[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nix-dev
Subject:    Re: [Nix-dev] Testing Nginx public entry points with NixOps/libvirtd
From:       Jörg_Thalheim <joerg () higgsboson ! tk>
Date:       2016-12-21 20:32:49
Message-ID: b171c2f2-2150-26ad-be1c-51f82a4ffdc3 () higgsboson ! tk
[Download RAW message or body]

If you have a public domain somewhere, where you control the dns,

you can also issue certificates via dns validation. But I think this currently not \
possible

with the existing module presented here. You can use dehydrated for instance:

https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hooks

This should also work in private networks. The domains do not even have to point to \
public ips in this case.

On 2016-12-21 19:47, zimbatm wrote:
> 
> Hi,
> 
> Your VM needs to be reachable from the internet for letsencrypt to work. If it's \
> only for internal usage the best thing to do is to provision the machine with \
> certificates that you generate yourself and add a condition for production. \
> Alternatively keep it plain HTTP and have a tunnel in production that does TLS \
> termination. 
> 
> On Wed, 21 Dec 2016, 11:20 Daniel Hlynskyi, <abcz2.uprola@gmail.com \
> <mailto:abcz2.uprola@gmail.com>> wrote: 
> Hello all NixOps users. I'd like to build my production system with libvirtd \
> backend, but I'm stopped with a problem. SSL certificates can't be obtained in \
> virtualized environment. 
> {
> services.nginx.virtualHosts."example.domain" = {
> enableSSL = true;
> enableACME = true;
> };
> }
> 
> As far as I understand, letsencrypt tries to verify "example.domain", but it points \
> to production system, not to virtualized. 
> What are my options to fix this issue? In the end I'd like to add virtual server to \
> VPN and test public entry points from developer machine. \
> _______________________________________________ nix-dev mailing list
> nix-dev@lists.science.uu.nl <mailto:nix-dev@lists.science.uu.nl>
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
> 
> 
> 
> _______________________________________________
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev

_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic