Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
ipgallery
/
devops
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Registry
Issues
0
Merge Requests
0
Wiki
Settings
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
657a80d2
authored
Apr 29, 2019
by
Adi Amir
Browse files
Options
_('Browse Files')
Download
Email Patches
Plain Diff
update knowledgebase
parent
7c7931e3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
122 additions
and
3 deletions
common/docs/knowledgeBase/certificate-maintenance.txt
common/docs/knowledgeBase/ipg-howto-backup-ipg-development.txt
common/docs/knowledgeBase/renew-certificate-for-archiva.txt
common/docs/knowledgeBase/certificate-maintenance.txt
0 → 100644
View file @
657a80d2
NOTES:
- The handling certificate renewal mechansim has changed!
Now, the domains (1.80 and safeyme.com) generates there own certificates using the
linuxserver/letsencrypt image.
currently, the mcx-front-emd.yml runs the "letsencrypt"
which runs the linuxserver/letsencrypt image.
- certificates are generated into /opt/mcz/config-letsencrypt/keys/letsencrypt
- nginx configuration file on domain machine:
/opt/mcz/config-letsencrypt/nginx/site-confs/default
- subdomain machines (such as 72 or 244) runs now an nginx image as "front-end"
config file: default.conf is located at: opt/mcx/config/front-end
- certificate location in nginx default file:
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/letsencrypt//keys/privkey.pem;
- install a certifcate on a sub-domain:
1. copy a valid crtificate directory as tar from 1.80 like:
example: scp root@172.16.1.80:/opt/mcz/config-letsencrypt.1803.tar.gz root@172.16.1.72/opt/mcz/
2. stop front-end
3. cd /opt/mcz
4. mv config-letsencrypt config-letsencrypt_last
5. tar xvf config-letsencrypt.1803.tar.gz
- nginx error logs
tailf /tmp/log/error.log
nginx access logs
tailf /tmp/log/access.log
- all sub-domain should run as front-end the nginx image:
example of ngin configuration in tml:
front-end:
image: nginx
environment:
OTP_SERVER: "ipgallery-mcz.com:8099"
KIBANA_SERVER: "elk:5601"
CAMERA_STREAM: "62.90.201.74:9081"
CAMERA_API: "62.90.201.74:9090"
PUBLIC_SAFETY_CAMERA: "24.172.188.211:16000"
TRANSPORTATION_SERVER: "transportation:50035"
PARKING_SERVER: "parking:50055"
PUBLIC_SAFETY_PORT_50005_TCP_ADDR: "public-safety"
PUBLIC_SAFETY_PORT_50005_TCP_PORT: "50005"
UI_API_PORT_8080_TCP_ADDR: "ui-api"
PUBLIC_SAFETY_IC_PORT_50004_TCP_ADDR: "public-safety-ic"
SRG_PORT_7681_TCP_ADDR: "srg"
SRG_PORT_7681_TCP_PORT: "7681"
ports:
- "443:443"
volumes:
- "/opt/mcz/config-letsencrypt/:/config"
- "/opt/mcx/config/front-end:/etc/nginx/conf.d"
- "/tmp/log:/var/log/nginx"
networks:
- backend
common/docs/knowledgeBase/ipg-howto-backup-ipg-development.txt
View file @
657a80d2
...
...
@@ -6,13 +6,13 @@ provide procedures to backup ipgallery dev environments.
A. To copy dev materials rom different server(gitlab,jenkins,archiva) to file server
A. To copy dev materials
f
rom different server(gitlab,jenkins,archiva) to file server
====================================================================================
1. enter host 1.30 (u:root, p:giptmgr)
2. goto /root/backup/
3. run run_backup.sh
this will copy all backup files from different server to file server (1.111).
A. To refresh certificate of archiva
C. To create gitlab backup file
===============================
1. enter municipalitybank.com
...
...
@@ -26,7 +26,7 @@ B. To copy backup metrials from file server to external disk
1. connect your external disk to your laptop
1
. open fileZila and connect to file server 172.16.1.111
2
. open fileZila and connect to file server 172.16.1.111
- open fileZila
- connect with the following credentials
host: 172.16.1.111
...
...
common/docs/knowledgeBase/renew-certificate-for-archiva.txt
0 → 100644
View file @
657a80d2
renew-certificate-for-archiva.txt
objective
=========
in case the archiva's cerificate expires, you need to restart the stunnel-archiva docker
in order to read the updated certficate. since it doesn't happens automaticall.
both gitlab & archive uses the same certificate.
A. To restart stunnel-archiva
-----------------------------
1. verify that yiou have a valid certifcate by going into:
url: https://municipalitybank.com/
if no ssl issue occurs, the certifcate is valid.
if not valid, perform the section [B. To renew certiftcate]
2. login into municipalitybank.com
> ssh root@municipalitybank.com
passwd: giptmgrr
3. goto /mnt/volume-nyc1-01
> cd /mnt/volume-nyc1-01
4. restart the stunnel-archiva docker
> dc -f develop.yml stop stunnel-archiva
> dc -f develop.yml rm -f stunnel-archiva
> dc -f develop.yml up -d stunnel-archiva
5. check that you enter the archiva with no SSL issues.
url: https://municipalitybank.com:8081
done!
B. To renew gitlab & archive certifates
---------------------------------------
both components uses the same certificate located at:
/mnt/volume-nyc1-01/gitlab/letsencrypt/live/municipalitybank.com
1. login into municipalitybank.com
> ssh root@municipalitybank.com
passwd: giptmgrr
2. to renew the certificate run the following:
>/usr/bin/certbot renew --quiet --renew-hook "docker exec volumenyc101_gitlab_1 /usr/bin/gitlab-ctl restart nginx"
this also restarts the gitlab docker in order to refresh its certifate
you need to restart manually the stunnel-archiva as detailed in section A.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment