Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Self-Signed SSL Instructions for Server-Side Requests #1253

Closed
wants to merge 10 commits into from

Conversation

sickcodes
Copy link

Documentation to assist with arbitrary self-signed SSL certificates and completely valid requests.

As seen in:
#920
#632
#182

liZe and others added 10 commits October 27, 2020 21:12
WOFF and WOFF2 formats are supported by FreeType, but for some reason Cairo
doesn’t include the fonts correctly.

WOFF(2) fonts already work on the branch where Cairo is not used anymore.

Fix Kozea#1237.
As Cairo has been upgraded on Windows and the new version breaks
tests. There’s also a random crash because of cairocffi. As these two problems
will be solved when Cairo is removed, we can just ignore them for now.
URLs used to be dedicated tokens in the CSS specification, but it’s now a
common function unless its value isn’t quoted.

tinycss2 1.1.0 includes this change, and WeasyPrint has to take care of these
two different tokens.
@liZe
Copy link
Member

liZe commented Nov 23, 2020

Thank you! We’ll merge this PR when the documentation is rewritten (see #1232).

@liZe liZe added the documentation Problems or improvements needed on the documentation or on the website label Feb 18, 2021
@liZe liZe mentioned this pull request Feb 18, 2021
@liZe liZe closed this in b71655b Mar 2, 2021
@sickcodes
Copy link
Author

sickcodes commented Sep 28, 2021

Just adding for future reference:

Server Side Requests & Self-Signed SSL Certificates
..........

If your server is requesting data from itself, you may encounter a self-signed
certificate error, even if you have a valid certificate.

You need to add yourself as a Certificate Authority, so that your self-signed
SSL certificates can be requested.

# if you have not yet created a certificate
sudo openssl req -x509 \
    -sha256 \
    -nodes \
    -newkey rsa:4096 \
    -days 365 \
    -keyout localhost.key \
    -out localhost.crt

sudo cp localhost.crt /etc/ssl/certs/localhost.crt
sudo cp localhost.key /etc/ssl/private/localhost.key

follow the prompts about your certificate and the domain name

openssl x509 -text -noout -in localhost.crt

Add your new self-signed SSL certificate to your nginx.conf, below the line:

server_name 123.123.123.123;

ssl_certificate /etc/ssl/certs/localhost.crt;
ssl_certificate_key /etc/ssl/private/localhost.key;

The SSL certificate will be valid when accessing your website from the internet.
However, images will not render when requesting files from the same server.

You will need to add your new self-signed certificates as trusted:

sudo cp /etc/ssl/certs/localhost.crt /usr/local/share/ca-certificates/localhost.crt
sudo cp /etc/ssl/private/localhost.key /usr/local/share/ca-certificates/localhost.key

Update the certificate authority trusted certificates
sudo update-ca-certificates

Export your newly updated Certificate Authority Bundle file.

If using django, it will use the newly signed certificate authority as valid images will load properly:

sudo tee -a /etc/environment <<< 'export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt'

reboot optional
reboot

@liZe
Copy link
Member

liZe commented Sep 30, 2021

For the record, the documentation has been included in this page.

@sickcodes
Copy link
Author

For the record, the documentation has been included in this page.

Thanks mate, I forgot the copy lines, one year ago (just came to renew the self signed one)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
documentation Problems or improvements needed on the documentation or on the website
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants