These are a cause of worry because they are sometimes generated with
an invalid timestamp and therefore render unbound being unusable.
There is no strong reason to use self-signed certificates for extra
security here.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
etc/rc.d/helper/aws-setup
etc/rc.d/init.d/aws
etc/rc.d/init.d/firewall
etc/rc.d/helper/aws-setup
etc/rc.d/init.d/aws
etc/rc.d/init.d/firewall
etc/ssl/openssl.cnf
etc/sysctl.conf
etc/ssl/openssl.cnf
etc/sysctl.conf
+etc/unbound/unbound.conf
srv/web/ipfire/cgi-bin/proxy.cgi
usr/local/bin/xt_geoip_update
var/ipfire/ovpn/openssl/ovpn.cnf
srv/web/ipfire/cgi-bin/proxy.cgi
usr/local/bin/xt_geoip_update
var/ipfire/ovpn/openssl/ovpn.cnf
fi
/etc/init.d/sshd restart
/etc/init.d/apache restart
fi
/etc/init.d/sshd restart
/etc/init.d/apache restart
+/etc/init.d/unbound restart
# This update needs a reboot...
touch /var/run/need_reboot
# This update needs a reboot...
touch /var/run/need_reboot
remote-control:
control-enable: yes
remote-control:
control-enable: yes
control-interface: 127.0.0.1
control-interface: 127.0.0.1
- server-key-file: "/etc/unbound/unbound_server.key"
- server-cert-file: "/etc/unbound/unbound_server.pem"
- control-key-file: "/etc/unbound/unbound_control.key"
- control-cert-file: "/etc/unbound/unbound_control.pem"
# Import any local configurations
include: "/etc/unbound/local.d/*.conf"
# Import any local configurations
include: "/etc/unbound/local.d/*.conf"
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
- # Create control keys at first run
- if [ ! -r "/etc/unbound/unbound_control.key" ]; then
- unbound-control-setup -d /etc/unbound &>/dev/null
- fi
-
# Update configuration files
write_tuning_conf
write_forward_conf
# Update configuration files
write_tuning_conf
write_forward_conf