====== Freigabe ins Internet ======

===== Zertifikate =====

  * Zertifikate kann man nur erhalten, wenn man einen DNS Namen hat, z.B. wolke.qg-moessingen.de. der Host muss auf Port 80 und Port 443 erreichbar sein.
  * Problem: Die IP-Adresse an einem Hausanschluss ändert sich gelegentlich.
  * Lösung: Ein "Dyndns" Provider, z.B. dynv6.com

{{ :faecher:informatik:pt2024:freigabe_ins_netz:ddclient.drawio.png |}}
==== DynDNS mit dynv6.com ====

  * https://dynv6.com/ öffnen und einen Host/Domainnamen wählen - gültige Mailadresse angeben.
  * Bestätigungsmail öffnen, Bestätigungslink anklicken
  * Melde dich bei dynv6.com an
  * Auf dem Nextcloud Server das Paket ddclient installieren: ''apt install ddclient''. Alle Rückfragen kann man zunächst bei der Installation mit Enter leer lassen und bestätigen.
  * Editiere die Datei ''/etc/ddclient.conf'':

<code>
ssl=yes
protocol=dyndns2 
use=web, web=ipify-ipv4 
server=dynv6.com
login=none 
password='DEIN_TOKEN_AUS_DEINEM_ACCOUNT'
DEINHOST.DEINE.DOMAIN
</code>

Anschließend kannst du die Funktion auf der Kommandozeile testen: 

''ddclient -daemon=0 -debug -verbose -noquiet -force''

und 

''ddclient -daemon=0 -debug -verbose -noquiet''

Wenn das klappt, kann man den ddclient-Daemon neu starten: ''systemctl restart ddclient.service'', mit ''journalctl -f -u ddclient'' kann man die Meldungen des Daemons im Log anschauen. 

==== Portweiterleitung am Router ====

  * Demo an den PT mit der Fritz Box der Schule.
  * Port 80 und 443 sollten an die interne IP-Adresse der Cloud weitergeleitet werden.


==== Zertifikat erhalten mit mod_md ====
 
  * Mod-MD Paket installieren: ''apt install libapache2-mod-md''
  * SSL und Mod--MD bei apache anschalten: ''a2enmod ssl md'' und ''systemctl restart apache2 
  * Nun muss man die Datei ''/etc/apache2/sites-enabled/000-default.conf'' anpassen, so dass sie wie unten aussieht - meinecloud.dns.army muss dabei alletrdings durch einen DynDNS Namen ersetzt werden. 
<code>

ServerName meinecloud.dns.army

MDomain meinecloud.dns.army
MDContactEmail certifica@ua25.de
MDCertificateAgreement accepted
MDPrivateKeys RSA 4096


<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /srv/nextcloud
	
	<Directory "/srv/nextcloud">
		AllowOverride all
		Require all granted
	</Directory>

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

<VirtualHost *:443>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /srv/nextcloud
	
	<Directory "/srv/nextcloud">
		AllowOverride all
		Require all granted
	</Directory>

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
	SSLEngine on
</VirtualHost>
</code>