ES SSL - a proper way

Discussion topics related to mobile applications and ZoneMinder Event Server (including machine learning)
Post Reply
Pedulla
Posts: 167
Joined: Thu Nov 27, 2014 11:16 am
Location: Portland, Or

ES SSL - a proper way

Post by Pedulla »

I'm doing an ES server on a ZM server (both current stable versions) with NGINX and LE/certbot installed certificates.

I'm at the point where ES is complaining it can't see the certs and I know it's because www-data is not allowed to look there.
ES_CERT_FILE=/etc/letsencrypt/live/zm.ifc-pdx.com/fullchain.pem
ES_KEY_FILE=/etc/letsencrypt/live/zm.ifc-pdx.com/privkey.pem

LE locks down the certs pretty tightly.

Is there a clever way to allow ES access to those certs w/o a blanket www-data access to the LE directories?
Post Reply