From d4b9c073f5d735326f4b277e957dd760e20f1b72 Mon Sep 17 00:00:00 2001 From: INOPIAE Date: Mon, 20 Apr 2020 10:02:21 +0200 Subject: [PATCH] upd: adjust readme.md --- README.md | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/README.md b/README.md index 1181181..5d1390f 100644 --- a/README.md +++ b/README.md @@ -33,3 +33,56 @@ The database schema is automatically installed when the table "schema_version" d Within the motion content markdown can be used for formatting e.g. * To add a line break add two lines * to enter a link use `[text](https//domain.tld/link)` + +## Settings for nginx + +To control the access this map is used: + +``` +map "$host:$ssl_client_serial:$ssl_client_i_dn" $motion_user_role { +"host.domain.tld:serialnumber:/issuername" 'username/create:* vote:* cancel:* audit:*'; +... +default "/"; +} +``` + +example taken from motions.board.wpia.club: +``` +map "$host:$ssl_client_serial:$ssl_client_i_dn" $motion_user_role { +"motions.board.wpia.club:0a0000000a1234567890abcdef1234567890abcde:/CN=Orga 2019-2/O=TC InterimCA/OU=TC InterimCAs/C=AT" 'president/create:* vote:* cancel:* audit:*'; +... +default "/"; +} +``` + + +## configuration +``` +listen 0.0.0.0:443 ssl; +listen [::]:443 ssl; +server_name host.domain.tld; +gzip on; +ssl_certificate /etc/ssl/private/host.domain.tld.crt; +ssl_certificate_key /etc/ssl/private/host.domain.tld.key; + +ssl_client_certificate /etc/ssl/host.domain.tld.pem; +ssl_verify_client on; +ssl_verify_depth 4; +access_log /tmp/host.domain.tld.log motion-cert; + +location / { +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param PATH_INFO $document_uri; +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_NAME $host; +fastcgi_param SERVER_PORT '443'; +fastcgi_param SERVER_PROTOCOL 'https'; +fastcgi_param USER_ROLES $motion_user_role; +fastcgi_pass unix:/motion-socket/motion.fcgi; +} +``` -- 2.39.2