Le 11/05/2016 à 20:50, Sam Ruby a écrit :
On Thu, Apr 28, 2016 at 9:36 AM, Sam Ruby <[email protected]> wrote:
On Thu, Apr 28, 2016 at 8:28 AM, Jacques Le Roux
<[email protected]> wrote:
I guess it's a NO? I was thinking this could be possible when changing the
VM https://issues.apache.org/jira/browse/INFRA-10862
I got a go-ahead from David to explore this. I'll try to make sure
that my results are reproducible.
letsencrypt is working on https://whimsy3.apache.org/
Basic process is outlined here:
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
Notes:
1) It will ask you for an email address. I used [email protected].
2) It may or may not be able to update your httpd configuration
automatically (it failed for me). But it doesn't really matter, as
puppet will undo any changes. It also offered to me to put the
configuration in a separate file, but don't do that as you want the
configuration to be under puppet control.
3) Four lines need to be added/updated to your puppet file, the ones
starting with ssl: or ssl- here:
https://github.com/apache/infrastructure-puppet/blob/deployment/data/nodes/whimsy-vm3.apache.org.yaml#L104
4) the certificate update cronjob should be puppetized too:
https://github.com/apache/infrastructure-puppet/blob/deployment/modules/whimsy_server/manifests/cronjobs.pp#L84
- Sam Ruby
Thanks Sam!
With Infra's permission, I'll have it a go when INFRA-1086 will be done... I
will then use OFBiz private email...
Jacques
Thanks
Jacques
- Sam Ruby
Le 23/04/2016 à 10:41, Jacques Le Roux a écrit :
If it's possible I'd like to have the same on OFBIZ-VM
Thanks
Jacques
Le 23/04/2016 07:46, Sam Ruby a écrit :
I may have stumbled upon the reason to put vms behind a proxy... in order to
turn on https, I need a certificate. We have wildcard certificates, but
putting them on every VM and then giving out sudo access to everybody with
VM isn't practical.
Fortunately there is an alternative: letsencrypt. I've used it on my own
ubuntu 14.04 server, and it is easy:
https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
Any reason I can't set up whimsy-vm3 this way?
Ultimately we may decide to put this vm behind a proxy, but for now I would
like to eliminate the proxy in order to isolate whether or not the
performance problems we are seeing are related to the software running on
whimsy or due to other reasons (colo, proxy, etc).
- Sam Ruby
