search

IBM / BlueXolo

BlueXolo
Apache License 2.0
19 stars 20 forks source link

Certificados SSL #518

Open diegohdezc opened 2 years ago

snvc00 commented 2 years ago

The certificates and key files need to be downloaded manually, usually in a zip folder with:

Once you have these files you need to follow this guide to add the certificate and enable https manually:

  1. Connect to the pod running Nginx: kubectl exec -it -n bluexolo <pod_id> -- ash
  2. Install nano: apk add nano
  3. Remove the current configuration file of the proxy: rm /etc/nginx/conf.d/default.conf
  4. Create the new file for configurations: nano /etc/nginx/conf.d/default.conf
  5. Copy and paste this configuration: 
    
server {
listen 80;
server_name bluexolo.net www.bluexolo.net;
return 301 https://bluexolo.net$request_uri;
}

server { listen 443 ssl; server_name bluexolo.net www.bluexolo.net; ssl_certificate /etc/ssl/certificate.crt; ssl_certificate_key /etc/ssl/private.key;

location ~ .*/assets/.* {
  proxy_pass http://assistant.bluexolo:3000;
  proxy_ignore_headers Cache-Control;
  proxy_hide_header Cache-Control;
  proxy_hide_header Pragma;
  proxy_cache_valid any 30m;
  proxy_set_header Cache-Control max-age=30;
  add_header Cache-Control max-age=30;
}

location ~ .*/socket.io/.* {
  proxy_pass http://assistant.bluexolo:3000;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "Upgrade";
}

location /botpress {
  proxy_pass http://assistant.bluexolo:3000/botpress;
}

location /api/ {
    proxy_pass http://assistant.bluexolo:3000/botpress/api/;
}

location /static {
    alias /var/www/static;
}

location /media {
    alias /var/www/media;
}

location / {
    uwsgi_pass django.bluexolo:8000;
    include /etc/nginx/uwsgi_params;
}

client_max_body_size 20m;

}


6. Save the file and exit the editor
7. Create a file for the certificate: `nano /etc/ssl/certificate.crt`
8. Copy and paste the content of the `certificate.crt` file in your local files
9. Copy and paste the content of the `ca_bundle.crt` file in your local files right next to the `certificate.crt` (yes, merging two files in certificate.crt)
10. Save the file and exit the editor
11. Create a file for the private key: `nano /etc/ssl/private.key`
12. Copy and paste the content of the `private.key` file in your local files
13. Save the file and exit the editor
14. Finally, reload Nginx: ``nginx -s reload`

> Make sure that the bluexolo.net domain is pointing to the public IP of Nginx service.