I using CentOS7 and certbot for make ssl certificate, but the default directory of certificates is "/etc/letsencript/live/first-host" , how to change the forst-host directory with "/etc/letsencript/default" by example?
I using the certbot:
certbot certonly --standalone -d host1 -d host2 --debug
And the directory:
/etc/letsencript/live/host1/
the elments in the /etc/letsencrypt/live directory are just symlinks to /etc/letsencrypt/archive/....
You can just add another symlink:
sudo ln -s /etc/letsencrypt/live/host1/ /etc/letsencrypt/default
Related
Error
failed creating ECS Task Definition (myapp-service-7bccf101): ClientException: When networkMode=awsvpc, the host ports and container ports in port mappings must match.
The example was taken almost copy/past from Pulumi's website, except that they don't show setting the host_port. I set it in response to the error, but it didn't fix it. As you can see below, I've set the ports to the same value. I assume the error must be referring to a setting elsewhere, but I am clueless.
Pulumi Code;
import pulumi
import pulumi_aws as aws
import pulumi_awsx as awsx
cluster = aws.ecs.Cluster("myapp-cluster")
repo = awsx.ecr.Repository("myapp-ecr")
image = awsx.ecr.Image("myapp", repository_url=repo.url, path="../")
lb = awsx.lb.ApplicationLoadBalancer("myapp-lb")
service = awsx.ecs.FargateService("myapp-service",
cluster=cluster.arn,
desired_count=2,
task_definition_args=awsx.ecs.FargateServiceTaskDefinitionArgs(
container=awsx.ecs.TaskDefinitionContainerDefinitionArgs(
image=image.image_uri,
cpu=512,
memory=128,
essential=True,
port_mappings=[awsx.ecs.TaskDefinitionPortMappingArgs(
host_port=8080,
container_port=8080,
target_group=lb.default_target_group
)],
)
)
)
pulumi.export("url", lb.load_balancer.dns_name)
DockerFile
FROM python:3.9
RUN mkdir -p /myapp/src/myapp
COPY setup.cfg setup.py /myapp/
COPY src/ /myapp/src/
RUN python3 -m venv "/myapp/venv" \
&& /myapp/venv/bin/python -m pip install --upgrade pip \
&& /myapp/venv/bin/python -m pip install -e /myapp/
RUN chown root:root -R /myapp
RUN chown root:root -R /myapp/venv
EXPOSE 8080
ENV PATH="/myapp/venv/bin:$PATH"
CMD python -m uvicorn main:app --host 0.0.0.0 --port 8080 --app-dir /myapp/src/myapp/
I have a Django project that I deployed using only the WSGI server provided by Django(no webserver like apache, ngnix ...).
The problem is that I want to upload an SSL certificate for the HTTPS version of the website. How can I do it please ?
Thank you in advance for your answers.
You can use Let’s Encrypt and Certbot for the HTTPS version of your site.
I recommend you use web servers such as Nginx or Apache for practicing. Besides, your application runs better.
You can read this easy guide from medium.
If you are using Ubuntu or other Linux distributions:
# adding certbot repository
sudo add-apt-repository ppa:certbot/certbot
# do not forget to update your dependencies after adding some repo
sudo apt update
# installing certbot
sudo apt-get install python-certbot-nginx
# pointing certbot to your domain
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
I am new to AWS and Let's encrypt both.
I follow and article and simpley run these commands
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
sudo cp certbot-auto /usr/bin/
Then I run this command.
sudo /usr/bin/certbot-auto --nginx -d example.com -d www.example.com --debug
This gives me the error
Sorry, I don't know how to bootstrap Certbot on your operating system!
You will need to install OS dependencies, configure virtualenv, and
run pip install manually. Please see
https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites
for more info.
What does this really means?
How do I setup certbot on AWS linux?
I have created a fresh amazon linux 2 ec2 instance and tested the following for you.
The following steps are working for me.
Edit the file /usr/bin/certbot-auto to recognize your version of Linux:
$ sudo vim /usr/bin/certbot-auto
find this line in the file (likely near line nearr 780):
elif [ -f /etc/redhat-release ]; then
and replace whole line with this:
elif [ -f /etc/redhat-release ] || grep 'cpe:.*:amazon_linux:2' /etc/os-release > /dev/null 2>&1; then
Save and exit vim (type :wq to do that)
Reference:
Deploying Let’s Encrypt on an Amazon Linux AMI EC2 Instance
Make sure that system requirements are met, you can find the system requirement here.
Also here are the best practices for certbot-auto deploment.
Navigate to your home directory (/home/ec2-user).
Download EPEL using the following command. sudo wget -r --no-parent -A 'epel-release-*.rpm' https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
Install the repository packages as shown in the following command.
sudo rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
Enable EPEL as shown in the following command. sudo yum-config-manager --enable epel*
Confirm that EPEL is enabled with the following command.
sudo yum repolist all
Install and run Certbot
This procedure is based on the EFF documentation for installing Certbot on Fedora and on RHEL 7. It describes the default use of Certbot, resulting in a certificate based on a 2048-bit RSA key.
sudo yum install -y certbot python2-certbot-apache or sudo yum install -y certbot python2-certbot-nginx For nginx.
