[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-docs] branch master updated: New system administration section fo
From: |
gnunet |
Subject: |
[taler-docs] branch master updated: New system administration section for documentation and tutorials |
Date: |
Fri, 17 May 2024 12:41:06 +0200 |
This is an automated email from the git hooks/post-receive script.
javier-sepulveda pushed a commit to branch master
in repository docs.
The following commit(s) were added to refs/heads/master by this push:
new 6ad0e19f New system administration section for documentation and
tutorials
6ad0e19f is described below
commit 6ad0e19fc0417f7ec55063b1d883fe999c18d953
Author: Javier Sepulveda <javier.sepulveda@uv.es>
AuthorDate: Fri May 17 12:40:31 2024 +0200
New system administration section for documentation and tutorials
---
images/grafana-postgres-exporter.png | Bin 244971 -> 0 bytes
images/kuma.png | Bin 244687 -> 0 bytes
images/regional-arch.png | Bin 117525 -> 0 bytes
images/taler-monitoring-infrastructure.png | Bin 85006 -> 0 bytes
images/uptime-kuma-edit.png | Bin 116550 -> 0 bytes
images/uptime-kuma-from-grafana.png | Bin 345702 -> 0 bytes
index.rst | 2 +
system-administration/images/lego-logo.svg | 1 +
system-administration/index.rst | 26 ++++
system-administration/lego-certificates.rst | 131 +++++++++++++++++++++
.../taler-monitoring-infrastructure.rst | 0
11 files changed, 160 insertions(+)
diff --git a/images/grafana-postgres-exporter.png
b/images/grafana-postgres-exporter.png
deleted file mode 100644
index a51c28f0..00000000
Binary files a/images/grafana-postgres-exporter.png and /dev/null differ
diff --git a/images/kuma.png b/images/kuma.png
deleted file mode 100644
index d98772a1..00000000
Binary files a/images/kuma.png and /dev/null differ
diff --git a/images/regional-arch.png b/images/regional-arch.png
deleted file mode 100644
index a3691aea..00000000
Binary files a/images/regional-arch.png and /dev/null differ
diff --git a/images/taler-monitoring-infrastructure.png
b/images/taler-monitoring-infrastructure.png
deleted file mode 100644
index 05f29704..00000000
Binary files a/images/taler-monitoring-infrastructure.png and /dev/null differ
diff --git a/images/uptime-kuma-edit.png b/images/uptime-kuma-edit.png
deleted file mode 100644
index 23b85dad..00000000
Binary files a/images/uptime-kuma-edit.png and /dev/null differ
diff --git a/images/uptime-kuma-from-grafana.png
b/images/uptime-kuma-from-grafana.png
deleted file mode 100644
index c42b8660..00000000
Binary files a/images/uptime-kuma-from-grafana.png and /dev/null differ
diff --git a/index.rst b/index.rst
index bd3b30d6..417e3a1b 100644
--- a/index.rst
+++ b/index.rst
@@ -18,6 +18,7 @@
@author Sree Harsha Totakura
@author Marcello Stanisci
@author Christian Grothoff
+ @author Javier Sepulveda
GNU Taler Documentation
=======================
@@ -63,6 +64,7 @@ Documentation Overview
taler-auditor-manual
taler-developer-manual
libeufin/index
+ system-administration/index
design-documents/index
global-licensing
manindex
diff --git a/system-administration/images/lego-logo.svg
b/system-administration/images/lego-logo.svg
new file mode 100644
index 00000000..2b578d34
--- /dev/null
+++ b/system-administration/images/lego-logo.svg
@@ -0,0 +1 @@
+<svg width="538.167" height="152.232" viewBox="0 0 142.39 40.278"
xml:space="preserve" xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink"><g fill="none" stroke="#00add8"
stroke-width="2.646"><path d="M129.04 6.615c-6.952 0-6.952 4.973-6.952
6.024V27.61c0 .62 0 6.053 6.952 6.053s6.735-5.423
6.735-6.053V12.64c0-1.013.217-6.024-6.735-6.024z"/><path d="M113.61
12.639c0-1.013.217-6.025-6.735-6.025s-6.952 4.973-6.952 6.025V27.61c0 .62 0
6.053 6.952 6.053s6.735-5.423 [...]
diff --git a/system-administration/index.rst b/system-administration/index.rst
new file mode 100644
index 00000000..e573f7c8
--- /dev/null
+++ b/system-administration/index.rst
@@ -0,0 +1,26 @@
+..
+ This file is part of GNU TALER.
+ Copyright (C) 2014-2023 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU Affero General Public License as published by the Free
Software
+ Foundation; either version 2.1, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
details.
+
+ You should have received a copy of the GNU Affero General Public License
along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+
+ @author Javier Sepulveda
+
+System Administration tutorials
+##################################
+
+.. toctree::
+ :maxdepth: 1
+ :glob:
+
+ lego-certificates
+ taler-monitoring-infrastructure
diff --git a/system-administration/lego-certificates.rst
b/system-administration/lego-certificates.rst
new file mode 100644
index 00000000..ebc35329
--- /dev/null
+++ b/system-administration/lego-certificates.rst
@@ -0,0 +1,131 @@
+.. image:: images/lego-logo.svg
+ :width: 300
+ :height: 150
+ :alt: lego logo
+
+What is Lego
+###############
+
+Let's Encrypt client and ACME library written in Go.
