Configure caddy to use external TLS certificates

3 files changed, 10 insertions, 0 deletions

diff --git a/install.sh b/install.sh
index ed87837..1821414 100755
--- a/install.sh
+++ b/install.sh
@@ -9,3 +9,5 @@ done
 for FILE in ${FILES}; do
 	ln -sf "/srv/www/sys/${FILE}" "/${FILE}"
 done
+
+usermod -aG acme caddy
diff --git a/sys/etc/caddy/Caddyfile b/sys/etc/caddy/Caddyfile
index 0ee6aa9..65adfc7 100644
--- a/sys/etc/caddy/Caddyfile
+++ b/sys/etc/caddy/Caddyfile
@@ -3,6 +3,8 @@
 }
 
 himbeerserver.de {
+	tls /etc/ssl/uacme/himbeerserver.de/cert.pem /etc/ssl/uacme/private/himbeerserver.de/key.pem {}
+
 	reverse_proxy /_matrix/* localhost:8008
 
 	root * /srv/www/static
@@ -50,10 +52,14 @@ himbeerserver.de {
 }
 
 www.himbeerserver.de {
+	tls /etc/ssl/uacme/himbeerserver.de/cert.pem /etc/ssl/uacme/private/himbeerserver.de/key.pem {}
+
 	redir {scheme}://himbeerserver.de{uri} permanent
 }
 
 git.himbeerserver.de {
+	tls /etc/ssl/uacme/himbeerserver.de/cert.pem /etc/ssl/uacme/private/himbeerserver.de/key.pem {}
+
 	root * /srv/www/static
 
 	@base {
diff --git a/uninstall.sh b/uninstall.sh
index b164ea0..63045a8 100755
--- a/uninstall.sh
+++ b/uninstall.sh
@@ -9,3 +9,5 @@ done
 for DIR in ${DIRS}; do
 	rm -r "${DIR}"
 done
+
+usermod -rG acme caddy