Open bharath-naik opened 2 years ago
Never tried on GKE, but you should manual add certificate to the load balancer. There is no automatic ssl on this script
I have remodified the script from the webconfig
name: web-base
data:
10-config: |
#!/usr/bin/with-contenv bash
# make our folders
mkdir -p \
/config/{nginx/site-confs,keys} \
/run \
/var/lib/nginx/tmp/client_body \
/var/tmp/nginx
# generate keys (maybe)
apt-get update -y
apt-get install -y certbot python3-certbot-nginx
echo "generate keys"
DISABLE_HTTPS=0
LETSENCRYPT_DOMAIN="sametime.jitsi.com"
LETSENCRYPT_EMAIL="jksa.jsasda@gmail.com"
ENABLE_LETSENCRYPT=1
if [[ $DISABLE_HTTPS -ne 1 ]]; then
if [[ $ENABLE_LETSENCRYPT -eq 1 ]]; then
if [[ ! -f /etc/letsencrypt/live/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
echo "inside the letsencrypt folder"
if ! certbot \
certonly \
--nginx \
--no-self-upgrade \
--noninteractive \
--preferred-challenges http \
-d $LETSENCRYPT_DOMAIN \
--agree-tos \
--dry-run \
-m $LETSENCRYPT_EMAIL ; then
echo "Failed to obtain a certificate from the Let's Encrypt CA."
# this tries to get the user's attention and to spare the
#authority's rate limit:
sleep 15
echo "Exiting"
exit 1
fi
fi
# remove default certbot renewal
if ! crontab -l | grep certbot; then
crontab -l |
{ cat
echo
echo "15 3 * * * /usr/bin/certbot renew --quiet"
echo
} | crontab -
fi
else
# use self-signed certs
#if [[ -f /config/keys/cert.key && -f /config/keys/cert.crt ]]; then
# echo "using keys found in /config/keys"
#else
#echo "generating self-signed keys in /config/keys, you can replace these if required"
#SUBJECT="/C=US/ST=TX/L=Austin/O=sametime.vewmet.com/OU=VewMet/CN=*"
#openssl req -new -x509 -days 3650 -nodes -out /config/keys/cert.crt -keyout /config/keys/cert.key -subj "$SUBJECT"
#fi
fi
fi
----
error : nginx: [error] invalid PID number "" in "/run/nginx.pid"
I have tried to setup this installation on Google cloud and wondering about the certificate id under base/web-base/service.yaml. i haven't given any certificate here and the video is getting disconnected as soon as it starts. is this doc is compatible with GKE ?