Software / code / prosody
Annotate
certs/GNUmakefile @ 13554:902d25cd0557
mod_s2s: Limit size of outgoing stanza queue
This queue is used to buffer stanzas while waiting for an outgoing s2s
connection to be established.
Limit it to prevent excessive memory usage.
Default chosen to approximate how many average stanzas fits in the
server_epoll default max_send_buffer_size of 32 MiB
Returns a custom error instead of the default core.stanza_router
"Communication with remote domains is not enabled" from is sent back,
which does not describe what is happening here.
Closes #1106
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 09 Nov 2024 16:47:14 +0100 |
| parent | 8592:bd4f8a2b72c7 |
| rev | line source |
|---|---|
|
5293
fe9215155453
prosodyctl, prosody.cfg.lua.dist, certs/Makefile: Use .crt as suffix for certificates everywhere (thanks jasperixla)
Kim Alvefur <zash@zash.se>
parents:
3714
diff
changeset
|
1 .DEFAULT: localhost.crt |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
2 keysize=2048 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
3 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
4 # How to: |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
5 # First, `make yourhost.cnf` which creates a openssl config file. |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
6 # Then edit this file and fill in the details you want it to have, |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
7 # and add or change hosts and components it should cover. |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
8 # Then `make yourhost.key` to create your private key, you can |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
9 # include keysize=number to change the size of the key. |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
10 # Then you can either `make yourhost.csr` to generate a certificate |
|
5293
fe9215155453
prosodyctl, prosody.cfg.lua.dist, certs/Makefile: Use .crt as suffix for certificates everywhere (thanks jasperixla)
Kim Alvefur <zash@zash.se>
parents:
3714
diff
changeset
|
11 # signing request that you can submit to a CA, or `make yourhost.crt` |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
12 # to generate a self signed certificate. |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
13 |
|
3703
5bca5f90286f
certs/Makefile: Add .PRECIOUS to stop make deleting the key as an intermediate file (thanks deryni/Zash)
Matthew Wild <mwild1@gmail.com>
parents:
3701
diff
changeset
|
14 .PRECIOUS: %.cnf %.key |
|
5bca5f90286f
certs/Makefile: Add .PRECIOUS to stop make deleting the key as an intermediate file (thanks deryni/Zash)
Matthew Wild <mwild1@gmail.com>
parents:
3701
diff
changeset
|
15 |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
16 # To request a cert |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
17 %.csr: %.cnf %.key |
|
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
18 openssl req -new -key $(lastword $^) \ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
19 -sha256 -utf8 -config $(firstword $^) -out $@ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
20 |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
21 %.csr: %.cnf |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
22 umask 0077 && touch $*.key |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
23 openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
24 -sha256 -utf8 -config $^ -out $@ |
|
7715
08989f8464b9
certs/Makefile: Remove more -c flags
Kim Alvefur <zash@zash.se>
parents:
7714
diff
changeset
|
25 @chmod 400 $*.key |
|
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
26 |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
27 %.csr: %.key |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
28 openssl req -new -key $^ -utf8 -subj /CN=$* -out $@ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
29 |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
30 %.csr: |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
31 umask 0077 && touch $*.key |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
32 openssl req -new -newkey rsa:$(keysize) -nodes -keyout $*.key \ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
33 -utf8 -subj /CN=$* -out $@ |
|
7715
08989f8464b9
certs/Makefile: Remove more -c flags
Kim Alvefur <zash@zash.se>
parents:
7714
diff
changeset
|
34 @chmod 400 $*.key |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
35 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
36 # Self signed |
|
5293
fe9215155453
prosodyctl, prosody.cfg.lua.dist, certs/Makefile: Use .crt as suffix for certificates everywhere (thanks jasperixla)
Kim Alvefur <zash@zash.se>
parents:
3714
diff
changeset
|
37 %.crt: %.cnf %.key |
|
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
38 openssl req -new -x509 -key $(lastword $^) -days 365 -sha256 -utf8 \ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
39 -config $(firstword $^) -out $@ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
40 |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
41 %.crt: %.cnf |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
42 umask 0077 && touch $*.key |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
43 openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
44 -days 365 -sha256 -utf8 -config $(firstword $^) -out $@ |
|
7715
08989f8464b9
certs/Makefile: Remove more -c flags
Kim Alvefur <zash@zash.se>
parents:
7714
diff
changeset
|
45 @chmod 400 $*.key |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
46 |
|
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
47 %.crt: %.key |
|
7035
085a286e2873
certs/Makefile: Fix generating cert from only a key (no config then)
Kim Alvefur <zash@zash.se>
parents:
7031
diff
changeset
|
48 openssl req -new -x509 -key $^ -days 365 -sha256 -utf8 -subj /CN=$* -out $@ |
|
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
49 |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
50 %.crt: |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
51 umask 0077 && touch $*.key |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
52 openssl req -new -x509 -newkey rsa:$(keysize) -nodes -keyout $*.key \ |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
53 -days 365 -sha256 -out $@ -utf8 -subj /CN=$* |
|
7715
08989f8464b9
certs/Makefile: Remove more -c flags
Kim Alvefur <zash@zash.se>
parents:
7714
diff
changeset
|
54 @chmod 400 $*.key |
|
7028
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
55 |
|
7d0ce5e6a6d3
certs/Makefile: Add targets for any combination of already existing config, key file
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
56 # Generate a config from the example |
|
3701
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
57 %.cnf: |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
58 sed 's,example\.com,$*,g' openssl.cnf > $@ |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
59 |
|
4f22615c8361
certs: Add a default OpenSSL configuration file, and a Makefile.
Kim Alvefur <zash@zash.se>
parents:
diff
changeset
|
60 %.key: |
|
7030
b5bc9f77f096
certs/Makefile: Run key generation with a stricter umask (fixes a race condition)
Kim Alvefur <zash@zash.se>
parents:
5293
diff
changeset
|
61 umask 0077 && openssl genrsa -out $@ $(keysize) |
|
7713
003ee2be2635
certs/Makefile: Remove -c flag to chmod, which appears to be a GNUism ... again (thanks waqas)
Kim Alvefur <zash@zash.se>
parents:
7030
diff
changeset
|
62 @chmod 400 $@ |
|
7194
1c55403d06c4
certs/Makefile: Add target for generating DH params
Kim Alvefur <zash@zash.se>
parents:
7035
diff
changeset
|
63 |
|
1c55403d06c4
certs/Makefile: Add target for generating DH params
Kim Alvefur <zash@zash.se>
parents:
7035
diff
changeset
|
64 # Generate Diffie-Hellman parameters |
|
1c55403d06c4
certs/Makefile: Add target for generating DH params
Kim Alvefur <zash@zash.se>
parents:
7035
diff
changeset
|
65 dh-%.pem: |
|
1c55403d06c4
certs/Makefile: Add target for generating DH params
Kim Alvefur <zash@zash.se>
parents:
7035
diff
changeset
|
66 openssl dhparam -out $@ $* |
