Security: SSL for our server

openmainframeproject / software-discovery-tool-deploy

View the live deployed version of SDT maintained by OMP

http://sdt.openmainframeproject.org/sdt/

Apache License 2.0

0 stars 7 forks source link

Security: SSL for our server #8

Closed rachejazz closed 1 year ago

rachejazz commented 2 years ago

It's been few months we're running on http. We need to use ssl cert for our server to make it more secure. I am thinking of using let's encrypt certs and deploy using certbot. Will be easy and just another automation check on our cicd to check for expiration

pleia2 commented 2 years ago

Good idea. I agree that we should use Let's Encrypt for this, and we'll configure it so it uses something like certbot to renew the certificate regularly, but we'll definitely want a validity check to make sure this doesn't break. This can either be done with our current monitoring server or, as you say, in our cicd build system (though that has a chance of missing things if we don't have commits for a while :smile: )

rachejazz commented 2 years ago

Ah you're right, then maybe setting up a monthly cron will be better :D

pleia2 commented 1 year ago

Followed snap-based instructions at https://certbot.eff.org/instructions?ws=apache&os=ubuntufocal for a free Let's Encrypt certificate on our Ubuntu 20.04 server, and cron is set up to automatically renew.