search

ibp-network / wiki

IBP body of knowledge
GNU General Public License v3.0
2 stars 9 forks source link

add wiki entry for SSL certificates #17

Closed hitchhooker closed 1 month ago

hitchhooker commented 1 month ago

looks like quite a few members have still not automated cert renewals. here biweekly cronjob configs to do that using ssh-agent/git/haproxy with certs @/etc/pki/certs/.

@radiumb ⚠️ Alert: 103.240.197.6 (sys.ibp.network) certificate expires soon: 2024-05-21 04:35:34 @pmensik⚠️ Alert: 202.37.148.99 (sys.ibp.network) certificate expires soon: 2024-05-21 04:35:34 @dcolley ⚠️ Alert: 195.144.22.130 (sys.ibp.network) certificate expires soon: 2024-05-17 10:52:57 @paradox-tt ⚠️ Alert: 64.62.224.18 (sys.ibp.network) certificate expires soon: 2024-05-21 04:35:34 @miloskriz ⚠️ Alert: 138.59.133.242 (sys.ibp.network) certificate expires soon: 2024-05-21 04:35:34

Cron Jobs Configuration

# IBP Network SSL certificates update
0 0 1,15 * * ssh-agent bash -c 'ssh-add /root/.ssh/ibp_key; \
  git -C /opt/github/ibp-ssl reset --hard HEAD && \
  git -C /opt/github/ibp-ssl clean -fd && \
  git -C /opt/github/ibp-ssl pull --rebase && \
  cp /opt/github/ibp-ssl/cert/ibp.network.pem /etc/pki/certs/ && \
  systemctl reload haproxy'

# Dotters Network SSL certificates update
0 0 1,15 * * ssh-agent bash -c 'ssh-add /root/.ssh/dotters_key; \
  git -C /opt/github/dotters-ssl reset --hard HEAD && \
  git -C /opt/github/dotters-ssl clean -fd && \
  git -C /opt/github/dotters-ssl pull --rebase && \
  cp /opt/github/dotters-ssl/cert/dotters.network.pem /etc/pki/certs/ && \
  systemctl reload haproxy'
miloskriz commented 1 month ago

hello @hitchhooker !!

This is beau-ti-ful!!!... you are solid gold! many thanks!!

Cheers

Milos