Add README, move URLs to cacert.localhost

2020-12-20 15:28:19 +01:00 · 2020-12-20 15:28:19 +01:00 · c39be2c6c8
commit c39be2c6c8
parent 279dbcffbf
7 changed files with 85 additions and 46 deletions
--- a/docker/apache-foreground
+++ b/docker/apache-foreground
@ -4,15 +4,15 @@ set -eux
 # Apache gets grumpy about PID files pre-existing
 rm -f /run/apache2/apache2.pid

-cp /usr/local/etc/testca/certs/test.cacert.org.crt.pem /etc/ssl/certs/test.cacert.org.crt
-cp /usr/local/etc/testca/certs/test.cacert.org.key.pem /etc/ssl/private/test.cacert.org.pem
+cp /usr/local/etc/testca/certs/test.cacert.localhost.crt.pem /etc/ssl/certs/
+cp /usr/local/etc/testca/certs/test.cacert.localhost.key.pem /etc/ssl/private/
 (
  openssl x509 -in /usr/local/etc/testca/class3/ca.crt.pem
  openssl x509 -in /usr/local/etc/testca/root/ca.crt.pem
 ) >/etc/ssl/certs/combined.crt

-cp /usr/local/etc/testca/certs/secure.test.cacert.org.crt.pem /etc/ssl/certs/secure.crt
-cp /usr/local/etc/testca/certs/secure.test.cacert.org.key.pem /etc/ssl/private/secure_test_cacert_org.pem
+cp /usr/local/etc/testca/certs/secure.test.cacert.localhost.crt.pem /etc/ssl/certs/
+cp /usr/local/etc/testca/certs/secure.test.cacert.localhost.key.pem /etc/ssl/private/

 sed -i "s/@MYSQL_USERNAME@/$MYSQL_APP_USER/g; s/@MYSQL_PASSWORD@/$MYSQL_APP_PASSWORD/g" \
  /usr/local/etc/application/mysql.php
--- a/docker/apache-virtualhost.conf
+++ b/docker/apache-virtualhost.conf
@ -1,11 +1,11 @@
 <VirtualHost *:80>
-  ServerName test.cacert.org
-  ServerAlias www.test.cacert.org
+  ServerName test.cacert.localhost
+  ServerAlias www.test.cacert.localhost
  DocumentRoot /www/www

  ScriptAlias /cgi-bin/ /www/cgi-bin/
-  Redirect permanent /revoke.crl        http://crl.cacert.org/revoke.crl
-  Redirect permanent /class3-revoke.crl http://crl.cacert.org/class3-revoke.crl
+  Redirect permanent /revoke.crl        http://crl.cacert.localhost/revoke.crl
+  Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
  RewriteEngine On
  RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
  RewriteRule .* - [F]
@ -15,8 +15,8 @@
 </VirtualHost>

 <VirtualHost *:443>
-  ServerName test.cacert.org
-  ServerAlias www.test.cacert.org
+  ServerName test.cacert.localhost
+  ServerAlias www.test.cacert.localhost
  DocumentRoot /www/www

  SSLEngine on
@ -24,15 +24,15 @@
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
-  SSLCertificateFile /etc/ssl/certs/test.cacert.org.crt
-  SSLCertificateKeyFile /etc/ssl/private/test.cacert.org.pem
+  SSLCertificateFile /etc/ssl/certs/test.cacert.localhost.crt.pem
+  SSLCertificateKeyFile /etc/ssl/private/test.cacert.localhost.key.pem
  SSLCACertificateFile /etc/ssl/certs/combined.crt

  Header always set Strict-Transport-Security "max-age=31536000"

  ScriptAlias /cgi-bin/ /www/cgi-bin/
-  Redirect permanent /revoke.crl        http://crl.cacert.org/revoke.crl
-  Redirect permanent /class3-revoke.crl http://crl.cacert.org/class3-revoke.crl
+  Redirect permanent /revoke.crl        http://crl.cacert.localhost/revoke.crl
+  Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
  RewriteEngine On
  RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
  RewriteRule .* - [F]
@ -42,8 +42,7 @@
 </VirtualHost>

 <VirtualHost *:443>
-  ServerName secure.test.cacert.org
-  ServerAlias secure.test.cacert.org
+  ServerName secure.test.cacert.localhost
  DocumentRoot /www/www

  SSLEngine on
@ -51,20 +50,20 @@
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
-  SSLCertificateFile /etc/ssl/certs/secure.crt
-  SSLCertificateKeyFile /etc/ssl/private/secure_test_cacert_org.pem
+  SSLCertificateFile /etc/ssl/certs/secure.test.cacert.localhost.crt.pem
+  SSLCertificateKeyFile /etc/ssl/private/secure.test.cacert.localhost.key.pem
  SSLVerifyClient require
  SSLVerifyDepth 2
  SSLCACertificateFile /etc/ssl/certs/combined.crt
  #SSLCARevocationFile /etc/ssl/crls/cacert-combined.crl
  #SSLOCSPEnable on
-  #SSLOCSPDefaultResponder http://ocsp.cacert.org/
+  #SSLOCSPDefaultResponder http://ocsp.cacert.localhost/
  SSLOptions +StdEnvVars

  Header always set Strict-Transport-Security "max-age=31536000"

-  Redirect permanent /revoke.crl        http://crl.cacert.org/revoke.crl
-  Redirect permanent /class3-revoke.crl http://crl.cacert.org/class3-revoke.crl
+  Redirect permanent /revoke.crl        http://crl.cacert.localhost/revoke.crl
+  Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
  RewriteEngine On
  RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
  RewriteRule .* - [F]
--- a/docker/cacert.conf
+++ b/docker/cacert.conf
@ -2,8 +2,8 @@

 MaxRequestsPerChild	100

-ServerAdmin	support@cacert.org
-ServerName	cacert.org
+ServerAdmin	support@cacert.localhost
+ServerName	cacert.localhost

 Header always set X-Frame-Options "DENY"
 Header always set X-XSS-Protection "1; mode=block"
--- a/docker/mysql.php
+++ b/docker/mysql.php
@ -22,11 +22,11 @@ if ($_SESSION['mconn'] != FALSE)
    mysql_select_db("cacert");
    $_SESSION['mconn'] = TRUE;
 }
-$_SESSION['_config']['normalhostname'] = "test.cacert.org:8443";
-$_SESSION['_config']['securehostname'] = "secure.test.cacert.org:8443";
-$_SESSION['_config']['tverify'] = "tverify.cacert.org";
+$_SESSION['_config']['normalhostname'] = "test.cacert.localhost:8443";
+$_SESSION['_config']['securehostname'] = "secure.test.cacert.localhost:8443";
+$_SESSION['_config']['tverify'] = "tverify.cacert.localhost";

-function sendmail($to, $subject, $message, $from, $replyto = "", $toname = "", $fromname = "", $errorsto = "returns@cacert.org", $use_utf8 = true)
+function sendmail($to, $subject, $message, $from, $replyto = "", $toname = "", $fromname = "", $errorsto = "returns@cacert.localhost", $use_utf8 = true)
 {
    $lines = explode("\n", $message);
    $message = "";
@ -53,9 +53,9 @@ function sendmail($to, $subject, $message, $from, $replyto = "", $toname = "", $
        return;
    }
    $InputBuffer = fgets($smtp, 1024);
-    fputs($smtp, "EHLO test.cacert.org\r\n");
+    fputs($smtp, "EHLO test.cacert.localhost\r\n");
    $InputBuffer = fgets($smtp, 1024);
-    fputs($smtp, "MAIL FROM:<returns@cacert.org>\r\n");
+    fputs($smtp, "MAIL FROM:<returns@cacert.localhost>\r\n");
    $InputBuffer = fgets($smtp, 1024);
    $bits = explode(",", $to);
    foreach($bits as $user)
@ -63,7 +63,7 @@ function sendmail($to, $subject, $message, $from, $replyto = "", $toname = "", $
    $InputBuffer = fgets($smtp, 1024);
    fputs($smtp, "DATA\r\n");
    $InputBuffer = fgets($smtp, 1024);
-    fputs($smtp, "X-Mailer: CAcert.org Website\r\n");
+    fputs($smtp, "X-Mailer: CAcert.org Website (local development)\r\n");
    if (array_key_exists("REMOTE_ADDR", $_SERVER))
        fputs($smtp, "X-OriginatingIP: ".$_SERVER["REMOTE_ADDR"]."\r\n");
    fputs($smtp, "Sender: $errorsto\r\n");
--- a/docker/php5-cacert.ini
+++ b/docker/php5-cacert.ini
@ -8,7 +8,7 @@ memory_limit = 18M
 display_errors = Off
 log_errors = On
 error_log = /var/log/apache2/phperrors.log
-sendmail_path = "/usr/sbin/sendmail -t -i -freturns@cacert.org"
+sendmail_path = "/usr/sbin/sendmail -t -i -freturns@cacert.localhost"
 session.use_only_cookies = On
 session.cookie_secure = On
 error_reporting = E_ALL