Rookie web developer, 1 year in the business, I know enough to know I don't know a lot.
I am maintaining/updating a site designed by someone else. The immediate need is to set up SSL on the site. Original dev used Let's Encrypt, but it has expired and I don't know how to update.
Original dev gave me a lot of access/login info that I cannot decipher.
It looks like it is hosted by Digital Ocean, as he gave me a droplet name, along with IP address, username and password--but these do not log me in to any account on digitalocean.com.
He also gave me some CLI prompts, though I am not very familiar with CLI.
And I have access to the Bitbucket repo, but I do not know if I can install SSL from this.
I welcome any help in connecting these dots.
The login credentials supplied to you are droplet-specific and intended to be used to SSH into the droplet (using putty or other terminal emulator).
That said, you may automate the Let'sEncrypt cert renewal by installing Certbot on your machine. It requires a bit of CLI tinkering on the droplet (and sudo privileges) but a tutorial like this takes literally less than 10 minutes to complete even for the uninitiated. Check:
Secure Nginx with Let's Encrypt on Ubuntu 16.04
If you're not using Nginx, or your OS is something other than Ubuntu 16.04, you may find other tutorials on DO's website
Related
I'm new to Docker, I've been trying to set up an environment that emulates a standard LAMP stack do develop PHP applications locally and easily deploy them
So far I've followed this setup for my Docker, it seems to be working fine, but I'm having trouble with certificates. On a normal server I would just run Certbot, select the Apache site to enable HTTPS for, and be done with it.
On Docker however I have no idea how to do this. My certificates should be placed inside ./cert/. Does that mean that I have to run commands to add the PPA, install Certbot, then create a certificate and place it in the folder I want? Or is there a simpler way to do this?
Googling brought me to a whole lot of Docker images that automatically create a Certificate and also create an Apache instance, but I'd like to keep this as vanilla as possible.
What is the process of using a Let's Encrypt certificate with Docker?
Should I even install one locally or is that bad practice?
My certificates should be placed inside ./cert/. Does that mean that I have to run commands to add the PPA, install Certbot, then create a certificate and place it in the folder I want? Or is there a simpler way to do this?
Yes, you can proceed like this and store the certificate into a volume which point to ./cert/.
What is the process of using a Let's Encrypt certificate with Docker?
Should I even install one locally or is that bad practice?
There is no certificate management with docker. Yes you can manage the certificate in your container but it would be hard to maintain it ( renewal etc).
The correct approach would be to use traefik as a load balancer it has built-in certificate manager which handle all the necessary.
I recently deployed an AWS EC2 Ubuntu instance for a new intranet wiki. I installed java, tomcat, mySQL, and XWiki for this specifically.
I closed the SSH connection with PuTTY as I was setting up the XWiki and branding it appropriately but when I went to access it again, all I get is timeouts. SSH inbound rules are set to accept from all sources so I am almost certain it is not a network error, but I can't figure out what it is!
This has happened twice now, does anyone know of XWiki disallowing the ubuntu#ip.add.re.ss login with public key authentication?
XWiki certainly does not do anything like this nor it could even if it wanted to if you installed tomcat properly (it's usually not supposed to run as root).
Pretty new to docker / docker-machine / docker-compose and use this for a meteor app that needs to connect to a queue and a few other services. I need to setup SSL on localhost as we're using the getUserMedia api (which chrome is deprecating on insecure connections).
I believe I need to create a self signed certificate, but not sure what to do with it after that. Do I set it up on my local machine? or do I set this up in the docker container?
Note that meteor is actually running in development mode on its container on local
Any definitive help getting started on this would be great.
EDIT: while the similar question noted in the comments seems to solve the problem for meteor specifically, I'm interested more importantly in the context of docker and OSX, While my actual problem is with a meteor app currently, I would like to find a solution thats not meteor dependant, but is considerate of the user case.
I have a VM running Windows Server 2016 Technical Preview, and have installed the Containers feature, and then run the Install-ContainerHost.ps1 script from Microsoft's container tools repo
https://github.com/Microsoft/Virtualization-Documentation/tree/master/windows-server-container-tools/Install-ContainerHost
I can now run the Docker Deamon on Windows. Next I want to copy the certificates to a client machine so that I can issue commands to the host remotely. But I don't know where the certificates are stored on the host.
In the script the path variable is set to %ProgramData%\docker\certs.d
The certificates on windows are located in the .docker folder in the current user directory.
docker --help command will show the exact path details
AFAIK there are no certificates generated when you do what you are doing. If you drop certificates in the path you found then it will use them, and be secured. But otherwise there is none on the machine. Which explains why it isn't exposed by default.
On my setup I connected without TLS but that was on a VM that I could only access on my dev machine. Obviously anything able to be accessed over a network shouldn't do that.
Other people doing this are here: https://social.msdn.microsoft.com/Forums/en-US/84ca60c0-c54d-4513-bc02-14bd57676621/connect-docker-client-to-windows-server-2016-container-engine?forum=windowscontainers and here https://social.msdn.microsoft.com/Forums/en-US/9caf90c9-81e8-4998-abe5-837fbfde03a8/can-i-connect-docker-from-remote-docker-client?forum=windowscontainers
When I dug into the work in progress post it has this:
Docker clients unsecured by default
In this pre-release, docker communication is public if you know where to look.
https://msdn.microsoft.com/en-us/virtualization/windowscontainers/about/work_in_progress#DockermanagementDockerclientsunsecuredbydefault
So eventually this should get better.
I'am quite new to setting up and managing websites, domains and stuff.
I purchased a domain (let's say example.de) and registerd it on my vserver running Parallels Plesk. As I need secure access I requested and created a SSL-Certificate at startssl.com. The developed application (Spring-Boot) runs on an EC2-Instance at AWS. The Product-Website runs on an Apache-Webserver on an EC2 instance. I need to secure both, the App (app.example.de) and the Website (example.de) using SSL.
What I want to archive is a redirect from the domain https://example.de to the EC2 Instance. I already tried several things - some I remember from the try&error marathon
Configure Plesk frame-forwarding the traffic on https://example.de to the ec2-ip
Obviously the Browser warns me that the Certificate is issued for example.de and not for and classifies the traffic as unsecure. Same like when accessing it like https://...
I also uploaded the certificate at Plesk - Also without success
Is there a solution for my setup? Or do I need (or is it recommened) to use Amazon Route53 for that task? Would be nice if someone could guide me and provide some tipps as I am pretty new to this topics.
Thanks
It seems there is no way around AWS route 53.
I figured out that there is a Extension for Plesk that is designed to route traffic using route53 and even a nice manual article at the Plesk homepage how to use any external DNS and also Route53 Extension. As this Extension requires a newer version of Plesk, than that one I am using I wasn't able to install it. I am pretty much bound to this version, so an update didn't come into question. I cannot tell for sure if using this Extension solves my initial problem, but it seems to be a potential solution.
The most simplistic solution (at least for me):
I ended up moving my Domain the AWS, created a Hosted-Zone, Added a Record Set with the IP of the EC2 and the DNS Server provided due the hosted Zone. Everything is now working like a charm.
Some more Background: The Product-Website and App-Frontend are running inside an Apache where I installed mod_ssl and configured SSL access. The Application backend runs as a Spring-Boot-App in a Tomcat where I also configured SSL using a TomcatConnectorCustomizer.
This setup works for my scenario