diff options
author | Matt Rude <[email protected]> | 2019-08-16 09:49:50 +0000 |
---|---|---|
committer | Matt Rude <[email protected]> | 2019-08-16 09:49:50 +0000 |
commit | a00a0f17252d70e5eca17ec3092bddb7c2bd6051 (patch) | |
tree | 00d0cca053042a641c8cbe1e762aae9394ec6921 | |
download | build-wkd-website-a00a0f17252d70e5eca17ec3092bddb7c2bd6051.tar.gz build-wkd-website-a00a0f17252d70e5eca17ec3092bddb7c2bd6051.tar.bz2 build-wkd-website-a00a0f17252d70e5eca17ec3092bddb7c2bd6051.zip |
Starting out!
-rwxr-xr-x | build-sites.sh | 34 | ||||
-rw-r--r-- | lib/openpgpkey.example.com.conf | 50 | ||||
-rw-r--r-- | lib/openpgpkey_post-renewal-hook.sh | 3 | ||||
-rw-r--r-- | site/favicon.ico | bin | 0 -> 193 bytes | |||
-rw-r--r-- | site/index.html | 33 | ||||
-rw-r--r-- | site/robots.txt | 1 |
6 files changed, 121 insertions, 0 deletions
diff --git a/build-sites.sh b/build-sites.sh new file mode 100755 index 0000000..ecd9bc8 --- /dev/null +++ b/build-sites.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +if [ "${LOGNAME}" != "root" ]; then + echo "This script must be ran by the 'root' user, but was ran by the ${LOGNAME} instead." + exit 1 +fi + +############################################################################################### + +WWW="/var/www/openpgpkey" +/usr/bin/rsync -a /var/src/build-wkd-website/site/* /var/www/openpgpkey/ -q +cp /var/src/build-wkd-website/lib/openpgpkey_post-renewal-hook.sh /etc/letsencrypt/renewal-hooks/post/ +chmod 755 /etc/letsencrypt/renewal-hooks/post/openpgpkey_post-renewal-hook.sh +for Site in `find ${WWW}/.well-known/openpgpkey/ -maxdepth 1 -mindepth 1 -type d -print |awk -F/ '{print $NF}' |sort` +do + rm -f /etc/nginx/sites-enabled/openpgpkey.${Site}.conf + cp /var/src/build-wkd-website/lib/openpgpkey.example.com.conf /etc/nginx/sites-enabled/openpgpkey.${Site}.conf + sed -i "s/example.com/${Site}/g" /etc/nginx/sites-enabled/openpgpkey.${Site}.conf + if [ ! -f /etc/letsencrypt/live/openpgpkey.${Site}/privkey.pem ]; then + echo " - Creating certificate for openpgpkey.${Site}" + CertStatus=1 + /usr/sbin/nginx -s reload; sleep 3 + /usr/bin/letsencrypt certonly --post-hook /etc/letsencrypt/renewal-hooks/post/openpgpkey_post-renewal-hook.sh \ + --webroot -w ${WWW} -d openpgpkey.${Site} + CertStatus=${?} + if [ ${CertStatus} != 0 ]; then + echo " - Certificate not created for ${Site}" + else + sed -i "s/^#//g" /etc/nginx/sites-enabled/openpgpkey.${Site}.conf + fi + else + sed -i "s/^#//g" /etc/nginx/sites-enabled/openpgpkey.${Site}.conf + fi +done; /usr/sbin/nginx -s reload diff --git a/lib/openpgpkey.example.com.conf b/lib/openpgpkey.example.com.conf new file mode 100644 index 0000000..a328100 --- /dev/null +++ b/lib/openpgpkey.example.com.conf @@ -0,0 +1,50 @@ +##---------------------------------------------------------------------- +## openpgpkey.example.com +##---------------------------------------------------------------------- + +server { + listen 80; + listen [::]:80; + server_name openpgpkey.example.com; + + location '/.well-known/acme-challenge' { + default_type "text/plain"; + root /var/www/openpgpkey; + } + + location / { + return 301 https://openpgpkey.example.com$request_uri; + } +} + +#server { +# listen 443 ssl http2; +# listen [::]:443 ssl http2; +# server_name openpgpkey.example.com; +# root /var/www/openpgpkey; +# +# ssl_certificate /etc/letsencrypt/live/openpgpkey.example.com/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/openpgpkey.example.com/privkey.pem; +# ssl_stapling on; +# +# error_page 404 /index.html; +# +# location ~* \.(html|ico)$ { +# expires 60d; +# add_header Cache-Control "public, no-transform"; +# } +# +# location ^~ /.well-known/ { +# default_type "text/plain"; +# add_header 'Access-Control-Allow-Origin' '*' always; +# } +# +# location /keys { +# default_type "text/plain"; +# add_header Content-Type text/plain; +# } +# +# location ^~/.git { return 404; } +# location ^~/.gitignore { return 404; } +# location ^~/README.md { return 404; } +#} diff --git a/lib/openpgpkey_post-renewal-hook.sh b/lib/openpgpkey_post-renewal-hook.sh new file mode 100644 index 0000000..dfdcc30 --- /dev/null +++ b/lib/openpgpkey_post-renewal-hook.