Skip to content

ipgallery / devops

Go to a project
Commit 4a099941 by Adi Amir
Options

update knowledgebase

parent 96ea2f1a
Inline Side-by-side
Showing with 3 additions and 49 deletions
common/docs/knowledgeBase/certificate-maintenance.txt common/docs/knowledgeBase/how-to-renew-certificate.txt
...@@ -38,6 +38,9 @@ NOTES: ...@@ -38,6 +38,9 @@ NOTES:
To update certifcate on one of the subdomain machines (72 or 244) To update certifcate on one of the subdomain machines (72 or 244)
================================================================= =================================================================
note: not relevant for now, we don't have sub-domains !!!
1. make a tar from a valid config-letsencrypt directory in 1.80: config-letsencrypt.valid-20190616.tar.gz 1. make a tar from a valid config-letsencrypt directory in 1.80: config-letsencrypt.valid-20190616.tar.gz
1. copy a valid crtificate directory as A tar from 1.80. 1. copy a valid crtificate directory as A tar from 1.80.
......
common/docs/knowledgeBase/howto-update-letsencrypt-certficate.txt deleted 100644 → 0
ipg-howto-update-letsencrypt-certficate.txt
Objective
=========
This document describes,
how to create a valid SSL certificate, using letsencrypt, on our development servers!
these updates are relevant to ipgallery-mcz.com domain only. hosts: 1.72, 1.80
A. To create a valid certifcate on ipgaley-mcz.com (1.80)
=========================================================
step 1
------
1. enter ipgallery-mcz.com: ssh root@172.16.1.80).
2. restart the front-end docker: ./sys-restart.sh mcx-frontend.yml front-end
the /opt/mcz/config-letsencrypt directory should be updated with a new valid certifcate.
browse to: https://ipgallery-mcz.com/control/app/ to verify that the website is working with a valid certificate
step 2 (on failure of step 1 only!)
-----------------------------------
if a valid certifcate was not created in step 1, do the following:
1. enter the front-end docker: 'docker exec -it <front-end container id> bash'
2. run: /app/le-renew.sh
the directory: /opt/mcz/config-letsencrypt should be updated with a valid certificate
browse to: https://ipgallery-mcz.com/control/app/ to verify that the website is working with a valid certificate
B. To update the developmnent server (1.72)
===========================================
1. verify that the cerificate on 1.80 is valid
(website: https://ipgallery-mcz.com/control/app/ should work without security warning)
2. enter 172.16.1.80 (ipgalley-mcz.com host)
3. goto mcz directory: cd /opt/mcz/
4. tar config-letsencrypt directory
tar cvfz config-letsencrypt.tar.gz config-letsencrypt
5. copy to host 1.72
scp config-letsencrypt.tar.gz root@172.16.1.72:/opt/mcz/
6. backup config-letsencrypt
mv /opt/mcz/config-letsencrypt /opt/mcz/config-letsencrypt.old
7. open tar
tar xvf config-letsencrypt.tar.gz
8. restore the nginx configuration file (default)
copy the config file from the backuped directory
- cd /opt/mcz/config-letsencrypt.old/nginx/site-confs
- cp /opt/mcz/config-letsencrypt.old/nginx/site-confs/default .
9. restart the front-end docker: ./sys-status.sh mcx-frontend.yml front-end
browse to: https://ipgallery-mcz.com:8072/control/app/ to verify that the website is working with a valid certificate.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment