IT4Change/Ocelot-Social
3
0
Fork 0
mirror of https://github.com/IT4Change/Ocelot-Social.git synced 2025-12-13 07:45:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

HTTPS works!

Browse Source
This commit is contained in:
Robert Schäfer 2019-02-08 11:00:34 +01:00
parent 9bb2361b18
commit 5d04c4ccc0
4 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@ -3,7 +3,7 @@
Todos:
- [x] check labels and selectors if they all are correct
- [x] configure NGINX from yml
- [ ] configure Let's Encrypt cert-manager from yml
- [x] configure Let's Encrypt cert-manager from yml
- [x] configure ingress from yml
- [x] configure persistent & shared storage between nodes
- [x] reproduce setup locally
@ -122,16 +122,25 @@ $ kubectl apply -f human-connection/ingress.yaml
#### Setup SSL
Follow [this quick start guide](https://docs.cert-manager.io/en/latest/tutorials/acme/quick-start/index.html):
Follow [this quick start guide](https://docs.cert-manager.io/en/latest/tutorials/acme/quick-start/index.html)
and install certmanager via helm and tiller:
```
$ kubectl create serviceaccount tiller --namespace=kube-system
$ kubectl create clusterrolebinding tiller-admin --serviceaccount=kube-system:tiller --clusterrole=cluster-admin
$ helm init --service-account=tiller
$ helm repo update
$ helm install stable/nginx-ingress --name quickstart
$ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml<Paste>
$ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml
$ helm install --name cert-manager --namespace cert-manager stable/cert-manager
$ kubectl apply -f certmanager/
```
We provided some configuration in a folder `human-connection/certmanager`. To
avoid letsencrypt very strict rate limits, the default issuer is
`letsencrypt-staging`. If certmanager is working properly, change it to
`letsencrypt-prod`. Please updated the email address in the configuration, too.
```sh
$ kubectl apply -f human-connection/certmanager/
```
#### Legacy data migration

4
certmanager/ingress.yaml → human-connection/certmanager/ingress.yaml
View File

@ -10,10 +10,10 @@ metadata:
spec:
tls:
- hosts:
- master.nitro.human-connection.org
- nitro-master.human-connection.org
secretName: quickstart-example-tls
rules:
- host: master.nitro.human-connection.org
- host: nitro-master.human-connection.org
http:
paths:
- path: /

2
certmanager/issuer-production.yaml → human-connection/certmanager/issuer-production.yaml
View File

@ -8,7 +8,7 @@ spec:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: letsencrypt-prod@roschaefer.de
email: yourmail@example.org
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod

2
certmanager/issuer-staging.yaml → human-connection/certmanager/issuer-staging.yaml
View File

@ -8,7 +8,7 @@ spec:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: letsencrypt-staging@roschaefer.de
email: yourmail@example.org
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging