-
Notifications
You must be signed in to change notification settings - Fork 0
ServerCentyllion_1
The server's IP is 51.75.17.161
.
Only RSA key access is allowed. To log in to the server you need the private key and:
ssh -i ~/.ssh/ovhcloud_rsa ubuntu@centyllion.com
The redirected domains to this server are:
-
www.centyllion.com
andcentyllion.com
login.centyllion.com
beta.centyllion.com
deploy.centyllion.com
ci.centyllion.com
app.centyllion.com
Every thing is either install using apt-get
or in /home/ubuntu/data
.
Java
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get install oracle-java8-installer
Reverse proxy nginx
sudo apt-get install nginx-light
Letsencrypt
To install [Cerbot]:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
To obtain certificate:
sudo certbot certonly
www.centyllion.com,centyllion.com,login.centyllion.com,beta.centyllion.com,deploy.centyllion.com,ci.centyllion.com,app.centyllion.com
Keycloak
Download keycloak distribution from Keycloak. Follow the instruction in the documentation.
nginx
# Service
sudo systemctl start|stop|restart|status nginx
# Link Creation
sudo ln -s /etc/nginx/sites-available/http http
Configuration for static files:
server {
# SSL configuration
listen 443 ssl default_server;
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
ssl_certificate /etc/letsencrypt/live/centyllion.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/centyllion.com/privkey.pem;
server_name www.centyllion.com centyllion.com;
root /data/www;
location / {
}
}
To translate http
to https
`http` pour traduire de http vers https:
server {
listen 80;
return 301 https://$host$request_uri;
}
To redirect an application (TODO change it to keycloak):
server {
# SSL configuration
listen 443 ssl;
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
ssl_certificate /etc/letsencrypt/live/www.centyllion.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.centyllion.com/privkey.pem;
server_name login.centyllion.com;
location / {
proxy_pass https://localhost:8443;
# Websocket headers
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
Keycloak
Keycloak must have a certificate for a secure connection. This video helps setting it up.
Important note: The keystore and key must have the same password. The first and last name value in the key must be the domain name (here login.centyllion.com
).
This is how to create a valid certificate:
# Keystore creation
keytool -genkey -alias keycloak -keyalg RSA -keystore keycloak.jks -keysize 2048
# Open format
keytool -importkeystore -srckeystore keycloak.jks -destkeystore keycloak.jks -deststoretype pkcs12
# Create request
keytool -certreq -alias keycloak -file request.csr -keystore keycloak.jks
# Stop nginx
sudo systemctl stop nginx
# Use Cerbot to send the request
sudo certbot certonly --csr request.csr --no-bootstrap
# Import certificate
keytool -import -trustcacerts -alias keycloak -file 0001_chain.pem -keystore keycloak.jks
# Check request
openssl req -text -in request.csr
To start keycloak:
cd /home/ubuntu/data/login/keycloak-4.8.3.Final/standalone
nohup ../bin/standalone.sh &
The admin user is created using:
./add-user-keycloak.sh -u admin -r master
TeamCity
TODO