Changes in 6499471: Olympic Setup: Local nginx and certs for tokyo2020-master.sapsailing.com

				wiki/info/landscape/olympic-setup.md
			
          @@ -210,7 +210,7 @@ On ``sap-p1-1`` an SSH connection to ``sap-p1-2`` is maintained, with the follow

           So the essential changes are that there are no more SSH connections into the cloud, and the port forward on each laptop's port 5673, which would point to ``rabbit-ap-northeast-1.sapsailing.com`` during regular operations, now points to ``sap-p1-2:5672`` where the RabbitMQ installation takes over from the cloud instance.

          -### Letsencrypt Certificate for tokyo2020.sapsailing.com and security-service.sapsailing.com

          +### Letsencrypt Certificate for tokyo2020.sapsailing.com, security-service.sapsailing.com and tokyo2020-master.sapsailing.com

           In order to allow us to access ``tokyo2020.sapsailing.com`` and ``security-service.sapsailing.com`` with any HTTPS port forwarding locally so that all ``JSESSION_GLOBAL`` etc. cookies with their ``Secure`` attribute are delivered properly, we need an SSL certificate. I've created one by doing

          @@ -244,6 +244,25 @@ The "Let's Encrypt"-provided certificate is used for SSL termination. With tokyo

           Likewise, ``/etc/nginx/sites-enabled/security-service`` forwards to 127.0.0.1:8889 where a local copy of the security service may be deployed in case the Internet fails. In this case, the local port 443 must be forwarded to the NGINX port 9443 instead of security-service.sapsailing.com:443 through tokyo-ssh.sapsailing.com.

          +On sap-p1-1 is currently a nginx listening to tokyo2020-master.sapsailing.com with the following configuration:

          +

          +```

          +server {

          +    listen              9443 ssl;

          +    server_name         tokyo2020-master.sapsailing.com;

          +    ssl_certificate     /etc/ssl/private/tokyo2020-master.sapsailing.com.fullchain.pem;

          +    ssl_certificate_key /etc/ssl/private/tokyo2020-master.sapsailing.com.privkey.pem;

          +    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;

          +    ssl_ciphers         HIGH:!aNULL:!MD5;

          +

          +    location / {

          +        proxy_pass http://127.0.0.1:8888;

          +    }

          +}

          +```

          +

          +

          +

           ### Backup

           borgbackup is used to backup the ``/`` folder of both laptops towards the other machine. Folder where the borg repository is located is: ``/backup``.

...	...	@@ -210,7 +210,7 @@ On ``sap-p1-1`` an SSH connection to ``sap-p1-2`` is maintained, with the follow
210	210
211	211	So the essential changes are that there are no more SSH connections into the cloud, and the port forward on each laptop's port 5673, which would point to ``rabbit-ap-northeast-1.sapsailing.com`` during regular operations, now points to ``sap-p1-2:5672`` where the RabbitMQ installation takes over from the cloud instance.
212	212
213		-### Letsencrypt Certificate for tokyo2020.sapsailing.com and security-service.sapsailing.com
	213	+### Letsencrypt Certificate for tokyo2020.sapsailing.com, security-service.sapsailing.com and tokyo2020-master.sapsailing.com
214	214
215	215	In order to allow us to access ``tokyo2020.sapsailing.com`` and ``security-service.sapsailing.com`` with any HTTPS port forwarding locally so that all ``JSESSION_GLOBAL`` etc. cookies with their ``Secure`` attribute are delivered properly, we need an SSL certificate. I've created one by doing
216	216
...	...	@@ -244,6 +244,25 @@ The "Let's Encrypt"-provided certificate is used for SSL termination. With tokyo
244	244
245	245	Likewise, ``/etc/nginx/sites-enabled/security-service`` forwards to 127.0.0.1:8889 where a local copy of the security service may be deployed in case the Internet fails. In this case, the local port 443 must be forwarded to the NGINX port 9443 instead of security-service.sapsailing.com:443 through tokyo-ssh.sapsailing.com.
246	246
	247	+On sap-p1-1 is currently a nginx listening to tokyo2020-master.sapsailing.com with the following configuration:
	248	+
	249	+```
	250	+server {
	251	+ listen 9443 ssl;
	252	+ server_name tokyo2020-master.sapsailing.com;
	253	+ ssl_certificate /etc/ssl/private/tokyo2020-master.sapsailing.com.fullchain.pem;
	254	+ ssl_certificate_key /etc/ssl/private/tokyo2020-master.sapsailing.com.privkey.pem;
	255	+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	256	+ ssl_ciphers HIGH:!aNULL:!MD5;
	257	+
	258	+ location / {
	259	+ proxy_pass http://127.0.0.1:8888;
	260	+ }
	261	+}
	262	+```
	263	+
	264	+
	265	+
247	266	### Backup
248	267
249	268	borgbackup is used to backup the ``/`` folder of both laptops towards the other machine. Folder where the borg repository is located is: ``/backup``.