Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
cloudappliance/applinstallv1906 [2019_11_05 00:14] – [Introduction] steven | cloudappliance/applinstallv1906 [2019_11_08 00:37] – [Let's Encrypt SSL Certificates] steven | ||
---|---|---|---|
Line 64: | Line 64: | ||
Then don’t forget to also create an A record in your DNS system for all 3 hostnames on this screen. | Then don’t forget to also create an A record in your DNS system for all 3 hostnames on this screen. | ||
- | Follow the instructions on the webpages for IP Address, Domain name and SSL certificate. | + | Follow the instructions on the webpages for IP Address, Domain name and SSL certificate. |
You can rerun the smeconfigserver at any time to go back and modify, or correct any information in your setup. i.e. you can go back and place a new certificate here at any time. | You can rerun the smeconfigserver at any time to go back and modify, or correct any information in your setup. i.e. you can go back and place a new certificate here at any time. | ||
+ | |||
+ | |||
+ | ## Let's Encrypt SSL Certificates | ||
+ | |||
+ | This section creates and configures SSL certificates from Let's Encrypt. If you are using your own certificates (or a different service) you can use the smeconfigserver above to add certificates. | ||
+ | |||
+ | Elevate to the root user by typing the following command and entering the root password when prompted. | ||
+ | |||
+ | su - | ||
+ | |||
+ | Note: The appliance will be inaccessible during the request which may be up to a minute. | ||
+ | |||
+ | Run the following command: | ||
+ | |||
+ | certbot --authenticator standalone --installer apache --pre-hook " | ||
+ | |||
+ | This command will prompt for an email address. | ||
+ | |||
+ | Please also agree to the Terms of Service. It is not necessary to share the provided email with the Electronic Frontier Foundation. | ||
+ | |||
+ | Certbot will automatically detect what FQDNs are setup for the Enterprise File Fabric and prompt for which should be included in the certificate. | ||
+ | |||
+ | Which names would you like to activate HTTPS for? | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | 1: files.example.com | ||
+ | 2: files-s3.example.com | ||
+ | 3: files-webdav.example.com | ||
+ | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
+ | Select the appropriate numbers separated by commas and/or spaces, or leave input | ||
+ | blank to select all options shown (Enter ' | ||
+ | |||
+ | Lastly, Certbot will prompt to disable all HTTP access. | ||
+ | |||
+ | Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. | ||
+ | ------------------------------------------------------------------------------- | ||
+ | 1: No redirect - Make no further changes to the webserver configuration. | ||
+ | 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for | ||
+ | new sites, or if you're confident your site works on HTTPS. You can undo this | ||
+ | change by editing your web server' | ||
+ | ------------------------------------------------------------------------------- | ||
+ | Select the appropriate number [1-2] then [enter] (press ' | ||
+ | |||
+ | After successful completion, the Enterprise File Fabric will automatically start using the new certificates. | ||
+ | |||
+ | ### Automatically renewing the certificate | ||
+ | |||
+ | A Let’s Encrypt certificate is valid for 90 days, and can be automatically renewed within 30 days of expiration. A simple cron job will run daily and handle renewals. | ||
+ | |||
+ | Please Note: The File Fabric will be inaccessible during the renewal. Please ensure that the renewal time is during off hours. Downtime will only occur every 60 days when a renewal is required and may last up to one minute. | ||
+ | |||
+ | While still logged in as root run the following command to add a cron job. | ||
+ | |||
+ | crontab -e | ||
+ | |||
+ | In the example below the renewal attempt will process at 2:30AM in the timezone of the Enterprise File Fabric. The Enterprise File Fabric ships by default with the timezone set to UTC time. Please adjust this timezone as necessary. | ||
+ | |||
+ | 30 2 * * * / | ||
+ | |||
+ | This will create a crontab entry for a cron job that will handle the renewals and write its output to a log file. | ||
+ | |||
+ | Use https:// | ||
# Part II - Configure Appliance and create the first organization | # Part II - Configure Appliance and create the first organization |