d2901ce84ab46acbd53b817a883a926e10ca5edf
configuration/environments_scripts/central_reverse_proxy/setup-central-reverse-proxy.sh
| ... | ... | @@ -8,7 +8,8 @@ |
| 8 | 8 | # existence of a running webserver accessible under sapsailing.com. |
| 9 | 9 | # |
| 10 | 10 | # Start by launching a new instance, e.g., of type t3.xlarge, in the same AZ |
| 11 | -# as the current Webserver / Central Reverse Proxy. This will become important |
|
| 11 | +# as the current Webserver / Central Reverse Proxy, and with 100GB of root |
|
| 12 | +# volume space. This will become important |
|
| 12 | 13 | # as you will need to detach volumes from the latter to attach them to the |
| 13 | 14 | # new instance. |
| 14 | 15 | # |
| ... | ... | @@ -173,6 +174,10 @@ cd ~ |
| 173 | 174 | # Copies across the key vault and other relevant secrets from the existing |
| 174 | 175 | # central reverse proxy's /root folder: |
| 175 | 176 | rsync -a root@sapsailing.com:/root/{dev-secrets,github_tools_sap.pat,hudson-aws-credentials,key_vault,mail.properties,secrets,ssh-key-reader.token} /root |
| 177 | +# Distribute secrets HTTPD needs for GitHub OAuth client: |
|
| 178 | +cat /root/secrets | grep GITHUB_OAUTH_CLIENT_ >/usr/share/httpd/secrets |
|
| 179 | +chmod 660 /usr/share/httpd/secrets |
|
| 180 | +chown apache:apache /usr/share/httpd/secrets |
|
| 176 | 181 | scp -o StrictHostKeyChecking=no -r root@sapsailing.com:/etc/letsencrypt /etc |
| 177 | 182 | # add basic test page which won't cause redirect error code if used as a health check. |
| 178 | 183 | cat <<EOF > /var/www/html/index.html |