[Support] How to make Letsencrypt work?

congthang1 / jitsi-kubernetes

Jitsi deployment on Kubernetes with JVB autoscale and OCTO region enabled

MIT License

35 stars 18 forks source link

[Support] How to make Letsencrypt work? #11

Closed renepardon closed 3 years ago

renepardon commented 3 years ago

Hey, pretty nice setup so far!

I've added a few env vars to: https://github.com/congthang1/jitsi-kubernetes/blob/main/base/config.yaml

DISABLE_HTTPS: "0"
ENABLE_LETSENCRYPT: "1"
LETSENCRYPT_DOMAIN: "my.domain.tld"
LETSENCRYPT_EMAIL: "my@mail.addy"

But there is no certificate being generated. Do I miss something?

congthang1 commented 3 years ago

You need to add ssl at load balancer level.

renepardon commented 3 years ago

@congthang1 do you have a hint for me where to start? I usually use cert-manager with ingress to make it work - never did that with load balancer/service itself :)

congthang1 commented 3 years ago

If on any cloud service you can upload certificate to the load balancer at https 443. This repo is with a cloud load balancer so if on local you need to manage your self a nginx.

congthang1 commented 3 years ago

Try it on digital ocean as it cheep for both load balancer and bandwidth traffic

renepardon commented 3 years ago

Ok, the rest is Digital Ocean related, thanks! :)

renepardon commented 2 years ago

Just want to leave a note on how to get it work on DO:

doctl compute certificate create --type lets_encrypt --name <NAME> --dns-names <whatever.domain.tld>

And then update the SVC: service.beta.kubernetes.io/do-loadbalancer-certificate-id: with the ID being displayed as response