| Age | Commit message (Collapse) | Author | Lines |
|
install.sh and renew-cert.sh had identical cert fetch/split code.
install.sh now delegates to renew-cert.sh, which in turn calls deploy.sh.
Flow: install.sh → renew-cert.sh → deploy.sh
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
Both hetzner-admin and vpn install.sh were calling docker compose
directly instead of going through their own deploy.sh, unlike mail
which already followed the correct pattern.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
Android (XREAL Beam Pro) can't validate the server cert because it lacks
the Let's Encrypt YE1 hierarchy in its system trust store. The fix:
- Serve YE1 cert at https://vpn.yyamashita.com/ca.pem via Caddy
- Android VPN profile: set CA certificate to this downloaded cert
- install.sh / renew-cert.sh now extract and copy YE1 to caddy dir
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
- swanctl.conf.tpl: send_cert = always (fix Android cert verification failure)
- docker-compose.yml: mount intermediate CAs to /etc/swanctl/x509ca/
- install.sh: split server.crt into leaf + chain for proper chain distribution
- entrypoint.sh: run charon directly for Docker log visibility,
fix sysctl error handling, fix charon binary path
- strongswan.conf: increase IKE log level to 4 for debugging
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
- vpn/: Dockerfile, docker-compose.yml, swanctl.conf.tpl, entrypoint.sh
- install.sh: Caddy 証明書流用 + コンテナ起動
- renew-cert.sh: 証明書更新 + swanctl ホットリロード
- caddy/Caddyfile: vpn.yyamashita.com 追加(Let's Encrypt 証明書取得用)
- post-receive: vpn/deploy.sh を追加
- setup-route53.py: WEB_SUBDOMAINS に vpn を追加
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|