You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Process to change the domain name of a live Pryv.io platform with low down time on a single core set-up
During this process, both initial and new domains will work together for a transition period in order to migrate clients tools to the new api endpoints.
For this the server will rely on the remaining SSL certificate from the initial domain. If you use the ./renew-ssl-certificate script to generate let's encrypt certificates, you might want to run it before starting the process in order to have a a fresh one for the next 3 months.
Steps
initial domain: initial.io
new domain: new.io
Register NS entries for new.io (same IP as the initial one)
Edit config-leader/data/singlenode/dns/conf/dns.json to support a secondary domain.
change the line "domains": ["DOMAIN"], with "domains": ["DOMAIN", "initial.io"],
Go to the admin panel
change DOMAIN value to new.io
Eventually update NAME_SERVER_ENTRIES if they are not bound to DOMAIN template var
Update TRUSTED_APP if you need continue serving apps from initial domain, add: ,*@https://*initial.io*
Click [UPDATE]
Generate new certificates with ./renew-ssl-certificate
From now, the API is accessible from the new domain
/!\ WARNING /!\ The initial domain SSL certificate can still be used but cannot be renewed.
- Check if the api is reachable on the new domain.
but the the initial domain api is not reachable
Proxy all queries incoming to the initial domain to the new one.
Create a file pryv/nginx/conf/site-original-443.conf with the following content:
Carefully replace initial.io and new.io with your own domains
server {
listen 443 ssl;
server_name ~^(?<subdomain>.+)\.initial\.io$; ## make sure to have \ before "."
ssl_certificate /app/conf/secret/initial.io-bundle.crt;
ssl_certificate_key /app/conf/secret/initial.io-key.pem;
location / {
set $dest "https://${subdomain}.new.io${uri}${is_args}${args}";
resolver 127.0.0.11 [::1];
proxy_pass $dest;
}
}
Restart nginx container with docker restart pryvio_nginx
Perform full set of checks if the API is correctly responding on the initial and new domains.
Up to this point, you can roll back to the initial domain by changing DOMAIN value to initial.io from the admin panel. If the admin panel is not responding.
Edit the DOMAIN property in config-leader/conf/platform.yml and restart leader, follower and pryv.
Moving user's entries to the new domain.
Extisting users have been created and associated with the core server co1.initial.io they have to be registered on the new server.
For this you need 2 keys
REGISTER_ADMIN_KEY that can be found in teh admin panel or platform.yml
REGISTER_SYSTEM_KEY_1 that can be found in the file config-leader/conf/config-leader.json.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Process to change the domain name of a live Pryv.io platform with low down time on a single core set-up
During this process, both initial and new domains will work together for a transition period in order to migrate clients tools to the new api endpoints.
For this the server will rely on the remaining SSL certificate from the initial domain. If you use the
./renew-ssl-certificate
script to generate let's encrypt certificates, you might want to run it before starting the process in order to have a a fresh one for the next 3 months.Steps
initial.io
new.io
Register NS entries for
new.io
(same IP as the initial one)Edit
config-leader/data/singlenode/dns/conf/dns.json
to support a secondary domain.change the line
"domains": ["DOMAIN"],
with"domains": ["DOMAIN", "initial.io"],
Go to the admin panel
new.io
DOMAIN
template var,*@https://*initial.io*
Generate new certificates with
./renew-ssl-certificate
From now, the API is accessible from the new domain
/!\ WARNING /!\ The initial domain SSL certificate can still be used but cannot be renewed.
- Check if the api is reachable on the new domain.
but the the initial domain api is not reachable
Proxy all queries incoming to the initial domain to the new one.
Create a file
pryv/nginx/conf/site-original-443.conf
with the following content:Carefully replace
initial.io
andnew.io
with your own domainsRestart nginx container with
docker restart pryvio_nginx
initial.io
from the admin panel. If the admin panel is not responding.Edit the DOMAIN property in
config-leader/conf/platform.yml
and restart leader, follower and pryv.Moving user's entries to the new domain.
Extisting users have been created and associated with the
core
serverco1.initial.io
they have to be registered on the new server.For this you need 2 keys
platform.yml
config-leader/conf/config-leader.json
.Do the migration with checks.
Check the list of users with https://api.pryv.com/reference-system/#get-users-on-core-server
=>
https://reg.new.io/admin/servers/co1.initial.io/users?auth={REGISTER_ADMIN_KEY}
Update the servers name with: https://api.pryv.com/reference-system/#rename-core-server
=>
https://reg.new.io/admin/servers/co1.initial.io/rename/co1.new.io?auth={REGISTER_SYSTEM_KEY_1}
Check that the list of users on the initial domain is empty
=>
https://reg.new.io/admin/servers/co1.initial.io/users?auth={REGISTER_ADMIN_KEY}
Check that the list of users on the new domain is full
=>
https://reg.new.io/admin/servers/co1.new.io/users?auth={REGISTER_ADMIN_KEY}
You're done, both domain will be served. To clean-up after deactivating the NS entries of the initial domain.
config-leader/data/singlenode/dns/conf/dns.json
and remove the reference to the initial domain.pryv/nginx/conf/site-original-443.conf
and reboot nginx container.Beta Was this translation helpful? Give feedback.
All reactions