Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
ipgallery
/
devops
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Registry
Issues
0
Merge Requests
0
Wiki
Settings
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
4a099941
authored
Aug 15, 2019
by
Adi Amir
Browse files
Options
_('Browse Files')
Download
Email Patches
Plain Diff
update knowledgebase
parent
96ea2f1a
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
3 additions
and
49 deletions
common/docs/knowledgeBase/certificate-maintenance.txt → common/docs/knowledgeBase/how-to-renew-certificate.txt
common/docs/knowledgeBase/howto-update-letsencrypt-certficate.txt
common/docs/knowledgeBase/
certificate-maintenanc
e.txt
→
common/docs/knowledgeBase/
how-to-renew-certificat
e.txt
View file @
4a099941
...
@@ -38,6 +38,9 @@ NOTES:
...
@@ -38,6 +38,9 @@ NOTES:
To update certifcate on one of the subdomain machines (72 or 244)
To update certifcate on one of the subdomain machines (72 or 244)
=================================================================
=================================================================
note: not relevant for now, we don't have sub-domains !!!
1. make a tar from a valid config-letsencrypt directory in 1.80: config-letsencrypt.valid-20190616.tar.gz
1. make a tar from a valid config-letsencrypt directory in 1.80: config-letsencrypt.valid-20190616.tar.gz
1. copy a valid crtificate directory as A tar from 1.80.
1. copy a valid crtificate directory as A tar from 1.80.
...
...
common/docs/knowledgeBase/howto-update-letsencrypt-certficate.txt
deleted
100644 → 0
View file @
96ea2f1a
ipg-howto-update-letsencrypt-certficate.txt
Objective
=========
This document describes,
how to create a valid SSL certificate, using letsencrypt, on our development servers!
these updates are relevant to ipgallery-mcz.com domain only. hosts: 1.72, 1.80
A. To create a valid certifcate on ipgaley-mcz.com (1.80)
=========================================================
step 1
------
1. enter ipgallery-mcz.com: ssh root@172.16.1.80).
2. restart the front-end docker: ./sys-restart.sh mcx-frontend.yml front-end
the /opt/mcz/config-letsencrypt directory should be updated with a new valid certifcate.
browse to: https://ipgallery-mcz.com/control/app/ to verify that the website is working with a valid certificate
step 2 (on failure of step 1 only!)
-----------------------------------
if a valid certifcate was not created in step 1, do the following:
1. enter the front-end docker: 'docker exec -it <front-end container id> bash'
2. run: /app/le-renew.sh
the directory: /opt/mcz/config-letsencrypt should be updated with a valid certificate
browse to: https://ipgallery-mcz.com/control/app/ to verify that the website is working with a valid certificate
B. To update the developmnent server (1.72)
===========================================
1. verify that the cerificate on 1.80 is valid
(website: https://ipgallery-mcz.com/control/app/ should work without security warning)
2. enter 172.16.1.80 (ipgalley-mcz.com host)
3. goto mcz directory: cd /opt/mcz/
4. tar config-letsencrypt directory
tar cvfz config-letsencrypt.tar.gz config-letsencrypt
5. copy to host 1.72
scp config-letsencrypt.tar.gz root@172.16.1.72:/opt/mcz/
6. backup config-letsencrypt
mv /opt/mcz/config-letsencrypt /opt/mcz/config-letsencrypt.old
7. open tar
tar xvf config-letsencrypt.tar.gz
8. restore the nginx configuration file (default)
copy the config file from the backuped directory
- cd /opt/mcz/config-letsencrypt.old/nginx/site-confs
- cp /opt/mcz/config-letsencrypt.old/nginx/site-confs/default .
9. restart the front-end docker: ./sys-status.sh mcx-frontend.yml front-end
browse to: https://ipgallery-mcz.com:8072/control/app/ to verify that the website is working with a valid certificate.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment