# SA homework4 ## wireguard 連到 judge * `wg-quick up judge` ## certificate * 開啟 /etc/ssl/openssl.cnf 的 `copy_extensions = copy (69行)` * 生成 request : `openssl req -new -key ca.key -out ca.req -addext 'subjectAltName=DNS:limaox.sa'` * vim web.ext ```ext # web certificate extensions file basicConstraints=CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always extendedKeyUsage = serverAuth keyUsage = digitalSignature,keyEncipherment ``` * crtificate : https://hackmd.io/wIKBTth5TpOTDgp42L99Mg * cat RootCA.crt ca.crt rootca.crt > CA.crt * 生成 .cer : `openssl ca -in ca.req -out web.cer -days 1024 -batch -rand_serial -extfile web.ext` * trust certificate : https://blog.socruel.nu/freebsd/how-to-install-private-CA-on-freebsd.html * check certificate: `openssl s_client -connect limaox.sa:443` ## nginx config * nginx.conf 位置 `sudo nginx -T | grep nginx:` * 更改 nginx.conf 的權限 `sudo chmod 777 /usr/local/etc/nginx/nginx.conf` * nginx.conf ``` nginx= #user nobody; worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; client_max_body_size 0; server { listen 80; server_name limaox.sa; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name limaox.sa; ssl_certificate /usr/home/limao/web.cer; ssl_certificate_key /usr/home/limao/ca.key; location / { proxy_pass http://localhost:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } } } ``` * 啟用: `sudo service nginx restart` ## Interface * 請切換到 bash * `export PATH="$HOME/.local/bin:$PATH"` > 如果有 poetry 但module 找不到 : > `curl -sSL https://install.python-poetry.org | python3 -` 1. `poetry shell` `poetry add pytest --dev` `poetry add fastapi`