+
+* You can request new certificates
+* You can request new subdomain alt names for your current main certicate
+* You can renew certificates
+* You can revoke certificates
+* You can request certificates by using dynamic DNS (API access, with multiple
providers)
+
+
+Why lego is better for managing certificates
+===============================================
+
+* The process is not considered a live process, so in case something goes
wrong your websites won't break.
+* You can hook some actions after the renewal process, such as reloading
Dovecot.
+* The process of either obtaining or renewing new certicates, doesn't require
you to stop NGINX.
+* Lego just helps you to obtain the certificates as text files, which you can
copy afterwards to the right locations to be used by NGINX.
+
+
+Requirements
+=============
+- A fully automation of installing and deploying Lego can be found in
migration-exercise-stable.git/taler.net/lego-certificates
+- If you want to do things manually instead, you can execute the
"install-lego.sh" file.
+- To use our script simply execute the "main-certs.sh" file, which not only
will install lego on your system, but
+ will try to obtain certificates for the ones listed on the "domains" text
file.
+- Lego can work with so many domain providers (dynamic DNS), so please make
sure you have indicated the right
+ API credentials on the "envars" variables file for your domain provider. In
our specific case, we use Joker.
+- Make sure either you are not using UFW or any firewall program, or that if
you are using one, make sure you have opened beforehand
+ the port 80.
+
+Installation and deployment with a script
+#############################################
+
+#. Git clone migration-exercise-stable.git
+#. Navigate to the folder taler.net/lego-certificates
+#. Add your desired FQDNs in the "domains" text file
+#. Execute the "main-certs.sh" file as ./main-certs.sh
+
+Manually installing Lego
+===========================
+
+.. note ::
+ Just as an informative process, as this is fully automated by executing
either the "install-lego.sh" or the "main-certs.sh" files.
+
+.. code-block:: console
+
+ $ wget
https://github.com/go-acme/lego/releases/download/v4.16.1/lego_v4.16.1_linux_amd64.tar.gz
+ $ tar -axf lego_v4.16.1_linux_amd64.tar.gz
+ $ # If moving directly to /usr/local/bin, just copy the lego binary file to
/usr/local/bin
+ $ cp /tmp/lego /usr/local/bin/
+ $ # If copying the binary to /opt/lego, make symbolic links to
/usr/local/bin
+ $ cp /tmp/lego /opt/lego/
+ $ ln -s /usr/local/bin /opt/lego/lego
+
+Full documentation on how to use Lego can be found in:
https://go-acme.github.io/lego/
+
+Usage of lego once it has been installed
+###############################################
+
+* Each time you want to add an additional domain to your setup, just add the
FQDN to the "domains" text file
+* There is nothing else to do in your side now, the server itself will trigger
automatically (systemd timer) the "renew-certs.service"
+* We have implemented the use of lego with systemd timers, so there is not
additional maintenance
+
+Automatic renewal of certificates
+##################################
+
+We use systemd timers do undertake this.
+
+.. note ::
+ To check the systemd timer is running properly and "waiting", you can
execute "systemctl status renew-certs.timer"
+
+More information: https://go-acme.github.io/lego/usage/cli/renew-a-certificate/
+
+
+Email notifications
+====================
+
+* Let's encrypt notifications will arrive to your configured email address.
+* You can specify your email address by editing the "envars" text file
(variable "LEGO_ACCOUNT_EMAIL").
+* On each successful renewal, you will receive an email notification from the
script.
+
+Additional information for troubleshooting
+###############################################
+
+Once you have the certificate generated files (/root/.lego/xxx.crt,
/root/.lego/xxx.key)
+they will be copied to /etc/ssl/certs and /etc/ssl/private, respectively.
+
+How to configure NGINX to use your certificates
+##################################################
+
+In the NGINX virtualhost configuration file just include "include
conf.d/talerssl.conf;" line, and
+make sure you have a file named "talerssl.conf" in the path: /etc/nginx/conf.d
with the next content:
+
+.. code-block:: console
+
+ $ # Taler SSL defaults
+ $ # We're using one certificate with taler.net as primary name
+ $ # and everything else as alt name.
+ $ # These 2 next lines are the important ones, which refer to the
certificates file (.crt), and its private key (.key)
+ $ ssl_certificate /etc/ssl/certs/taler.net.crt;
+ $ ssl_certificate_key /etc/ssl/private/taler.net.key;
+ $ ssl_session_cache shared:SSL:10m;
+ $ ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+ $ add_header Strict-Transport-Security "max-age=63072000;
includeSubDomains; preload";
+
+
+Presence of Lego in our servers
+######################################
+
+* TUE - University of Eindhoven
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/taler-monitoring-infrastructure.rst
b/system-administration/taler-monitoring-infrastructure.rst
similarity index 100%
rename from taler-monitoring-infrastructure.rst
rename to system-administration/taler-monitoring-infrastructure.rst
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-docs] branch master updated: New system administration section for documentation and tutorials,
gnunet <=