英文:
How do I access my TLS/HTTPS keys in order to start ListenAndServeTLS?
问题
我的服务器使用Let's Encrypt获取TLS证书以通过HTTPS提供服务。
我选择使用标准的net/http包而不是Apache或nginx,所以我使用了webroot安装方法,并将证书文件放在/etc/letsencrypt/live/mysite目录下。
问题是live目录只能由root用户访问。我的golang程序需要这个目录中的证书才能正常运行并通过HTTPS提供服务。
然而,出于明显的原因,我不会以root用户身份运行我的程序。
所以我想知道:如何在不永久以root用户不安全地运行我的Web服务器的情况下访问这些文件?
英文:
My server uses Let's Encrypt to get its TLS certificate to serve over HTTPS.
I'm electing to use the standard net/http package over Apache or nginx, so I used the webroot installation method, and it placed the cert files in /etc/letsencrypt/live/mysite.
The issue is that the live directory is only accessible by the root user. My golang program requires the certs in this directory to function and serve over HTTPS.
However for obvious reasons I'm not running my program as the root user.
So that leads me to wonder: how do I access these files without having to insecurely run my web server as root permanently?
答案1
得分: 2
你有几个选项:
sudo chown -R your-user /etc/letsencrypt/live/mysite
或者
sudo cp -a /etc/letsencrypt/live/mysite ./ssl/ && sudo chown -R your-user ./ssl/
或者
- 使用容器来运行你的应用程序,并将应用程序和证书复制到容器中,由于容器内部将以 root 用户身份运行,所以这不会有影响。
英文:
You have few options:
sudo chown -R your-user /etc/letsencrypt/live/mysite
Or
sudo cp -a /etc/letsencrypt/live/mysite ./ssl/ && sudo chown -R your-user ./ssl/
Or
- Use a container for your app and copy your app and the certs to it, and since it will be running as root inside the container, it won't matter.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论