search

neilenns / react-access-code-map

Access code map written using React
MIT License
0 stars 0 forks source link

Deploy with proper SSL certificates #93

Closed neilenns closed 1 year ago

neilenns commented 1 year ago

Generating the SSL certs with acme.sh: https://kb.virtubox.net/knowledgebase/how-to-issue-wildcard-ssl-certificate-with-acme-sh-nginx/. I was able to make this work in wsl on Windows to generate the first certificate. Needs to be automated.

https://www.rmedgar.com/blog/using-acme-sh-with-nginx/ has some info, don't know if it is useful.

neilenns commented 1 year ago

OMG Cloudflare has free 15 year SSL certificates. NONE OF THIS NONSENSE.

neilenns commented 1 year ago

The real guide, basically showing how to do it for home assistant but same same: https://www.slacker-labs.com/blog/2020/04/17/swapping-out-duckdns-for-cloudflare

neilenns commented 1 year ago

Ok, cloudflare kinda works. I can't use their SSL certificate since it is only for encryption between them and the server when using their DNS proxying. And the DNS proxying doesn't work for anything except 80 and 443 so it blocks all other port traffic, which I need.

Sooooo yeah. acme.sh works great to generate the certificate using a Cloudflare API key. One simple command and it generated. And they work great.

Now just need to figure out how to run it automatically and restart two servers. Maybe I can just make express.js detect the file changes and reload?

neilenns commented 1 year ago

Here's info on how to make ExpressJS auto-detect and restart with the new certs: https://stackoverflow.com/a/64541756. That would do the trick, then just have acme.sh running in the nginx server?

neilenns commented 1 year ago

Should be as straightforward as adding the call to the script in the existing shell file that runs in Docker to start up the server anyway, since it has to parse the environment variables for React anyway.

neilenns commented 1 year ago

And has to be built into the Docker image. Can do that too since there's already a Dockerfile.

neilenns commented 1 year ago

And will need to mount a volume for the acme.sh working directory

neilenns commented 1 year ago

Ok all the generation stuff is done, and checked in to the access-code-map-deployment private repo since it's specific to my config and not this project.

The server needs to change to automatically detect updates to the certificate files. The way to do that is described here: https://stackoverflow.com/a/74076392/9206264

neilenns commented 1 year ago

This is done!