Source here
I just installed Jenkins EC2 instance in AWS. I tried to configure the redirection from http to https (i.e. http://myjenkins.com to https://myjenkins.com). Do I configure in AWS or in Jenkins? I only found https://aws.amazon.com/premiumsupport/knowledge-center/redirect-http-https-elb/ but does not help much. Please advise. Thanks
If you are trying to get to the jenkins web UI on port 443, i would suggest using a web server like nginx to proxy requests to your jenkins installation. That way, you can have a fairly vanilla jenkins installation and handle all of the SSL configuration and port redirection in nginx (which is much easier to do).
Here's an example outline of how you might accomplish what are you asking:
Set up your server and install Jenkins normally, serving on port 8080.
Install nginx and configure it to proxy "/" to port 8080 on localhost.
Install your SSL certs. Using certbot with Let's Encrypt makes this step pretty easy as it handles all of the SSL config for you. (Note that for the install to work, your Security Group will have to allow all traffic to access your instance while you're doing the install. You can make it more restrictive once everything is configured. You also need a URL that is publicly accessible for your SSL certs to be valid).
Access your site using the bare domain and look for it to be forwarded to https.
And here are the actual steps I used to get mine working on a Ubuntu EC2 VM (you might have to hum along to the tune of the install but you will get the idea):
apt-get update
apt-get upgrade -y
apt-get install nginx -y
cd /etc/nginx/sites-enabled/
vim default (see config below)
systemctl restart nginx
wget -q -O - http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key | apt-key add -
echo "deb http://pkg.jenkins-ci.org/debian binary/" | tee -a /etc/apt/sources.list
add-apt-repository ppa:webupd8team/java -y
apt-get update
apt-get install oracle-java8-installer -y
apt-get install jenkins –y
systemctl status jenkins
cd /var/lib/jenkins/secrets/
cat initialAdminPassword
ufw enable
sudo add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install python-certbot-nginx
ufw allow 'Nginx Full'
ufw allow OpenSSH
ufw status
certbot --nginx -d jenkins.example.com
Your default nginx config will look something like this:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name jenkins.example.com;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
When you run the certbot --nginx -d jenkins.example.com step, it will also insert some lines into your nginx config to set up the SLL and cert specifics.
After that, you should be good!
You need to configure Jenkins settings to HTTPS inside your EC2;
And if you are using Load Balance in front of the EC2, you also need to configure ELB to forward port to HTTPS.
I have a docker image that installs phalcon onto a Docker image. Here is the Dockerfile:
FROM ubuntu:trusty
MAINTAINER Fernando Mayo <fernando#tutum.co>, Feng Honglin <hfeng#tutum.co>
# Install packages
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && \
sudo apt-get -y install supervisor php5-dev libpcre3-dev gcc make php5-mysql git curl unzip apache2 libapache2-mod-php5 mysql-server php5-mysql pwgen php-apc php5-mcrypt php5-curl && \
echo "ServerName localhost" >> /etc/apache2/apache2.conf
# Add image configuration and scripts
ADD start-apache2.sh /start-apache2.sh
ADD start-mysqld.sh /start-mysqld.sh
ADD run.sh /run.sh
RUN chmod 755 /*.sh
ADD my.cnf /etc/mysql/conf.d/my.cnf
ADD supervisord-apache2.conf /etc/supervisor/conf.d/supervisord-apache2.conf
ADD supervisord-mysqld.conf /etc/supervisor/conf.d/supervisord-mysqld.conf
ADD php.ini /etc/php5/cli/php.ini
ADD 000-default.conf /etc/apache2/sites-available/000-default.conf
ADD 30-phalcon.ini /etc/php5/apache2/conf.d/30-phalcon.ini
ADD 30-phalcon.ini /etc/php5/cli/conf.d/30-phalcon.ini
#RUN rm -rd /var/www/html/*
#RUN git clone --depth=1 git://github.com/phalcon/cphalcon.git /var/www/html/cphalcon
#RUN chmod 755 /var/www/html/cphalcon/build/install
#CMD["/var/www/html/cphalcon/build/install"]
RUN git clone --depth=1 git://github.com/phalcon/cphalcon.git /usr/local/src/cphalcon
RUN cd /usr/local/src/cphalcon/build && ./install ;\
echo "extension=phalcon.so" > /etc/php5/mods-available/phalcon.ini ;\
php5enmod phalcon
RUN sudo service apache2 stop
RUN sudo service apache2 start
# Remove pre-installed database
RUN rm -rf /var/lib/mysql/*
# Add MySQL utils
ADD create_mysql_admin_user.sh /create_mysql_admin_user.sh
RUN chmod 755 /*.sh
# config to enable .htaccess
RUN a2enmod rewrite
# Copy over private key, and set permissions
ADD .ssh /root/.ssh
# Get aws stuff
RUN curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
RUN unzip awscli-bundle.zip
RUN ./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws
RUN rm -rd /var/www/html/*
RUN git clone ssh://git-codecommit.us-east-1.amazonaws.com/v1/repos/Demo-Server /var/www/html
#Environment variables to configure php
ENV PHP_UPLOAD_MAX_FILESIZE 10M
ENV PHP_POST_MAX_SIZE 10M
# Add volumes for MySQL
VOLUME ["/etc/mysql", "/var/lib/mysql" ]
EXPOSE 80 3306
CMD ["/run.sh"]
When I run this Docker image locally it works fine, but when I run it on Elastic Beanstalk I get the error: PHP Fatal error: Class 'Phalcon\Loader' not found. To debug this I checked phpinfo() both locally and on the AWS server. Locally it shows all of the phalcon files installed, but on AWS I don't get any info about CPhalcon. How could the Docker image install Phalcon correctly when running on my local machine but not on Elastic Beanstalk?