-
Notifications
You must be signed in to change notification settings - Fork 0
ServerCentyllion_1
The server's IP is 51.75.17.161.
Only RSA key access is allowed. To log in to the server you need the private key and:
ssh -i ~/.ssh/ovhcloud_rsa ubuntu@centyllion.com
The redirected domains to this server are:
-
www.centyllion.comandcentyllion.com login.centyllion.combeta.centyllion.comdeploy.centyllion.comci.centyllion.comapp.centyllion.com
Every thing is either install using apt-get or in /home/ubuntu/data.
Java
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get install oracle-java8-installer
Reverse proxy nginx
sudo apt-get install nginx-light
Letsencrypt
To install [Cerbot]:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
To obtain certificate:
sudo certbot certonly
www.centyllion.com,centyllion.com,login.centyllion.com,beta.centyllion.com,deploy.centyllion.com,ci.centyllion.com,app.centyllion.com
Keycloak
Download keycloak distribution from Keycloak. Follow the instruction in the documentation.
nginx
# Service
sudo systemctl start|stop|restart|status nginx
# Link Creation
sudo ln -s /etc/nginx/sites-available/http http
Configuration for static files:
server {
# SSL configuration
listen 443 ssl default_server;
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
ssl_certificate /etc/letsencrypt/live/centyllion.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/centyllion.com/privkey.pem;
server_name www.centyllion.com centyllion.com;
root /data/www;
location / {
}
}
To translate http to https
`http` pour traduire de http vers https:
server {
listen 80;
return 301 https://$host$request_uri;
}
To redirect an application (TODO change it to keycloak):
server {
# SSL configuration
listen 443 ssl;
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
ssl_certificate /etc/letsencrypt/live/www.centyllion.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.centyllion.com/privkey.pem;
server_name login.centyllion.com;
location / {
proxy_pass https://localhost:8443;
# Websocket headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Keycloak
Keycloak must have a certificate for a secure connection. This video helps setting it up.
Important note: The keystore and key must have the same password. The first and last name value in the key must be the domain name (here login.centyllion.com).
This is how to create a valid certificate:
# Keystore creation
keytool -genkey -alias keycloak -keyalg RSA -keystore keycloak.jks -keysize 2048
# Open format
keytool -importkeystore -srckeystore keycloak.jks -destkeystore keycloak.jks -deststoretype pkcs12
# Create request
keytool -certreq -alias keycloak -file request.csr -keystore keycloak.jks
# Stop nginx
sudo systemctl stop nginx
# Use Cerbot to send the request
sudo certbot certonly --csr request.csr --no-bootstrap
# Import certificate
keytool -import -trustcacerts -alias keycloak -file 0001_chain.pem -keystore keycloak.jks
# Check request
openssl req -text -in request.csr
To start keycloak:
cd /home/ubuntu/data/login/keycloak-4.8.3.Final/standalone
nohup ../bin/standalone.sh &
The admin user is created using:
./add-user-keycloak.sh -u admin -r master
TeamCity
TODO