This would copy the certificates from the let’s encrypt directory daily to the syncthing directory, overwriting existing files but without modifying file permissions.In the file, below the comments you can add the following cp cp /etc/letsencrypt/live//fullchain.pem /home/syncthing/.config/syncthing/https-cert.pem The file will be opened with some text editor, like nano.Type crontab -e to edit the crontab of the current user.You can get root either by typing in su or by prefixing the following command with sudo. Open a shell/terminal on the machine, preferably as root or any other user that definetly has access to all certificates inside of /etc/letsencrypt.Now, you only need to overwrite the files - overwriting existing files does not change their permissions. Upon the next start, syncthing will re-generate the https-key.pem and https-cert.pem files with the correct permissions (files are owned by user running syncthing).The easiest way to achieve this is by deleting the current files while syncthing is stopped. Make sure the permissions are correct, meaning the files are owned by the user running syncthing. Make sure syncthing has the https-key.pem and https-cert.pem files present in it’s home directory my commands assume the directory is /home/syncthing/.config/syncthing [that’s my setup).Okay, I will try to give some short tutorials on a few of your questions: Approach 1: Using a cronjob to manually copy the certificate But I can’t do this unless there is a clear, user-friendly, outcome-focused guide on how to do this. I would love to run nginx for the webUI, I use this approach for one of my other services. Would you be willing to share a generic copy of your cron job and some basic instructions (which user creates the cron job, what permissions need to be changed etc)? I am a n00b at linux. I needed a similar setup for another application anyway, so I just went with the cronjob.Īlso I should mention that setting up some (nginx) reverse proxy for https access may be the better solution anyway, since that may reduce attack surface and you don’t need the gui port accessible from the net. I assume that there are better ways to solve this (e.g by actually fixing the permissions), but I probably just didn’t care enough. Due to the fact that syncthing releases regular updates which perform auto-restart on install, it is usually not much of an issue. Also note that syncthing only reads the certificates at startup, so you need to restart syncthing at least every 2-3 months to avoid using outdated certificates. I had similar issues and I ended up creating a cronjob that copies the cert from /etc/letsencrypt to syncthing’s config directory from time to time.
0 Comments
Leave a Reply. |