You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@beam.apache.org by Mikhail Gryzykhin <mi...@google.com> on 2018/08/29 17:37:50 UTC
Get SSL certificate for dashboards
Hi everyone,
I have set up dashboards at
https://104.154.241.245:80/d/D81lW0pmk/post-commit-jobs
However now I want to add https for it.
Can someone share knowledge on how can I get valid certificates?
The self-signed one causes browser to show security alert.
Regards,
--Mikhail
Have feedback <http://go/migryz-feedback>?
Re: Get SSL certificate for dashboards
Posted by Pablo Estrada <pa...@google.com>.
That sounds fine to me:)
On Wed, Aug 29, 2018, 2:00 PM Mikhail Gryzykhin <mi...@google.com> wrote:
> Looking deeper into this I found following:
>
> If we want to add Ssl, we need much more configuration than I anticipated.
> 1. We need to request hostname for dashboards to obtain proper ssl cert. I
> believe current approach is to request it from Infra team.
> 2. We need to set up proper certificate renewal system or find cert
> provider that can issue certificates for longer than couple of months.
> 3. Add reverse proxy for service that handles ssl.
>
> I think that for now it is worth keeping grafana running in http mode with
> preconfigured dashboards and not use it's login function.
> If it becomes common tool to use and refer to, we can look into extending
> the infrastructure.
>
> --Mikhail
>
> Have feedback <http://go/migryz-feedback>?
>
>
> On Wed, Aug 29, 2018 at 12:06 PM Mikhail Gryzykhin <mi...@google.com>
> wrote:
>
>> Thank you Andrew,
>>
>> I've got same suggestion from Udi. Will follow that way.
>>
>> Regards,
>> --Mikhail
>>
>> Have feedback <http://go/migryz-feedback>?
>>
>>
>> On Wed, Aug 29, 2018 at 11:11 AM Andrew Pilloud <ap...@google.com>
>> wrote:
>>
>>> You should move your endpoint from port 80 to port 443 (which is the
>>> default for https). You also need a hostname for a CA signed certificate.
>>> Once you have those things setup, you should be able to get a certificate
>>> from Let's Encrypt using certbot: https://certbot.eff.org/
>>>
>>> Happy to help you get all this going,
>>>
>>> Andrew
>>>
>>> On Wed, Aug 29, 2018 at 10:38 AM Mikhail Gryzykhin <mi...@google.com>
>>> wrote:
>>>
>>>> Hi everyone,
>>>>
>>>> I have set up dashboards at
>>>> https://104.154.241.245:80/d/D81lW0pmk/post-commit-jobs
>>>>
>>>> However now I want to add https for it.
>>>> Can someone share knowledge on how can I get valid certificates?
>>>> The self-signed one causes browser to show security alert.
>>>>
>>>> Regards,
>>>> --Mikhail
>>>>
>>>> Have feedback <http://go/migryz-feedback>?
>>>>
>>>>
Re: Get SSL certificate for dashboards
Posted by Mikhail Gryzykhin <mi...@google.com>.
Looking deeper into this I found following:
If we want to add Ssl, we need much more configuration than I anticipated.
1. We need to request hostname for dashboards to obtain proper ssl cert. I
believe current approach is to request it from Infra team.
2. We need to set up proper certificate renewal system or find cert
provider that can issue certificates for longer than couple of months.
3. Add reverse proxy for service that handles ssl.
I think that for now it is worth keeping grafana running in http mode with
preconfigured dashboards and not use it's login function.
If it becomes common tool to use and refer to, we can look into extending
the infrastructure.
--Mikhail
Have feedback <http://go/migryz-feedback>?
On Wed, Aug 29, 2018 at 12:06 PM Mikhail Gryzykhin <mi...@google.com>
wrote:
> Thank you Andrew,
>
> I've got same suggestion from Udi. Will follow that way.
>
> Regards,
> --Mikhail
>
> Have feedback <http://go/migryz-feedback>?
>
>
> On Wed, Aug 29, 2018 at 11:11 AM Andrew Pilloud <ap...@google.com>
> wrote:
>
>> You should move your endpoint from port 80 to port 443 (which is the
>> default for https). You also need a hostname for a CA signed certificate.
>> Once you have those things setup, you should be able to get a certificate
>> from Let's Encrypt using certbot: https://certbot.eff.org/
>>
>> Happy to help you get all this going,
>>
>> Andrew
>>
>> On Wed, Aug 29, 2018 at 10:38 AM Mikhail Gryzykhin <mi...@google.com>
>> wrote:
>>
>>> Hi everyone,
>>>
>>> I have set up dashboards at
>>> https://104.154.241.245:80/d/D81lW0pmk/post-commit-jobs
>>>
>>> However now I want to add https for it.
>>> Can someone share knowledge on how can I get valid certificates?
>>> The self-signed one causes browser to show security alert.
>>>
>>> Regards,
>>> --Mikhail
>>>
>>> Have feedback <http://go/migryz-feedback>?
>>>
>>>
Re: Get SSL certificate for dashboards
Posted by Mikhail Gryzykhin <mi...@google.com>.
Thank you Andrew,
I've got same suggestion from Udi. Will follow that way.
Regards,
--Mikhail
Have feedback <http://go/migryz-feedback>?
On Wed, Aug 29, 2018 at 11:11 AM Andrew Pilloud <ap...@google.com> wrote:
> You should move your endpoint from port 80 to port 443 (which is the
> default for https). You also need a hostname for a CA signed certificate.
> Once you have those things setup, you should be able to get a certificate
> from Let's Encrypt using certbot: https://certbot.eff.org/
>
> Happy to help you get all this going,
>
> Andrew
>
> On Wed, Aug 29, 2018 at 10:38 AM Mikhail Gryzykhin <mi...@google.com>
> wrote:
>
>> Hi everyone,
>>
>> I have set up dashboards at
>> https://104.154.241.245:80/d/D81lW0pmk/post-commit-jobs
>>
>> However now I want to add https for it.
>> Can someone share knowledge on how can I get valid certificates?
>> The self-signed one causes browser to show security alert.
>>
>> Regards,
>> --Mikhail
>>
>> Have feedback <http://go/migryz-feedback>?
>>
>>
Re: Get SSL certificate for dashboards
Posted by Andrew Pilloud <ap...@google.com>.
You should move your endpoint from port 80 to port 443 (which is the
default for https). You also need a hostname for a CA signed certificate.
Once you have those things setup, you should be able to get a certificate
from Let's Encrypt using certbot: https://certbot.eff.org/
Happy to help you get all this going,
Andrew
On Wed, Aug 29, 2018 at 10:38 AM Mikhail Gryzykhin <mi...@google.com>
wrote:
> Hi everyone,
>
> I have set up dashboards at
> https://104.154.241.245:80/d/D81lW0pmk/post-commit-jobs
>
> However now I want to add https for it.
> Can someone share knowledge on how can I get valid certificates?
> The self-signed one causes browser to show security alert.
>
> Regards,
> --Mikhail
>
> Have feedback <http://go/migryz-feedback>?
>
>