bug#865718: popularity-contest: update links to https where possible
Paul Wise
pabs at debian.org
Sat Jul 22 12:32:53 UTC 2017
On Sat, 2017-07-22 at 13:59 +0200, Bill Allombert wrote:
> By the way, do you know how to setup popcon.debian.org so that
> https://popcon.debian.org work ?
Make sure that the popcon clients can submit via https and find out any
incompatibility issues with existing versions in the wild.
If there isn't one already, add some way of setting which certificates
directory popcon uses, since debian.org hosts are now submitting to
popcon and also debian.org hosts do not trust any CAs by default, just
the end service certs and most software in Debian cannot verify end
service certs directly any more so we have to pass the right directory
to https software.
https://wiki.debian.org/ServicesSSL
Add another line in the LE config:
https://anonscm.debian.org/cgit/mirror/letsencrypt-domains.git/tree/domains
Adjust the apache2 configuration to move most of the config to a macro
add a https vhost that uses the ssl macros. I assume for compatibility
you probably don't want to redirect http to https though?
/etc/apache2/conf-available/puppet-ssl-macros.conf
I think there might be some other things around public key pinning, so
it might be best for you to submit a ticket for this so that all the
necessary things get done.
https://wiki.debian.org/rt.debian.org
--
bye,
pabs
https://wiki.debian.org/PaulWise
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/popcon-developers/attachments/20170722/fd96a030/attachment.sig>
More information about the Popcon-developers
mailing list