#ops (2019-01)

Archive: https://archive.sweetops.com/ops/

2019-01-14

james avatar

what’s the current state-of-the-art for auto-renewing HTTPS certs for nginx?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Are you on k8s?

james avatar

no

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Unfortunately no recent experience with self-NGINX with LE. Bet a lot has improved since I last checked it out.

james avatar

I vaguely recall reading it’s got a lot better, but it’s hard to google

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Are you running on AWS?

james avatar

yes

james avatar

no wait, no

james avatar

sorry

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

No prob… was going to suggest using ACM

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Where are you hosted?

james avatar

Digital Ocean

james avatar

just vanilla droplets for now

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Argo Tunnel | Secure Tunneling Software | Cloudflare

Ensure your server is safe, no matter where it’s running: public cloud, private cloud, Kubernetes cluster, or even a Mac mini under your TV with Argo Secure Tunnel.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Argo is pretty sweet. Doesn’t require k8s

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

You don’t need to expose your webservers at all

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

It creates an encrypted reverse tunnel out to CloudFlare

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

CloudFlare handles all certs

james avatar

that does look very cool

james avatar

the “contact us” pricing looks a bit scary

james avatar

context: this is for our staging environment

james avatar

funnily enough, we use ACM for production

james avatar

ah prices are at the bottom of the page, just $5/month?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Though I think it requires business class

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Which is 200

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Not free/cheap

james avatar

ah ok

james avatar

FYI in case anyone is interested, this seems to work pretty well: https://certbot.eff.org

Certbotattachment image

Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.

1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

thanks for reporting back!

Certbotattachment image

Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.

2019-01-15

pecigonzalo avatar
pecigonzalo

There is a sidecar container for doing auto letsencrypt

pecigonzalo avatar
pecigonzalo

eg

pecigonzalo avatar
pecigonzalo
JrCs/docker-letsencrypt-nginx-proxy-companion

LetsEncrypt companion container for nginx-proxy. Contribute to JrCs/docker-letsencrypt-nginx-proxy-companion development by creating an account on GitHub.

2019-01-17

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

lets encrypt down

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

    keyboard_arrow_up