You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by Jacques Le Roux <ja...@les7arts.com> on 2016/05/11 19:51:03 UTC

Re: OK to use letsencrypt on whimsy-vm3?

Le 11/05/2016 � 20:50, Sam Ruby a �crit :
> On Thu, Apr 28, 2016 at 9:36 AM, Sam Ruby <ru...@intertwingly.net> wrote:
>> On Thu, Apr 28, 2016 at 8:28 AM, Jacques Le Roux
>> <ja...@les7arts.com> wrote:
>>> I guess it's a NO? I was thinking this could be possible when changing the
>>> VM https://issues.apache.org/jira/browse/INFRA-10862
>> I got a go-ahead from David to explore this.  I'll try to make sure
>> that my results are reproducible.
> letsencrypt is working on https://whimsy3.apache.org/
>
> Basic process is outlined here:
>
> https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
>
> Notes:
>
> 1) It will ask you for an email address.  I used private@whimsical.apache.org.
>
> 2) It may or may not be able to update your httpd configuration
> automatically (it failed for me).  But it doesn't really matter, as
> puppet will undo any changes.  It also offered to me to put the
> configuration in a separate file, but don't do that as you want the
> configuration to be under puppet control.
>
> 3) Four lines need to be added/updated to your puppet file, the ones
> starting with ssl: or ssl- here:
>
> https://github.com/apache/infrastructure-puppet/blob/deployment/data/nodes/whimsy-vm3.apache.org.yaml#L104
>
> 4) the certificate update cronjob should be puppetized too:
>
> https://github.com/apache/infrastructure-puppet/blob/deployment/modules/whimsy_server/manifests/cronjobs.pp#L84
>
> - Sam Ruby

Thanks Sam!

With Infra's permission, I'll have it a go when INFRA-1086 will be done... I will then use OFBiz private email...

Jacques
>>> Thanks
>>>
>>> Jacques
>> - Sam Ruby
>>
>>> Le 23/04/2016 � 10:41, Jacques Le Roux a �crit :
>>>
>>> If it's possible I'd like to have the same on OFBIZ-VM
>>>
>>> Thanks
>>>
>>> Jacques
>>>
>>> Le 23/04/2016 07:46, Sam Ruby a �crit :
>>>
>>> I may have stumbled upon the reason to put vms behind a proxy... in order to
>>> turn on https, I need a certificate.  We have wildcard certificates, but
>>> putting them on every VM and then giving out sudo access to everybody with
>>> VM isn't practical.
>>>
>>> Fortunately there is an alternative: letsencrypt.  I've used it on my own
>>> ubuntu 14.04 server, and it is easy:
>>>
>>> https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
>>>
>>> Any reason I can't set up whimsy-vm3 this way?
>>>
>>> Ultimately we may decide to put this vm behind a proxy, but for now I would
>>> like to eliminate the proxy in order to isolate whether or not the
>>> performance problems we are seeing are related to the software running on
>>> whimsy or due to other reasons (colo, proxy, etc).
>>>
>>> - Sam Ruby
>>>
>>>
>>>
>