search

congthang1 / jitsi-kubernetes

Jitsi deployment on Kubernetes with JVB autoscale and OCTO region enabled
MIT License
35 stars 18 forks source link

certficate id not available in GKE #15

Open bharath-naik opened 2 years ago

bharath-naik commented 2 years ago

I have tried to setup this installation on Google cloud and wondering about the certificate id under base/web-base/service.yaml. i haven't given any certificate here and the video is getting disconnected as soon as it starts. is this doc is compatible with GKE ?

congthang1 commented 2 years ago

Never tried on GKE, but you should manual add certificate to the load balancer. There is no automatic ssl on this script

bharath-naik commented 2 years ago

I have remodified the script from the webconfig

  name: web-base
data:
    10-config: |
        #!/usr/bin/with-contenv bash
        # make our folders
        mkdir -p \
            /config/{nginx/site-confs,keys} \
            /run \
            /var/lib/nginx/tmp/client_body \
            /var/tmp/nginx 
        # generate keys (maybe)
        apt-get update -y
        apt-get install -y certbot python3-certbot-nginx

        echo "generate keys" 
        DISABLE_HTTPS=0
        LETSENCRYPT_DOMAIN="sametime.jitsi.com"
        LETSENCRYPT_EMAIL="jksa.jsasda@gmail.com"
        ENABLE_LETSENCRYPT=1

        if [[ $DISABLE_HTTPS -ne 1 ]]; then
            if [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then
                if [[ ! -f /etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
                    echo "inside the letsencrypt folder" 
                    if ! certbot \
                          certonly \
                        --nginx \
                        --no-self-upgrade \
                        --noninteractive \
                        --preferred-challenges http \
                        -d $LETSENCRYPT_DOMAIN \
                        --agree-tos \
                        --dry-run \
                        -m $LETSENCRYPT_EMAIL ; then
                        echo "Failed to obtain a certificate from the Let's Encrypt CA."
                        # this tries to get the user's attention and to spare the
                        #authority's rate limit: 
                        sleep 15
                        echo "Exiting" 
                        exit 1
                    fi
                fi
                # remove default certbot renewal
                if ! crontab -l | grep certbot; then
                crontab -l | 
                { cat
                echo
                 echo "15 3 * * * /usr/bin/certbot renew --quiet"
                 echo
                  } | crontab -
                fi
            else

                # use self-signed certs
                #if [[ -f /config/keys/cert.key && -f /config/keys/cert.crt ]]; then
                 #   echo "using keys found in /config/keys" 
                #else
                    #echo "generating self-signed keys in /config/keys, you can replace these if required"
                    #SUBJECT="/C=US/ST=TX/L=Austin/O=sametime.vewmet.com/OU=VewMet/CN=*"
                    #openssl req -new -x509 -days 3650 -nodes -out /config/keys/cert.crt -keyout /config/keys/cert.key -subj "$SUBJECT"
                #fi
            fi
        fi
----

error : nginx: [error] invalid PID number "" in "/run/nginx.pid"