Https on edr.data-gov-ua.org

[nosovk]

Please add https at edr.data-gov-ua.org It's easy to obtain letsencrypt certificate. If you use docker to run it - I can help to rewrite it for proper certificate issuing

[Vanuan]

Hi, https is being used. Unfortunately, automatic cert renewal is not setup. If you know how to setup renewal, please share. I've tried sending SIGHUP signal to nginx to no avail. It looks like some browser caching involved. I needed to restart nginx completely so that new certificate is picked up.

[Vanuan]

Here's the cert renewal script:

https://github.com/datagovua/edrpou-operations/blob/242e0cf71c20d33933ea01266e429d41c4d73bc3/deploy.yml#L87-L96

As you can see, it runs every 24h. New certificates are issues. The problem is that nginx doesn't pick them up automatically.

Probably some nginx wrapper is needed to track file changes and restart nginx process. Or maybe some docker in docker container which will talk to docker daemon and restart nginx container. Or just a simple cron job. None of the solutions seem nice. Ideally, nginx should pickup new certs automatically.

I'm thinking of switching to traefik: https://docs.traefik.io/user-guide/docker-and-lets-encrypt/

[nosovk]

We are currently moving to traefik too. We used that one before - https://github.com/jwilder/nginx-proxy It works out from the box.

[Vanuan]

Switched to using this simple script:

https://github.com/Vanuan/nginx-reloaded/blob/5e9fe0f2c05866bd6165591821f55522ce1f57c6/scripts/entrypoint.sh#L17-L22

Hope it works

https://github.com/datagovua/edrpou-operations/commit/a110ecb9c1f7de58f5561324b432882b607b542a