Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature]: Use own SSL Certificate for auth-signing #2077

Open
gitreich opened this issue Sep 12, 2024 · 2 comments
Open

[Feature]: Use own SSL Certificate for auth-signing #2077

gitreich opened this issue Sep 12, 2024 · 2 comments
Labels
enhancement New feature or request

Comments

@gitreich
Copy link

gitreich commented Sep 12, 2024
edited
Loading

What change would you like to see?

I would like to use my own SSL Certificate for the btrix deployment and not one of ACME (Lets Encrypt)

copied microk8s-hosted.yaml from charts/examples to charts/onb-config

I changed the following things in the Config:

`ingress:
  # required: set host to use tls
  # uncomment and replace example below with your registered domain
   host: "full.qualified.server.name"

  # required: set email to use tls
  # uncomment and replace example below with your valid email address
   cert_email: "[email protected]"

  scheme: "https"
  tls: true
  certFile: "../../certs/my.crt"
  certKey: "../../certs/my.key"

ingress_class: "public"
`

signer:
  enabled: true

  # uncomment and replace example below with your registered domain
  host: "full.qualified.server.name"
  secret: "my-tls"

The Secret was added before
microk8s kubectl create secret tls my-tls --namespace default --key=certs/my.key --cert=certs/my.crt -o yaml

Context

Deployment on a remote host
@gitreich gitreich added the enhancement New feature or request label Sep 12, 2024
@gitreich
Copy link
Author

gitreich commented Sep 13, 2024
edited
Loading

Solved for Signer: Changed File: charts/values.yaml

# Ingress (Optional)
# Optional: if 'host' is set, a publicly accessible Ingress controller is created with an SSL cert (using letsencrypt)
ingress:
#  host: "full.qualified.server.name"
#  cert_email: "[email protected]"
  tls:
   - hosts:
        - "full.qualified.server.name"
     secretName: "my-tls"
  # Optional: Uncomment to use your own cluster-issuer instead of default ACME https validation
  custom_cluster_issuer: "my-ca-issuer"

Also added cluster issuer like this:

microk8s kubectl apply -n cert-manager -f - <<EOF
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: my-ca-issuer
spec:
  ca:
    secretName: my-tls
EOF

returned: clusterissuer.cert-manager.io/my-ca-issuer configured

But on Port 80 I still have no valid Certificate

@gitreich
Copy link
Author

Now I have a valid Certificate for Ingress for the Frontend.
Basically I changed in charts/templates/ingress.yaml 2 lines:
I added at annotations of ingress-main:
nginx.ingress.kubernetes.io/default-ssl-certificate: my-tls
and in the spec section the secretName:
secretName: my-tls

But the Auth-Signer is still in the endless dieing loop - Maybe someone can provide a little help for the config of auth-signer?

At least I can crawl and replay now with ssl certificate and in all browsers!

@gitreich gitreich mentioned this issue Sep 19, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
Webrecorder Projects
Status: Triage
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gitreich