[prev in list] [next in list] [prev in thread] [next in thread]
List: nix-dev
Subject: Re: [Nix-dev] Testing Nginx public entry points with NixOps/libvirtd
From: Jörg_Thalheim <joerg () higgsboson ! tk>
Date: 2016-12-21 20:32:49
Message-ID: b171c2f2-2150-26ad-be1c-51f82a4ffdc3 () higgsboson ! tk
[Download RAW message or body]
If you have a public domain somewhere, where you control the dns,
you can also issue certificates via dns validation. But I think this currently not \
possible
with the existing module presented here. You can use dehydrated for instance:
https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hooks
This should also work in private networks. The domains do not even have to point to \
public ips in this case.
On 2016-12-21 19:47, zimbatm wrote:
>
> Hi,
>
> Your VM needs to be reachable from the internet for letsencrypt to work. If it's \
> only for internal usage the best thing to do is to provision the machine with \
> certificates that you generate yourself and add a condition for production. \
> Alternatively keep it plain HTTP and have a tunnel in production that does TLS \
> termination.
>
> On Wed, 21 Dec 2016, 11:20 Daniel Hlynskyi, <abcz2.uprola@gmail.com \
> <mailto:abcz2.uprola@gmail.com>> wrote:
> Hello all NixOps users. I'd like to build my production system with libvirtd \
> backend, but I'm stopped with a problem. SSL certificates can't be obtained in \
> virtualized environment.
> {
> services.nginx.virtualHosts."example.domain" = {
> enableSSL = true;
> enableACME = true;
> };
> }
>
> As far as I understand, letsencrypt tries to verify "example.domain", but it points \
> to production system, not to virtualized.
> What are my options to fix this issue? In the end I'd like to add virtual server to \
> VPN and test public entry points from developer machine. \
> _______________________________________________ nix-dev mailing list
> nix-dev@lists.science.uu.nl <mailto:nix-dev@lists.science.uu.nl>
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic