Nginx setup with valid *.thegulocal.com wildcard SSL certificate #15563
Conversation
|
|
||
| 127.0.0.1 profile.thegulocal.com | ||
| 127.0.0.1 m.thegulocal.com | ||
| 1. Make sure you are in `frontend/nginx` directory |
| # Make sure you have valid AWS credentials and then run with sudo setup.sh <profile name> | ||
| # Remember to add nginx/hosts to your /etc/hosts | ||
|
|
||
| S3_BUCKET="s3://identity-local-ssl/" |
There was a problem hiding this comment.
a bucket just to store ssl certs sounds like an overkill. Can we store them in an already exisiting bucket in frontend s3?
There was a problem hiding this comment.
This is indeed a pre-existing bucket in Identity, so I just re-used it. (Note that other projects like DAPI would need access to this cert.)
| PROFILE="--profile ${1}" | ||
| fi | ||
|
|
||
| aws ${PROFILE} s3 ls s3://identity-local-ssl/ 1>/dev/null 2>&1 |
There was a problem hiding this comment.
why not using the $S3_BUCKET constant defined above?
mariogalic
force-pushed
the
nginx-setup-with-valid-ssl-certificates
branch
from
d77c4fb
to
75846e3
Compare
| @@ -0,0 +1 @@ | |||
| 127.0.0.1 m.thegulocal.com # Dotcom | |||
There was a problem hiding this comment.
also why did we choose m.thegulocal.com and not gulocal.com?
There was a problem hiding this comment.
We already bought thegulocal.com domain a while ago. We have not bought gulocal.com yet although it is available.
| @@ -36,54 +34,4 @@ server { | |||
| proxy_set_header Host $host; | |||
| proxy_set_header "X-Forwarded-Proto" "https"; | |||
| } | |||
| } | |||
There was a problem hiding this comment.
Did you mean to remove all of this? I think it's still needed isn't it?
There was a problem hiding this comment.
It's now in https://github.com/guardian/identity-platform/blob/master/nginx/identity.conf
To setup identity related nginx you would run identity-platform/nginx/setup.sh
|
Seen on PROD (merged by @mario-galic 18 minutes and 33 seconds ago) Please check your changes! |
What does this change?
Uses valid Comodo
*.thegulocal.comwildcard SSL certificate for local Nginx setup. Certificate is valid until 09.01.2019 and is stored ins3://identity-local-ssl/to which Dotcom has access.To setup Dotcom Identity Frontend see identity-platform README
Screenshots