-
Notifications
You must be signed in to change notification settings - Fork 555
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nginx setup with valid *.thegulocal.com wildcard SSL certificate #15563
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I made a few comment. Also can we add a file in the repository /docs folder to link to the nginx README?
|
||
127.0.0.1 profile.thegulocal.com | ||
127.0.0.1 m.thegulocal.com | ||
1. Make sure you are in `frontend/nginx` directory |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is it actually necessary?
# Make sure you have valid AWS credentials and then run with sudo setup.sh <profile name> | ||
# Remember to add nginx/hosts to your /etc/hosts | ||
|
||
S3_BUCKET="s3://identity-local-ssl/" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a bucket just to store ssl certs sounds like an overkill. Can we store them in an already exisiting bucket in frontend s3?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is indeed a pre-existing bucket in Identity, so I just re-used it. (Note that other projects like DAPI would need access to this cert.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fine then
PROFILE="--profile ${1}" | ||
fi | ||
|
||
aws ${PROFILE} s3 ls s3://identity-local-ssl/ 1>/dev/null 2>&1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not using the $S3_BUCKET constant defined above?
d77c4fb
to
75846e3
Compare
@@ -0,0 +1 @@ | |||
127.0.0.1 m.thegulocal.com # Dotcom |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also why did we choose m.thegulocal.com
and not gulocal.com
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We already bought thegulocal.com
domain a while ago. We have not bought gulocal.com
yet although it is available.
@@ -36,54 +34,4 @@ server { | |||
proxy_set_header Host $host; | |||
proxy_set_header "X-Forwarded-Proto" "https"; | |||
} | |||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you mean to remove all of this? I think it's still needed isn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's now in https://github.com/guardian/identity-platform/blob/master/nginx/identity.conf
To setup identity related nginx you would run identity-platform/nginx/setup.sh
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Seen on PROD (merged by @mario-galic 18 minutes and 33 seconds ago) Please check your changes! |
What does this change?
Uses valid Comodo
*.thegulocal.com
wildcard SSL certificate for local Nginx setup. Certificate is valid until 09.01.2019 and is stored ins3://identity-local-ssl/
to which Dotcom has access.To setup Dotcom Identity Frontend see identity-platform README
Screenshots