Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
ipgallery
/
devops
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Registry
Issues
0
Merge Requests
0
Wiki
Settings
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
49b7a0ff
authored
Jun 19, 2019
by
Adi Amir
Browse files
Options
_('Browse Files')
Download
Email Patches
Plain Diff
update knowledgebase
parent
92eb52dc
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
55 additions
and
21 deletions
common/docs/knowledgeBase/certificate-maintenance.txt
common/docs/knowledgeBase/certificate-maintenance.txt
View file @
49b7a0ff
NOTES
:
OBJECTIVE
:
- The handling certificate renewal mechansim has changed!
- The handling certificate renewal mechansim has changed!
Now, the domains (1.80 and safeyme.com) generates there own certificates using the
Now, the domains: ipgallery-mcz.com(1.80) and safeyme.com generates there own certificates using the
linuxserver/letsencrypt image.
letsencrypt image (in letsencrypt.yml).
currently, the mcx-front-emd.yml runs the "letsencrypt"
which runs the linuxserver/letsencrypt image.
- certificates are generated into /opt/mcz/config-letsencrypt/keys/letsencrypt
- nginx configuration file on domain machine:
==========================================================================================
/opt/mcz/config-letsencrypt/nginx/site-confs/default
To re-generate a new valid certficate on one of the domains(safeyme.com/ipgallery-mcz.com)
==========================================================================================
- subdomain machines (such as 72 or 244) runs now an nginx image as "front-end"
1. login
config file: default.conf is located at: opt/mcx/config/front-end
> ssh root@ipgallery-mcz.com
- certificate location in nginx default file:
2. backup the current certtficate
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
>cd /opt/mcz
ssl_certificate_key /config/letsencrypt//keys/privkey.pem;
>tar czvf config-letsencrypt-20190616.tar.gz config-letsencrypt
3. stop the frontend
>dc -f mcx-frontend.yml stop
4. generate a new certifcate - run the docker: letsencrypt
>dc -f letsencrypt.yml up
Ctrl+C too stop !
5. restart the system
>./sys-down
>./sys-up
6. browse to: https://ipgallery-mcz.com/control/app/main/control.html
and verify that the sites is loaded without any certificate issue.
NOTES:
- Each renewal is valid for 3 months !!!
- Certificates are generated into /opt/mcz/config-letsencrypt/keys/letsencrypt
- nginx configuration file on domain machine: /opt/mcz/config-letsencrypt/nginx/site-confs/default
- install a certifcate on a sub-domain:
=================================================================
1. copy a valid crtificate directory as tar from 1.80 like:
To update certifcate on one of the subdomain machines (72 or 244)
example: scp root@172.16.1.80:/opt/mcz/config-letsencrypt.1803.tar.gz root@172.16.1.72/opt/mcz/
=================================================================
2. stop front-end
3. cd /opt/mcz
1. make a tar from a valid config-letsencrypt directory in 1.80: config-letsencrypt.valid-20190616.tar.gz
4. mv config-letsencrypt config-letsencrypt_last
5. tar xvf config-letsencrypt.1803.tar.gz
1. copy a valid crtificate directory as A tar from 1.80.
example: scp root@172.16.1.80:/opt/mcz/config-letsencrypt.valid-20190616.tar.gz root@172.16.1.72/opt/mcz/
2. stop front-end
>dc -f mcx-frontend.yml stop
3. open the new config-letsencrypt (copied from 1.80) under /opt/mcz
>cd /opt/mcz
>mv config-letsencrypt config-letsencrypt_last
>tar xvf config-letsencrypt.1803.tar.gz
- nginx error logs
- nginx error logs
tailf /tmp/log/error.log
tailf /tmp/log/error.log
nginx access logs
nginx access logs
tailf /tmp/log/access.log
tailf /tmp/log/access.log
https
NOTES:
- subdomain machines (such as 72 or 244) runs now an nginx image as "front-end"
config file: default.conf is located at: opt/mcx/config/front-end
- certificate location in nginx default file:
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/letsencrypt//keys/privkey.pem;
- all sub-domain should run as front-end the nginx image:
- all sub-domain should run as front-end the nginx image:
example of ngin configuration in tml:
example of ngin configuration in tml:
https
front-end:
front-end:
image: nginx
image: nginx
environment:
environment:
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment