Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
ipgallery
/
devops
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Registry
Issues
0
Merge Requests
0
Wiki
Settings
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
657a80d2
authored
Apr 29, 2019
by
Adi Amir
Browse files
Options
_('Browse Files')
Download
Email Patches
Plain Diff
update knowledgebase
parent
7c7931e3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
122 additions
and
3 deletions
common/docs/knowledgeBase/certificate-maintenance.txt
common/docs/knowledgeBase/ipg-howto-backup-ipg-development.txt
common/docs/knowledgeBase/renew-certificate-for-archiva.txt
common/docs/knowledgeBase/certificate-maintenance.txt
0 → 100644
View file @
657a80d2
NOTES:
- The handling certificate renewal mechansim has changed!
Now, the domains (1.80 and safeyme.com) generates there own certificates using the
linuxserver/letsencrypt image.
currently, the mcx-front-emd.yml runs the "letsencrypt"
which runs the linuxserver/letsencrypt image.
- certificates are generated into /opt/mcz/config-letsencrypt/keys/letsencrypt
- nginx configuration file on domain machine:
/opt/mcz/config-letsencrypt/nginx/site-confs/default
- subdomain machines (such as 72 or 244) runs now an nginx image as "front-end"
config file: default.conf is located at: opt/mcx/config/front-end
- certificate location in nginx default file:
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/letsencrypt//keys/privkey.pem;
- install a certifcate on a sub-domain:
1. copy a valid crtificate directory as tar from 1.80 like:
example: scp root@172.16.1.80:/opt/mcz/config-letsencrypt.1803.tar.gz root@172.16.1.72/opt/mcz/
2. stop front-end
3. cd /opt/mcz
4. mv config-letsencrypt config-letsencrypt_last
5. tar xvf config-letsencrypt.1803.tar.gz
- nginx error logs
tailf /tmp/log/error.log
nginx access logs
tailf /tmp/log/access.log
- all sub-domain should run as front-end the nginx image:
example of ngin configuration in tml:
front-end:
image: nginx
environment:
OTP_SERVER: "ipgallery-mcz.com:8099"
KIBANA_SERVER: "elk:5601"
CAMERA_STREAM: "62.90.201.74:9081"
CAMERA_API: "62.90.201.74:9090"
PUBLIC_SAFETY_CAMERA: "24.172.188.211:16000"
TRANSPORTATION_SERVER: "transportation:50035"
PARKING_SERVER: "parking:50055"
PUBLIC_SAFETY_PORT_50005_TCP_ADDR: "public-safety"
PUBLIC_SAFETY_PORT_50005_TCP_PORT: "50005"
UI_API_PORT_8080_TCP_ADDR: "ui-api"
PUBLIC_SAFETY_IC_PORT_50004_TCP_ADDR: "public-safety-ic"
SRG_PORT_7681_TCP_ADDR: "srg"
SRG_PORT_7681_TCP_PORT: "7681"
ports:
- "443:443"
volumes:
- "/opt/mcz/config-letsencrypt/:/config"
- "/opt/mcx/config/front-end:/etc/nginx/conf.d"
- "/tmp/log:/var/log/nginx"
networks:
- backend
common/docs/knowledgeBase/ipg-howto-backup-ipg-development.txt
View file @
657a80d2
...
@@ -6,13 +6,13 @@ provide procedures to backup ipgallery dev environments.
...
@@ -6,13 +6,13 @@ provide procedures to backup ipgallery dev environments.
A. To copy dev materials rom different server(gitlab,jenkins,archiva) to file server
A. To copy dev materials
f
rom different server(gitlab,jenkins,archiva) to file server
====================================================================================
====================================================================================
1. enter host 1.30 (u:root, p:giptmgr)
1. enter host 1.30 (u:root, p:giptmgr)
2. goto /root/backup/
2. goto /root/backup/
3. run run_backup.sh
3. run run_backup.sh
this will copy all backup files from different server to file server (1.111).
this will copy all backup files from different server to file server (1.111).
A. To refresh certificate of archiva
C. To create gitlab backup file
C. To create gitlab backup file
===============================
===============================
1. enter municipalitybank.com
1. enter municipalitybank.com
...
@@ -26,7 +26,7 @@ B. To copy backup metrials from file server to external disk
...
@@ -26,7 +26,7 @@ B. To copy backup metrials from file server to external disk
1. connect your external disk to your laptop
1. connect your external disk to your laptop
1
. open fileZila and connect to file server 172.16.1.111
2
. open fileZila and connect to file server 172.16.1.111
- open fileZila
- open fileZila
- connect with the following credentials
- connect with the following credentials
host: 172.16.1.111
host: 172.16.1.111
...
...
common/docs/knowledgeBase/renew-certificate-for-archiva.txt
0 → 100644
View file @
657a80d2
renew-certificate-for-archiva.txt
objective
=========
in case the archiva's cerificate expires, you need to restart the stunnel-archiva docker
in order to read the updated certficate. since it doesn't happens automaticall.
both gitlab & archive uses the same certificate.
A. To restart stunnel-archiva
-----------------------------
1. verify that yiou have a valid certifcate by going into:
url: https://municipalitybank.com/
if no ssl issue occurs, the certifcate is valid.
if not valid, perform the section [B. To renew certiftcate]
2. login into municipalitybank.com
> ssh root@municipalitybank.com
passwd: giptmgrr
3. goto /mnt/volume-nyc1-01
> cd /mnt/volume-nyc1-01
4. restart the stunnel-archiva docker
> dc -f develop.yml stop stunnel-archiva
> dc -f develop.yml rm -f stunnel-archiva
> dc -f develop.yml up -d stunnel-archiva
5. check that you enter the archiva with no SSL issues.
url: https://municipalitybank.com:8081
done!
B. To renew gitlab & archive certifates
---------------------------------------
both components uses the same certificate located at:
/mnt/volume-nyc1-01/gitlab/letsencrypt/live/municipalitybank.com
1. login into municipalitybank.com
> ssh root@municipalitybank.com
passwd: giptmgrr
2. to renew the certificate run the following:
>/usr/bin/certbot renew --quiet --renew-hook "docker exec volumenyc101_gitlab_1 /usr/bin/gitlab-ctl restart nginx"
this also restarts the gitlab docker in order to refresh its certifate
you need to restart manually the stunnel-archiva as detailed in section A.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment