diff options
| author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2020-10-08 13:45:55 +0100 |
|---|---|---|
| committer | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2020-10-08 13:45:55 +0100 |
| commit | 5d303a519d5c5e81f5619c3e9374953929bc4d42 (patch) | |
| tree | 6816aef8647df29a5904946a79b9bcf3d468fb17 | |
| parent | a2e58a90466fe922b61605ce9c327322914ed0b1 (diff) | |
| download | infrastructure-5d303a519d5c5e81f5619c3e9374953929bc4d42.tar.gz | |
Update SSL instructions
| -rw-r--r-- | README.md | 14 |
1 files changed, 0 insertions, 14 deletions
@@ -464,7 +464,6 @@ of the subdomains: cat >domains.txt <<'EOF' baserock.org docs.baserock.org download.baserock.org irclogs.baserock.org ostree.baserock.org paste.baserock.org spec.baserock.org - git.baserock.org EOF And the `config` file needed: @@ -496,23 +495,17 @@ certificates that are present in `certs` and `private` you will have to: mkdir -p tmp/private tmp/certs # Create some full certs including key for some services that need it this way - cat git.baserock.org/cert.csr git.baserock.org/cert.pem git.baserock.org/chain.pem git.baserock.org/privkey.pem > tmp/private/git-with-key.pem cat docs.baserock.org/cert.csr docs.baserock.org/cert.pem docs.baserock.org/chain.pem docs.baserock.org/privkey.pem > tmp/private/frontend-with-key.pem # Copy key files - cp git.baserock.org/privkey.pem tmp/private/git.pem cp docs.baserock.org/privkey.pem tmp/private/frontend.pem # Copy cert files - cp git.baserock.org/cert.csr tmp/certs/git.csr - cp git.baserock.org/cert.pem tmp/certs/git.pem - cp git.baserock.org/chain.pem tmp/certs/git-chain.pem cp docs.baserock.org/cert.csr tmp/certs/frontend.csr cp docs.baserock.org/cert.pem tmp/certs/frontend.pem cp docs.baserock.org/chain.pem tmp/certs/frontend-chain.pem # Create full certs without keys - cat git.baserock.org/cert.csr git.baserock.org/cert.pem git.baserock.org/chain.pem > tmp/certs/git-full.pem cat docs.baserock.org/cert.csr docs.baserock.org/cert.pem docs.baserock.org/chain.pem > tmp/certs/frontend-full.pem Before replacing the current ones, make sure you **encrypt** the ones that contain @@ -529,13 +522,6 @@ And copy them to the repo: Deploy certificates ------------------- -For `git.baserock.org` just run: - - ansible-playbook -i hosts baserock_trove/configure-trove.yml - -This script will copy the certificates to the Trove and run the scripts -that will configure them. - For the frontend, run: ansible-playbook -i hosts baserock_frontend/instance-config.yml |