#ops (2019-01)

Archive: https://archive.sweetops.com/ops/

2019-01-17

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

lets encrypt down

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

sarkis avatar
sarkis

2019-01-15

pecigonzalo avatar
pecigonzalo

There is a sidecar container for doing auto letsencrypt

pecigonzalo avatar
pecigonzalo

eg

pecigonzalo avatar
pecigonzalo
JrCs/docker-letsencrypt-nginx-proxy-companion

LetsEncrypt companion container for nginx-proxy. Contribute to JrCs/docker-letsencrypt-nginx-proxy-companion development by creating an account on GitHub.

2019-01-14

james avatar
james

what’s the current state-of-the-art for auto-renewing HTTPS certs for nginx?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Are you on k8s?

james avatar
james

no

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Unfortunately no recent experience with self-NGINX with LE. Bet a lot has improved since I last checked it out.

james avatar
james

I vaguely recall reading it’s got a lot better, but it’s hard to google

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Are you running on AWS?

james avatar
james

yes

james avatar
james

no wait, no

james avatar
james

sorry

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

No prob… was going to suggest using ACM

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Where are you hosted?

james avatar
james

Digital Ocean

james avatar
james

just vanilla droplets for now

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Argo Tunnel | Secure Tunneling Software | Cloudflare

Ensure your server is safe, no matter where it’s running: public cloud, private cloud, Kubernetes cluster, or even a Mac mini under your TV with Argo Secure Tunnel.

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Argo is pretty sweet. Doesn’t require k8s

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

You don’t need to expose your webservers at all

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

It creates an encrypted reverse tunnel out to CloudFlare

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

CloudFlare handles all certs

james avatar
james

that does look very cool

james avatar
james

the “contact us” pricing looks a bit scary

james avatar
james

context: this is for our staging environment

james avatar
james

funnily enough, we use ACM for production

james avatar
james

ah prices are at the bottom of the page, just $5/month?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Though I think it requires business class

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Which is 200

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Not free/cheap

james avatar
james

ah ok

james avatar
james

FYI in case anyone is interested, this seems to work pretty well: https://certbot.eff.org

Certbot attachment image

Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.

:--1:1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

thanks for reporting back!

Certbot attachment image

Automatically enable HTTPS on your website with EFF’s Certbot, deploying Let’s Encrypt certificates.

    keyboard_arrow_up