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +/usr/sbin/nginx -s reload diff --git a/site/favicon.ico b/site/favicon.ico Binary files differnew file mode 100644 index 0000000..38f9605 --- /dev/null +++ b/site/favicon.ico diff --git a/site/index.html b/site/index.html new file mode 100644 index 0000000..defb56b --- /dev/null +++ b/site/index.html @@ -0,0 +1,33 @@ +<!DOCTYPE html> +<html lang="en"> +<head> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> + <meta name="Description" content="This domains OpenPGP Web Key Directory Service informational site."> + <meta name="viewport" content="width=device-width, initial-scale=1"> + <title>OpenPGP Web Key Directory Service</title> + <link rel="shortcut icon" href="data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAGNJREFUeNpiYKAFYGFn9wfi+0D8H4pBbH9iNdsjaTwPxPuR+PbEGHAeqjgezUVgA4kxAKtCmEvQxZlwmPOB2PBiombI5yMFFiGcj80FAiTYJ0A1L4wagGrABxL0faBa+gEIMADz0iKXhglKDAAAAABJRU5ErkJggg=="/> + <style> + body { max-width: 900px; min-width: 350px; text-align: center; margin: auto; padding: 0 25px 25px; } + hr { margin-top: 20px; margin-bottom: 20px; border: 0; border-top: 1px solid #eee; height: 0; } + svg { fill: #3076b1; padding-top: 60px; padding-bottom: 20px; } + a { color: #3076b1; text-decoration: none; } + </style> +</head> +<body> + <svg width="100px" height="100px" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512" alt="Site Logo"><path d="m400,256l-248,0l0,-103.1c0,-39.6 31.7,-72.5 71.3,-72.9c40,-0.4 72.7,32.1 72.7,72l0,104l80,0l-0.33333,-104c0,-84 -68.16667,-152.3 -152.16667,-152c-84,0.3 -151.5,69.5 -151.5,153.5l0,102.5l-24,0c-26.5,0 -48,21.5 -48,48l0,160c0,26.5 21.5,48 48,48l352,0c26.5,0 48,-21.5 48,-48l0,-160c0,-26.5 -21.5,-48 -48,-48zm-136,152c0,22.1 -17.9,40 -40,40s-40,-17.9 -40,-40l0,-48c0,-22.1 17.9,-40 40,-40s40,17.9 40,40l0,48z"/></svg> + <h1>OpenPGP Web Key Directory Service</h1> + <hr /> + <p>This is the example.com OpenPGP Web Key Directory (WKD) service. WKD allows an outside user, using an appropriate email client, to discover and import, through authoritative channels, a future corresponds OpenPGP public key, without using outside servers. This server provides the <i>advanced method</i> of key discovery as described in the network working group specification <a href='https://tools.ietf.org/html/draft-koch-openpgp-webkey-service#section-3.1' target='_blank' rel='noopener'>§3.1 - Key Discovery</a>.</p> + <p>If you have an email address on the example.com domain, you may publish your public key via the <a href='https://tools.ietf.org/html/draft-koch-openpgp-webkey-service#section-4' target='_blank' rel='noopener'>WKD Update Protocol</a>, or by sending an unencrypted message to the submission-address; <b><code>[email protected]</code></b> with your public key as an attachment.</p> + <p>If you have already submitted your key, you may confirm its availability via the <a href='https://metacode.biz/openpgp/web-key-directory' target='_blank' rel='noopener'>WKD Checker</a> site.<br /><small><i>Please note, it may take up to <b>30 minutes</b>, after your key has been confirmed, before it is available to the public.</i></small></p> + <hr /> + <p>For more information on how to use this service, see the GnuPG wiki article <a href='https://wiki.gnupg.org/WKD' target='_blank' rel='noopener'>Web Key Directory (WKD)</a>. For information on building a service similar to this, see <a href='https://keyserver.mattrude.com/guides/web-key-directory/' target='_blank' rel='noopener'>Publishing A PGP Public Key via WKD</a>, GnuPG wiki article <a href='https://wiki.gnupg.org/WKS' target='_blank' rel='noopener'>Web Key Service (WKS)</a>, or the<br /><a href='https://tools.ietf.org/html/draft-koch-openpgp-webkey-service' target='_blank' rel='noopener'>OpenPGP WKD Network Working Group</a> specification.</p> + <hr /> + <p>This service is provided by <a href='mailto://[email protected]'>Matt Rude</a>.</p> + <script> + var currentDomain = document.domain; + document.body.innerHTML = document.body.innerHTML.replace(/example.com/g, currentDomain); + document.body.innerHTML = document.body.innerHTML.replace(/openpgpkey./g, ''); + </script> +</body> +</html> diff --git a/site/robots.txt b/site/robots.txt new file mode 100644 index 0000000..7d329b1 --- /dev/null +++ b/site/robots.txt @@ -0,0 +1 @@ +User-agent: * |