2d189bffe06df576dbd07d6a2020f17d041601d7
info/landscape/sail-insight.com-website.md
| ... | ... | @@ -1,23 +0,0 @@ |
| 1 | -The sail-insight micro site is hosted statically in `/home/trac/sail-insight-website`. |
|
| 2 | - |
|
| 3 | -# Docker Certbot |
|
| 4 | - |
|
| 5 | -The SSL certificate is provided by LetsEncrypt. Since `certbot` is not available on Amazon AMI Linux a docker container with symlinks to the three relevant folders is spun up to obtain the SSL certificates: |
|
| 6 | - |
|
| 7 | -`docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" -v "/home/trac/sail-insight-website/:/home/trac/sail-insight-website" certbot/certbot certonly` |
|
| 8 | - |
|
| 9 | -The same docker container is spun up once a week to check whether the certificate needs renewing: |
|
| 10 | - |
|
| 11 | -`docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" -v "/home/trac/sail-insight-website/:/home/trac/sail-insight-website" certbot/certbot renew` |
|
| 12 | - |
|
| 13 | -The docker container should delete itself after it ran. (`--rm` flag) |
|
| 14 | - |
|
| 15 | -The resulting certificates are placed int the folder `/etc/letsencrypt/live/sail-insight.com/`. Access to `/home/trac/sail-insight-website` is needed to verify ownership of the domain. |
|
| 16 | - |
|
| 17 | -# Cron Job |
|
| 18 | - |
|
| 19 | -To spin up the docker container (above) once a week to renew the SSL cert a cronjob runs the renew script as user 'certbot' once a week. |
|
| 20 | - |
|
| 21 | -# Apache |
|
| 22 | - |
|
| 23 | -Apache config is kept in `/etc/httpd/conf.d/000-main.conf` and `/etc/httpd/conf.d/000-macros.conf`. |
|
| ... | ... | \ No newline at end of file |
wiki/info/landscape/sail-insight.com-website.md
| ... | ... | @@ -0,0 +1,23 @@ |
| 1 | +The sail-insight micro site is hosted statically in `/home/trac/sail-insight-website`. |
|
| 2 | + |
|
| 3 | +# Docker Certbot |
|
| 4 | + |
|
| 5 | +The SSL certificate is provided by LetsEncrypt. Since `certbot` is not available on Amazon AMI Linux a docker container with symlinks to the three relevant folders is spun up to obtain the SSL certificates: |
|
| 6 | + |
|
| 7 | +`docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" -v "/home/trac/sail-insight-website/:/home/trac/sail-insight-website" certbot/certbot certonly` |
|
| 8 | + |
|
| 9 | +The same docker container is spun up once a week to check whether the certificate needs renewing: |
|
| 10 | + |
|
| 11 | +`docker run -it --rm --name certbot -v "/etc/letsencrypt:/etc/letsencrypt" -v "/var/lib/letsencrypt:/var/lib/letsencrypt" -v "/home/trac/sail-insight-website/:/home/trac/sail-insight-website" certbot/certbot renew` |
|
| 12 | + |
|
| 13 | +The docker container should delete itself after it ran. (`--rm` flag) |
|
| 14 | + |
|
| 15 | +The resulting certificates are placed int the folder `/etc/letsencrypt/live/sail-insight.com/`. Access to `/home/trac/sail-insight-website` is needed to verify ownership of the domain. |
|
| 16 | + |
|
| 17 | +# Cron Job |
|
| 18 | + |
|
| 19 | +To spin up the docker container (above) once a week to renew the SSL cert a cronjob runs the renew script as user 'certbot' once a week. |
|
| 20 | + |
|
| 21 | +# Apache |
|
| 22 | + |
|
| 23 | +Apache config is kept in `/etc/httpd/conf.d/000-main.conf` and `/etc/httpd/conf.d/000-macros.conf`. |
|
| ... | ... | \ No newline at end of file |